diff --git a/Makefile b/Makefile index 0b0ca3d76..7ad1e7bac 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ PROJECT_NAME := provider-$(PROVIDER_NAME) PROJECT_REPO := github.com/upbound/$(PROJECT_NAME) export TERRAFORM_VERSION := 1.5.5 -export TERRAFORM_PROVIDER_VERSION := 5.19.0 +export TERRAFORM_PROVIDER_VERSION := 5.28.0 export TERRAFORM_PROVIDER_SOURCE := hashicorp/google export TERRAFORM_PROVIDER_REPO ?= https://github.com/hashicorp/terraform-provider-google export TERRAFORM_DOCS_PATH ?= website/docs/r diff --git a/apis/accesscontextmanager/v1beta1/zz_serviceperimeterresource_types.go b/apis/accesscontextmanager/v1beta1/zz_serviceperimeterresource_types.go index 2b40b7015..53952f4c2 100755 --- a/apis/accesscontextmanager/v1beta1/zz_serviceperimeterresource_types.go +++ b/apis/accesscontextmanager/v1beta1/zz_serviceperimeterresource_types.go @@ -98,7 +98,7 @@ type ServicePerimeterResourceStatus struct { // +kubebuilder:subresource:status // +kubebuilder:storageversion -// ServicePerimeterResource is the Schema for the ServicePerimeterResources API. Allows configuring a single GCP resource that should be inside of a service perimeter. +// ServicePerimeterResource is the Schema for the ServicePerimeterResources API. Allows configuring a single GCP resource that should be inside the 'status' block of a service perimeter. // +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" // +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" // +kubebuilder:printcolumn:name="EXTERNAL-NAME",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name" diff --git a/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go b/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go index a601c81f8..ca6fb6c27 100755 --- a/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go +++ b/apis/accesscontextmanager/v1beta2/zz_serviceperimeter_types.go @@ -15,9 +15,10 @@ import ( type EgressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -38,9 +39,10 @@ type EgressFromInitParameters struct { type EgressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -61,9 +63,10 @@ type EgressFromObservation struct { type EgressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -128,9 +131,10 @@ type EgressFromSourcesParameters struct { type EgressPoliciesEgressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -151,9 +155,10 @@ type EgressPoliciesEgressFromInitParameters struct { type EgressPoliciesEgressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -174,9 +179,10 @@ type EgressPoliciesEgressFromObservation struct { type EgressPoliciesEgressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -450,9 +456,10 @@ type EgressToParameters struct { type IngressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -469,9 +476,10 @@ type IngressFromInitParameters struct { type IngressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -488,9 +496,10 @@ type IngressFromObservation struct { type IngressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -575,9 +584,10 @@ type IngressFromSourcesParameters struct { type IngressPoliciesIngressFromInitParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -594,9 +604,10 @@ type IngressPoliciesIngressFromInitParameters struct { type IngressPoliciesIngressFromObservation struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` @@ -613,9 +624,10 @@ type IngressPoliciesIngressFromObservation struct { type IngressPoliciesIngressFromParameters struct { - // A list of identities that are allowed access through this ingress policy. - // Should be in the format of email address. The email address should represent - // individual user or service account only. + // 'A list of identities that are allowed access through this IngressPolicy. + // To specify an identity or identity group, use the IAM v1 + // format specified here. + // The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' // +kubebuilder:validation:Optional // +listType=set Identities []*string `json:"identities,omitempty" tf:"identities,omitempty"` diff --git a/apis/alloydb/v1beta2/zz_cluster_types.go b/apis/alloydb/v1beta2/zz_cluster_types.go index b7d4e7067..6d92fd5da 100755 --- a/apis/alloydb/v1beta2/zz_cluster_types.go +++ b/apis/alloydb/v1beta2/zz_cluster_types.go @@ -236,6 +236,10 @@ type ClusterInitParameters struct { // +mapType=granular Labels map[string]*string `json:"labels,omitempty" tf:"labels,omitempty"` + // MaintenanceUpdatePolicy defines the policy for system updates. + // Structure is documented below. + MaintenanceUpdatePolicy *MaintenanceUpdatePolicyInitParameters `json:"maintenanceUpdatePolicy,omitempty" tf:"maintenance_update_policy,omitempty"` + // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: // "projects/{projectNumber}/global/networks/{network_id}". // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network @@ -345,6 +349,10 @@ type ClusterObservation struct { // The location where the alloydb cluster should reside. Location *string `json:"location,omitempty" tf:"location,omitempty"` + // MaintenanceUpdatePolicy defines the policy for system updates. + // Structure is documented below. + MaintenanceUpdatePolicy *MaintenanceUpdatePolicyObservation `json:"maintenanceUpdatePolicy,omitempty" tf:"maintenance_update_policy,omitempty"` + // Cluster created via DMS migration. // Structure is documented below. MigrationSource []MigrationSourceObservation `json:"migrationSource,omitempty" tf:"migration_source,omitempty"` @@ -457,6 +465,11 @@ type ClusterParameters struct { // +kubebuilder:validation:Required Location *string `json:"location" tf:"location,omitempty"` + // MaintenanceUpdatePolicy defines the policy for system updates. + // Structure is documented below. + // +kubebuilder:validation:Optional + MaintenanceUpdatePolicy *MaintenanceUpdatePolicyParameters `json:"maintenanceUpdatePolicy,omitempty" tf:"maintenance_update_policy,omitempty"` + // The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: // "projects/{projectNumber}/global/networks/{network_id}". // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network @@ -633,6 +646,63 @@ type InitialUserParameters struct { User *string `json:"user,omitempty" tf:"user,omitempty"` } +type MaintenanceUpdatePolicyInitParameters struct { + + // Preferred windows to perform maintenance. Currently limited to 1. + // Structure is documented below. + MaintenanceWindows []MaintenanceWindowsInitParameters `json:"maintenanceWindows,omitempty" tf:"maintenance_windows,omitempty"` +} + +type MaintenanceUpdatePolicyObservation struct { + + // Preferred windows to perform maintenance. Currently limited to 1. + // Structure is documented below. + MaintenanceWindows []MaintenanceWindowsObservation `json:"maintenanceWindows,omitempty" tf:"maintenance_windows,omitempty"` +} + +type MaintenanceUpdatePolicyParameters struct { + + // Preferred windows to perform maintenance. Currently limited to 1. + // Structure is documented below. + // +kubebuilder:validation:Optional + MaintenanceWindows []MaintenanceWindowsParameters `json:"maintenanceWindows,omitempty" tf:"maintenance_windows,omitempty"` +} + +type MaintenanceWindowsInitParameters struct { + + // Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + // Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + Day *string `json:"day,omitempty" tf:"day,omitempty"` + + // Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + // Structure is documented below. + StartTime *StartTimeInitParameters `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type MaintenanceWindowsObservation struct { + + // Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + // Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + Day *string `json:"day,omitempty" tf:"day,omitempty"` + + // Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + // Structure is documented below. + StartTime *StartTimeObservation `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type MaintenanceWindowsParameters struct { + + // Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + // Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + // +kubebuilder:validation:Optional + Day *string `json:"day" tf:"day,omitempty"` + + // Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + // Structure is documented below. + // +kubebuilder:validation:Optional + StartTime *StartTimeParameters `json:"startTime" tf:"start_time,omitempty"` +} + type MigrationSourceInitParameters struct { } @@ -835,6 +905,55 @@ type SecondaryConfigParameters struct { PrimaryClusterNameSelector *v1.Selector `json:"primaryClusterNameSelector,omitempty" tf:"-"` } +type StartTimeInitParameters struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. Currently, only the value 0 is supported. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Currently, only the value 0 is supported. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StartTimeObservation struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. Currently, only the value 0 is supported. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Currently, only the value 0 is supported. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StartTimeParameters struct { + + // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. + // +kubebuilder:validation:Optional + Hours *float64 `json:"hours" tf:"hours,omitempty"` + + // Minutes of hour of day. Currently, only the value 0 is supported. + // +kubebuilder:validation:Optional + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. + // +kubebuilder:validation:Optional + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. Currently, only the value 0 is supported. + // +kubebuilder:validation:Optional + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + type StartTimesInitParameters struct { // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value "24:00:00" for scenarios like business closing time. diff --git a/apis/alloydb/v1beta2/zz_generated.deepcopy.go b/apis/alloydb/v1beta2/zz_generated.deepcopy.go index 80acdd7c1..c87608649 100644 --- a/apis/alloydb/v1beta2/zz_generated.deepcopy.go +++ b/apis/alloydb/v1beta2/zz_generated.deepcopy.go @@ -13,6 +13,66 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizedExternalNetworksInitParameters) DeepCopyInto(out *AuthorizedExternalNetworksInitParameters) { + *out = *in + if in.CidrRange != nil { + in, out := &in.CidrRange, &out.CidrRange + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizedExternalNetworksInitParameters. +func (in *AuthorizedExternalNetworksInitParameters) DeepCopy() *AuthorizedExternalNetworksInitParameters { + if in == nil { + return nil + } + out := new(AuthorizedExternalNetworksInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizedExternalNetworksObservation) DeepCopyInto(out *AuthorizedExternalNetworksObservation) { + *out = *in + if in.CidrRange != nil { + in, out := &in.CidrRange, &out.CidrRange + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizedExternalNetworksObservation. +func (in *AuthorizedExternalNetworksObservation) DeepCopy() *AuthorizedExternalNetworksObservation { + if in == nil { + return nil + } + out := new(AuthorizedExternalNetworksObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AuthorizedExternalNetworksParameters) DeepCopyInto(out *AuthorizedExternalNetworksParameters) { + *out = *in + if in.CidrRange != nil { + in, out := &in.CidrRange, &out.CidrRange + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizedExternalNetworksParameters. +func (in *AuthorizedExternalNetworksParameters) DeepCopy() *AuthorizedExternalNetworksParameters { + if in == nil { + return nil + } + out := new(AuthorizedExternalNetworksParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutomatedBackupPolicyEncryptionConfigInitParameters) DeepCopyInto(out *AutomatedBackupPolicyEncryptionConfigInitParameters) { *out = *in @@ -1096,6 +1156,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { (*out)[key] = outVal } } + if in.MaintenanceUpdatePolicy != nil { + in, out := &in.MaintenanceUpdatePolicy, &out.MaintenanceUpdatePolicy + *out = new(MaintenanceUpdatePolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -1323,6 +1388,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(string) **out = **in } + if in.MaintenanceUpdatePolicy != nil { + in, out := &in.MaintenanceUpdatePolicy, &out.MaintenanceUpdatePolicy + *out = new(MaintenanceUpdatePolicyObservation) + (*in).DeepCopyInto(*out) + } if in.MigrationSource != nil { in, out := &in.MigrationSource, &out.MigrationSource *out = make([]MigrationSourceObservation, len(*in)) @@ -1493,6 +1563,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(string) **out = **in } + if in.MaintenanceUpdatePolicy != nil { + in, out := &in.MaintenanceUpdatePolicy, &out.MaintenanceUpdatePolicy + *out = new(MaintenanceUpdatePolicyParameters) + (*in).DeepCopyInto(*out) + } if in.Network != nil { in, out := &in.Network, &out.Network *out = new(string) @@ -2220,6 +2295,11 @@ func (in *InstanceInitParameters) DeepCopyInto(out *InstanceInitParameters) { *out = new(MachineConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = new(InstanceNetworkConfigInitParameters) + (*in).DeepCopyInto(*out) + } if in.QueryInsightsConfig != nil { in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig *out = new(QueryInsightsConfigInitParameters) @@ -2274,6 +2354,87 @@ func (in *InstanceList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceNetworkConfigInitParameters) DeepCopyInto(out *InstanceNetworkConfigInitParameters) { + *out = *in + if in.AuthorizedExternalNetworks != nil { + in, out := &in.AuthorizedExternalNetworks, &out.AuthorizedExternalNetworks + *out = make([]AuthorizedExternalNetworksInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnablePublicIP != nil { + in, out := &in.EnablePublicIP, &out.EnablePublicIP + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceNetworkConfigInitParameters. +func (in *InstanceNetworkConfigInitParameters) DeepCopy() *InstanceNetworkConfigInitParameters { + if in == nil { + return nil + } + out := new(InstanceNetworkConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceNetworkConfigObservation) DeepCopyInto(out *InstanceNetworkConfigObservation) { + *out = *in + if in.AuthorizedExternalNetworks != nil { + in, out := &in.AuthorizedExternalNetworks, &out.AuthorizedExternalNetworks + *out = make([]AuthorizedExternalNetworksObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnablePublicIP != nil { + in, out := &in.EnablePublicIP, &out.EnablePublicIP + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceNetworkConfigObservation. +func (in *InstanceNetworkConfigObservation) DeepCopy() *InstanceNetworkConfigObservation { + if in == nil { + return nil + } + out := new(InstanceNetworkConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InstanceNetworkConfigParameters) DeepCopyInto(out *InstanceNetworkConfigParameters) { + *out = *in + if in.AuthorizedExternalNetworks != nil { + in, out := &in.AuthorizedExternalNetworks, &out.AuthorizedExternalNetworks + *out = make([]AuthorizedExternalNetworksParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.EnablePublicIP != nil { + in, out := &in.EnablePublicIP, &out.EnablePublicIP + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceNetworkConfigParameters. +func (in *InstanceNetworkConfigParameters) DeepCopy() *InstanceNetworkConfigParameters { + if in == nil { + return nil + } + out := new(InstanceNetworkConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = *in @@ -2412,6 +2573,16 @@ func (in *InstanceObservation) DeepCopyInto(out *InstanceObservation) { *out = new(string) **out = **in } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = new(InstanceNetworkConfigObservation) + (*in).DeepCopyInto(*out) + } + if in.PublicIPAddress != nil { + in, out := &in.PublicIPAddress, &out.PublicIPAddress + *out = new(string) + **out = **in + } if in.QueryInsightsConfig != nil { in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig *out = new(QueryInsightsConfigObservation) @@ -2576,6 +2747,11 @@ func (in *InstanceParameters) DeepCopyInto(out *InstanceParameters) { *out = new(MachineConfigParameters) (*in).DeepCopyInto(*out) } + if in.NetworkConfig != nil { + in, out := &in.NetworkConfig, &out.NetworkConfig + *out = new(InstanceNetworkConfigParameters) + (*in).DeepCopyInto(*out) + } if in.QueryInsightsConfig != nil { in, out := &in.QueryInsightsConfig, &out.QueryInsightsConfig *out = new(QueryInsightsConfigParameters) @@ -2693,6 +2869,147 @@ func (in *MachineConfigParameters) DeepCopy() *MachineConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceUpdatePolicyInitParameters) DeepCopyInto(out *MaintenanceUpdatePolicyInitParameters) { + *out = *in + if in.MaintenanceWindows != nil { + in, out := &in.MaintenanceWindows, &out.MaintenanceWindows + *out = make([]MaintenanceWindowsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceUpdatePolicyInitParameters. +func (in *MaintenanceUpdatePolicyInitParameters) DeepCopy() *MaintenanceUpdatePolicyInitParameters { + if in == nil { + return nil + } + out := new(MaintenanceUpdatePolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceUpdatePolicyObservation) DeepCopyInto(out *MaintenanceUpdatePolicyObservation) { + *out = *in + if in.MaintenanceWindows != nil { + in, out := &in.MaintenanceWindows, &out.MaintenanceWindows + *out = make([]MaintenanceWindowsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceUpdatePolicyObservation. +func (in *MaintenanceUpdatePolicyObservation) DeepCopy() *MaintenanceUpdatePolicyObservation { + if in == nil { + return nil + } + out := new(MaintenanceUpdatePolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceUpdatePolicyParameters) DeepCopyInto(out *MaintenanceUpdatePolicyParameters) { + *out = *in + if in.MaintenanceWindows != nil { + in, out := &in.MaintenanceWindows, &out.MaintenanceWindows + *out = make([]MaintenanceWindowsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceUpdatePolicyParameters. +func (in *MaintenanceUpdatePolicyParameters) DeepCopy() *MaintenanceUpdatePolicyParameters { + if in == nil { + return nil + } + out := new(MaintenanceUpdatePolicyParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceWindowsInitParameters) DeepCopyInto(out *MaintenanceWindowsInitParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceWindowsInitParameters. +func (in *MaintenanceWindowsInitParameters) DeepCopy() *MaintenanceWindowsInitParameters { + if in == nil { + return nil + } + out := new(MaintenanceWindowsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceWindowsObservation) DeepCopyInto(out *MaintenanceWindowsObservation) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceWindowsObservation. +func (in *MaintenanceWindowsObservation) DeepCopy() *MaintenanceWindowsObservation { + if in == nil { + return nil + } + out := new(MaintenanceWindowsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MaintenanceWindowsParameters) DeepCopyInto(out *MaintenanceWindowsParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(string) + **out = **in + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MaintenanceWindowsParameters. +func (in *MaintenanceWindowsParameters) DeepCopy() *MaintenanceWindowsParameters { + if in == nil { + return nil + } + out := new(MaintenanceWindowsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MigrationSourceInitParameters) DeepCopyInto(out *MigrationSourceInitParameters) { *out = *in @@ -3368,6 +3685,111 @@ func (in *SecondaryConfigParameters) DeepCopy() *SecondaryConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeInitParameters) DeepCopyInto(out *StartTimeInitParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeInitParameters. +func (in *StartTimeInitParameters) DeepCopy() *StartTimeInitParameters { + if in == nil { + return nil + } + out := new(StartTimeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeObservation) DeepCopyInto(out *StartTimeObservation) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeObservation. +func (in *StartTimeObservation) DeepCopy() *StartTimeObservation { + if in == nil { + return nil + } + out := new(StartTimeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeParameters) DeepCopyInto(out *StartTimeParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeParameters. +func (in *StartTimeParameters) DeepCopy() *StartTimeParameters { + if in == nil { + return nil + } + out := new(StartTimeParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StartTimesInitParameters) DeepCopyInto(out *StartTimesInitParameters) { *out = *in diff --git a/apis/alloydb/v1beta2/zz_instance_types.go b/apis/alloydb/v1beta2/zz_instance_types.go index bdf1485a5..af9868cb2 100755 --- a/apis/alloydb/v1beta2/zz_instance_types.go +++ b/apis/alloydb/v1beta2/zz_instance_types.go @@ -13,6 +13,25 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AuthorizedExternalNetworksInitParameters struct { + + // CIDR range for one authorized network of the instance. + CidrRange *string `json:"cidrRange,omitempty" tf:"cidr_range,omitempty"` +} + +type AuthorizedExternalNetworksObservation struct { + + // CIDR range for one authorized network of the instance. + CidrRange *string `json:"cidrRange,omitempty" tf:"cidr_range,omitempty"` +} + +type AuthorizedExternalNetworksParameters struct { + + // CIDR range for one authorized network of the instance. + // +kubebuilder:validation:Optional + CidrRange *string `json:"cidrRange,omitempty" tf:"cidr_range,omitempty"` +} + type ClientConnectionConfigInitParameters struct { // Configuration to enforce connectors only (ex: AuthProxy) connections to the database. @@ -104,6 +123,10 @@ type InstanceInitParameters struct { // Structure is documented below. MachineConfig *MachineConfigInitParameters `json:"machineConfig,omitempty" tf:"machine_config,omitempty"` + // Instance level network configuration. + // Structure is documented below. + NetworkConfig *InstanceNetworkConfigInitParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // Configuration for query insights. // Structure is documented below. QueryInsightsConfig *QueryInsightsConfigInitParameters `json:"queryInsightsConfig,omitempty" tf:"query_insights_config,omitempty"` @@ -113,6 +136,50 @@ type InstanceInitParameters struct { ReadPoolConfig *ReadPoolConfigInitParameters `json:"readPoolConfig,omitempty" tf:"read_pool_config,omitempty"` } +type InstanceNetworkConfigInitParameters struct { + + // A list of external networks authorized to access this instance. This + // field is only allowed to be set when enable_public_ip is set to + // true. + // Structure is documented below. + AuthorizedExternalNetworks []AuthorizedExternalNetworksInitParameters `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + + // Enabling public ip for the instance. If a user wishes to disable this, + // please also clear the list of the authorized external networks set on + // the same instance. + EnablePublicIP *bool `json:"enablePublicIp,omitempty" tf:"enable_public_ip,omitempty"` +} + +type InstanceNetworkConfigObservation struct { + + // A list of external networks authorized to access this instance. This + // field is only allowed to be set when enable_public_ip is set to + // true. + // Structure is documented below. + AuthorizedExternalNetworks []AuthorizedExternalNetworksObservation `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + + // Enabling public ip for the instance. If a user wishes to disable this, + // please also clear the list of the authorized external networks set on + // the same instance. + EnablePublicIP *bool `json:"enablePublicIp,omitempty" tf:"enable_public_ip,omitempty"` +} + +type InstanceNetworkConfigParameters struct { + + // A list of external networks authorized to access this instance. This + // field is only allowed to be set when enable_public_ip is set to + // true. + // Structure is documented below. + // +kubebuilder:validation:Optional + AuthorizedExternalNetworks []AuthorizedExternalNetworksParameters `json:"authorizedExternalNetworks,omitempty" tf:"authorized_external_networks,omitempty"` + + // Enabling public ip for the instance. If a user wishes to disable this, + // please also clear the list of the authorized external networks set on + // the same instance. + // +kubebuilder:validation:Optional + EnablePublicIP *bool `json:"enablePublicIp,omitempty" tf:"enable_public_ip,omitempty"` +} + type InstanceObservation struct { // Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. @@ -184,6 +251,15 @@ type InstanceObservation struct { // The name of the instance resource. Name *string `json:"name,omitempty" tf:"name,omitempty"` + // Instance level network configuration. + // Structure is documented below. + NetworkConfig *InstanceNetworkConfigObservation `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + + // The public IP addresses for the Instance. This is available ONLY when + // networkConfig.enablePublicIp is set to true. This is the connection + // endpoint for an end-user application. + PublicIPAddress *string `json:"publicIpAddress,omitempty" tf:"public_ip_address,omitempty"` + // Configuration for query insights. // Structure is documented below. QueryInsightsConfig *QueryInsightsConfigObservation `json:"queryInsightsConfig,omitempty" tf:"query_insights_config,omitempty"` @@ -293,6 +369,11 @@ type InstanceParameters struct { // +kubebuilder:validation:Optional MachineConfig *MachineConfigParameters `json:"machineConfig,omitempty" tf:"machine_config,omitempty"` + // Instance level network configuration. + // Structure is documented below. + // +kubebuilder:validation:Optional + NetworkConfig *InstanceNetworkConfigParameters `json:"networkConfig,omitempty" tf:"network_config,omitempty"` + // Configuration for query insights. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/apigee/v1beta2/zz_environment_types.go b/apis/apigee/v1beta2/zz_environment_types.go index cf9c61b96..c01ec2035 100755 --- a/apis/apigee/v1beta2/zz_environment_types.go +++ b/apis/apigee/v1beta2/zz_environment_types.go @@ -36,6 +36,9 @@ type EnvironmentInitParameters struct { // Display name of the environment. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of "http" or "https", and the port must be supplied. + ForwardProxyURI *string `json:"forwardProxyUri,omitempty" tf:"forward_proxy_uri,omitempty"` + // NodeConfig for setting the min/max number of nodes associated with the environment. // Structure is documented below. NodeConfig *NodeConfigInitParameters `json:"nodeConfig,omitempty" tf:"node_config,omitempty"` @@ -71,6 +74,9 @@ type EnvironmentObservation struct { // Display name of the environment. DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of "http" or "https", and the port must be supplied. + ForwardProxyURI *string `json:"forwardProxyUri,omitempty" tf:"forward_proxy_uri,omitempty"` + // an identifier for the resource with format {{org_id}}/environments/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -117,6 +123,10 @@ type EnvironmentParameters struct { // +kubebuilder:validation:Optional DisplayName *string `json:"displayName,omitempty" tf:"display_name,omitempty"` + // Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of "http" or "https", and the port must be supplied. + // +kubebuilder:validation:Optional + ForwardProxyURI *string `json:"forwardProxyUri,omitempty" tf:"forward_proxy_uri,omitempty"` + // NodeConfig for setting the min/max number of nodes associated with the environment. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/apigee/v1beta2/zz_generated.deepcopy.go b/apis/apigee/v1beta2/zz_generated.deepcopy.go index 76cc561fa..31a45124d 100644 --- a/apis/apigee/v1beta2/zz_generated.deepcopy.go +++ b/apis/apigee/v1beta2/zz_generated.deepcopy.go @@ -377,6 +377,11 @@ func (in *EnvironmentInitParameters) DeepCopyInto(out *EnvironmentInitParameters *out = new(string) **out = **in } + if in.ForwardProxyURI != nil { + in, out := &in.ForwardProxyURI, &out.ForwardProxyURI + *out = new(string) + **out = **in + } if in.NodeConfig != nil { in, out := &in.NodeConfig, &out.NodeConfig *out = new(NodeConfigInitParameters) @@ -454,6 +459,11 @@ func (in *EnvironmentObservation) DeepCopyInto(out *EnvironmentObservation) { *out = new(string) **out = **in } + if in.ForwardProxyURI != nil { + in, out := &in.ForwardProxyURI, &out.ForwardProxyURI + *out = new(string) + **out = **in + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -509,6 +519,11 @@ func (in *EnvironmentParameters) DeepCopyInto(out *EnvironmentParameters) { *out = new(string) **out = **in } + if in.ForwardProxyURI != nil { + in, out := &in.ForwardProxyURI, &out.ForwardProxyURI + *out = new(string) + **out = **in + } if in.NodeConfig != nil { in, out := &in.NodeConfig, &out.NodeConfig *out = new(NodeConfigParameters) @@ -691,6 +706,16 @@ func (in *Organization) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OrganizationInitParameters) DeepCopyInto(out *OrganizationInitParameters) { *out = *in + if in.APIConsumerDataEncryptionKeyName != nil { + in, out := &in.APIConsumerDataEncryptionKeyName, &out.APIConsumerDataEncryptionKeyName + *out = new(string) + **out = **in + } + if in.APIConsumerDataLocation != nil { + in, out := &in.APIConsumerDataLocation, &out.APIConsumerDataLocation + *out = new(string) + **out = **in + } if in.AnalyticsRegion != nil { in, out := &in.AnalyticsRegion, &out.AnalyticsRegion *out = new(string) @@ -716,6 +741,11 @@ func (in *OrganizationInitParameters) DeepCopyInto(out *OrganizationInitParamete *out = new(string) **out = **in } + if in.ControlPlaneEncryptionKeyName != nil { + in, out := &in.ControlPlaneEncryptionKeyName, &out.ControlPlaneEncryptionKeyName + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -813,6 +843,16 @@ func (in *OrganizationList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OrganizationObservation) DeepCopyInto(out *OrganizationObservation) { *out = *in + if in.APIConsumerDataEncryptionKeyName != nil { + in, out := &in.APIConsumerDataEncryptionKeyName, &out.APIConsumerDataEncryptionKeyName + *out = new(string) + **out = **in + } + if in.APIConsumerDataLocation != nil { + in, out := &in.APIConsumerDataLocation, &out.APIConsumerDataLocation + *out = new(string) + **out = **in + } if in.AnalyticsRegion != nil { in, out := &in.AnalyticsRegion, &out.AnalyticsRegion *out = new(string) @@ -838,6 +878,11 @@ func (in *OrganizationObservation) DeepCopyInto(out *OrganizationObservation) { *out = new(string) **out = **in } + if in.ControlPlaneEncryptionKeyName != nil { + in, out := &in.ControlPlaneEncryptionKeyName, &out.ControlPlaneEncryptionKeyName + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -908,6 +953,16 @@ func (in *OrganizationObservation) DeepCopy() *OrganizationObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OrganizationParameters) DeepCopyInto(out *OrganizationParameters) { *out = *in + if in.APIConsumerDataEncryptionKeyName != nil { + in, out := &in.APIConsumerDataEncryptionKeyName, &out.APIConsumerDataEncryptionKeyName + *out = new(string) + **out = **in + } + if in.APIConsumerDataLocation != nil { + in, out := &in.APIConsumerDataLocation, &out.APIConsumerDataLocation + *out = new(string) + **out = **in + } if in.AnalyticsRegion != nil { in, out := &in.AnalyticsRegion, &out.AnalyticsRegion *out = new(string) @@ -933,6 +988,11 @@ func (in *OrganizationParameters) DeepCopyInto(out *OrganizationParameters) { *out = new(string) **out = **in } + if in.ControlPlaneEncryptionKeyName != nil { + in, out := &in.ControlPlaneEncryptionKeyName, &out.ControlPlaneEncryptionKeyName + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) diff --git a/apis/apigee/v1beta2/zz_organization_types.go b/apis/apigee/v1beta2/zz_organization_types.go index 213376525..bfb8598e0 100755 --- a/apis/apigee/v1beta2/zz_organization_types.go +++ b/apis/apigee/v1beta2/zz_organization_types.go @@ -15,6 +15,14 @@ import ( type OrganizationInitParameters struct { + // Cloud KMS key name used for encrypting API consumer data. + APIConsumerDataEncryptionKeyName *string `json:"apiConsumerDataEncryptionKeyName,omitempty" tf:"api_consumer_data_encryption_key_name,omitempty"` + + // This field is needed only for customers using non-default data residency regions. + // Apigee stores some control plane data only in single region. + // This field determines which single region Apigee should use. + APIConsumerDataLocation *string `json:"apiConsumerDataLocation,omitempty" tf:"api_consumer_data_location,omitempty"` + // Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. AnalyticsRegion *string `json:"analyticsRegion,omitempty" tf:"analytics_region,omitempty"` @@ -36,6 +44,10 @@ type OrganizationInitParameters struct { // Billing type of the Apigee organization. See Apigee pricing. BillingType *string `json:"billingType,omitempty" tf:"billing_type,omitempty"` + // Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + // Only used for the data residency region "US" or "EU". + ControlPlaneEncryptionKeyName *string `json:"controlPlaneEncryptionKeyName,omitempty" tf:"control_plane_encryption_key_name,omitempty"` + // Description of the Apigee organization. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -88,6 +100,14 @@ type OrganizationInitParameters struct { type OrganizationObservation struct { + // Cloud KMS key name used for encrypting API consumer data. + APIConsumerDataEncryptionKeyName *string `json:"apiConsumerDataEncryptionKeyName,omitempty" tf:"api_consumer_data_encryption_key_name,omitempty"` + + // This field is needed only for customers using non-default data residency regions. + // Apigee stores some control plane data only in single region. + // This field determines which single region Apigee should use. + APIConsumerDataLocation *string `json:"apiConsumerDataLocation,omitempty" tf:"api_consumer_data_location,omitempty"` + // Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. AnalyticsRegion *string `json:"analyticsRegion,omitempty" tf:"analytics_region,omitempty"` @@ -106,6 +126,10 @@ type OrganizationObservation struct { // Valid only when RuntimeType is CLOUD. A base64-encoded string. CACertificate *string `json:"caCertificate,omitempty" tf:"ca_certificate,omitempty"` + // Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + // Only used for the data residency region "US" or "EU". + ControlPlaneEncryptionKeyName *string `json:"controlPlaneEncryptionKeyName,omitempty" tf:"control_plane_encryption_key_name,omitempty"` + // Description of the Apigee organization. Description *string `json:"description,omitempty" tf:"description,omitempty"` @@ -158,6 +182,16 @@ type OrganizationObservation struct { type OrganizationParameters struct { + // Cloud KMS key name used for encrypting API consumer data. + // +kubebuilder:validation:Optional + APIConsumerDataEncryptionKeyName *string `json:"apiConsumerDataEncryptionKeyName,omitempty" tf:"api_consumer_data_encryption_key_name,omitempty"` + + // This field is needed only for customers using non-default data residency regions. + // Apigee stores some control plane data only in single region. + // This field determines which single region Apigee should use. + // +kubebuilder:validation:Optional + APIConsumerDataLocation *string `json:"apiConsumerDataLocation,omitempty" tf:"api_consumer_data_location,omitempty"` + // Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. // +kubebuilder:validation:Optional AnalyticsRegion *string `json:"analyticsRegion,omitempty" tf:"analytics_region,omitempty"` @@ -182,6 +216,11 @@ type OrganizationParameters struct { // +kubebuilder:validation:Optional BillingType *string `json:"billingType,omitempty" tf:"billing_type,omitempty"` + // Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + // Only used for the data residency region "US" or "EU". + // +kubebuilder:validation:Optional + ControlPlaneEncryptionKeyName *string `json:"controlPlaneEncryptionKeyName,omitempty" tf:"control_plane_encryption_key_name,omitempty"` + // Description of the Apigee organization. // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/artifact/v1beta2/zz_generated.deepcopy.go b/apis/artifact/v1beta2/zz_generated.deepcopy.go index 8bdc0aef7..d89abd415 100644 --- a/apis/artifact/v1beta2/zz_generated.deepcopy.go +++ b/apis/artifact/v1beta2/zz_generated.deepcopy.go @@ -367,6 +367,66 @@ func (in *ConditionParameters) DeepCopy() *ConditionParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomRepositoryInitParameters) DeepCopyInto(out *CustomRepositoryInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomRepositoryInitParameters. +func (in *CustomRepositoryInitParameters) DeepCopy() *CustomRepositoryInitParameters { + if in == nil { + return nil + } + out := new(CustomRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomRepositoryObservation) DeepCopyInto(out *CustomRepositoryObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomRepositoryObservation. +func (in *CustomRepositoryObservation) DeepCopy() *CustomRepositoryObservation { + if in == nil { + return nil + } + out := new(CustomRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CustomRepositoryParameters) DeepCopyInto(out *CustomRepositoryParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomRepositoryParameters. +func (in *CustomRepositoryParameters) DeepCopy() *CustomRepositoryParameters { + if in == nil { + return nil + } + out := new(CustomRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerConfigInitParameters) DeepCopyInto(out *DockerConfigInitParameters) { *out = *in @@ -430,6 +490,11 @@ func (in *DockerConfigParameters) DeepCopy() *DockerConfigParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerRepositoryInitParameters) DeepCopyInto(out *DockerRepositoryInitParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(CustomRepositoryInitParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -450,6 +515,11 @@ func (in *DockerRepositoryInitParameters) DeepCopy() *DockerRepositoryInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerRepositoryObservation) DeepCopyInto(out *DockerRepositoryObservation) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(CustomRepositoryObservation) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -470,6 +540,11 @@ func (in *DockerRepositoryObservation) DeepCopy() *DockerRepositoryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DockerRepositoryParameters) DeepCopyInto(out *DockerRepositoryParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(CustomRepositoryParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -562,9 +637,74 @@ func (in *MavenConfigParameters) DeepCopy() *MavenConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenRepositoryCustomRepositoryInitParameters) DeepCopyInto(out *MavenRepositoryCustomRepositoryInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenRepositoryCustomRepositoryInitParameters. +func (in *MavenRepositoryCustomRepositoryInitParameters) DeepCopy() *MavenRepositoryCustomRepositoryInitParameters { + if in == nil { + return nil + } + out := new(MavenRepositoryCustomRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenRepositoryCustomRepositoryObservation) DeepCopyInto(out *MavenRepositoryCustomRepositoryObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenRepositoryCustomRepositoryObservation. +func (in *MavenRepositoryCustomRepositoryObservation) DeepCopy() *MavenRepositoryCustomRepositoryObservation { + if in == nil { + return nil + } + out := new(MavenRepositoryCustomRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MavenRepositoryCustomRepositoryParameters) DeepCopyInto(out *MavenRepositoryCustomRepositoryParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MavenRepositoryCustomRepositoryParameters. +func (in *MavenRepositoryCustomRepositoryParameters) DeepCopy() *MavenRepositoryCustomRepositoryParameters { + if in == nil { + return nil + } + out := new(MavenRepositoryCustomRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MavenRepositoryInitParameters) DeepCopyInto(out *MavenRepositoryInitParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(MavenRepositoryCustomRepositoryInitParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -585,6 +725,11 @@ func (in *MavenRepositoryInitParameters) DeepCopy() *MavenRepositoryInitParamete // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MavenRepositoryObservation) DeepCopyInto(out *MavenRepositoryObservation) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(MavenRepositoryCustomRepositoryObservation) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -605,6 +750,11 @@ func (in *MavenRepositoryObservation) DeepCopy() *MavenRepositoryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *MavenRepositoryParameters) DeepCopyInto(out *MavenRepositoryParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(MavenRepositoryCustomRepositoryParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -715,9 +865,74 @@ func (in *MostRecentVersionsParameters) DeepCopy() *MostRecentVersionsParameters return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmRepositoryCustomRepositoryInitParameters) DeepCopyInto(out *NpmRepositoryCustomRepositoryInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmRepositoryCustomRepositoryInitParameters. +func (in *NpmRepositoryCustomRepositoryInitParameters) DeepCopy() *NpmRepositoryCustomRepositoryInitParameters { + if in == nil { + return nil + } + out := new(NpmRepositoryCustomRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmRepositoryCustomRepositoryObservation) DeepCopyInto(out *NpmRepositoryCustomRepositoryObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmRepositoryCustomRepositoryObservation. +func (in *NpmRepositoryCustomRepositoryObservation) DeepCopy() *NpmRepositoryCustomRepositoryObservation { + if in == nil { + return nil + } + out := new(NpmRepositoryCustomRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NpmRepositoryCustomRepositoryParameters) DeepCopyInto(out *NpmRepositoryCustomRepositoryParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NpmRepositoryCustomRepositoryParameters. +func (in *NpmRepositoryCustomRepositoryParameters) DeepCopy() *NpmRepositoryCustomRepositoryParameters { + if in == nil { + return nil + } + out := new(NpmRepositoryCustomRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NpmRepositoryInitParameters) DeepCopyInto(out *NpmRepositoryInitParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(NpmRepositoryCustomRepositoryInitParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -738,6 +953,11 @@ func (in *NpmRepositoryInitParameters) DeepCopy() *NpmRepositoryInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NpmRepositoryObservation) DeepCopyInto(out *NpmRepositoryObservation) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(NpmRepositoryCustomRepositoryObservation) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -758,6 +978,11 @@ func (in *NpmRepositoryObservation) DeepCopy() *NpmRepositoryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NpmRepositoryParameters) DeepCopyInto(out *NpmRepositoryParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(NpmRepositoryCustomRepositoryParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -850,9 +1075,74 @@ func (in *PublicRepositoryParameters) DeepCopy() *PublicRepositoryParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonRepositoryCustomRepositoryInitParameters) DeepCopyInto(out *PythonRepositoryCustomRepositoryInitParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonRepositoryCustomRepositoryInitParameters. +func (in *PythonRepositoryCustomRepositoryInitParameters) DeepCopy() *PythonRepositoryCustomRepositoryInitParameters { + if in == nil { + return nil + } + out := new(PythonRepositoryCustomRepositoryInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonRepositoryCustomRepositoryObservation) DeepCopyInto(out *PythonRepositoryCustomRepositoryObservation) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonRepositoryCustomRepositoryObservation. +func (in *PythonRepositoryCustomRepositoryObservation) DeepCopy() *PythonRepositoryCustomRepositoryObservation { + if in == nil { + return nil + } + out := new(PythonRepositoryCustomRepositoryObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PythonRepositoryCustomRepositoryParameters) DeepCopyInto(out *PythonRepositoryCustomRepositoryParameters) { + *out = *in + if in.URI != nil { + in, out := &in.URI, &out.URI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PythonRepositoryCustomRepositoryParameters. +func (in *PythonRepositoryCustomRepositoryParameters) DeepCopy() *PythonRepositoryCustomRepositoryParameters { + if in == nil { + return nil + } + out := new(PythonRepositoryCustomRepositoryParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PythonRepositoryInitParameters) DeepCopyInto(out *PythonRepositoryInitParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(PythonRepositoryCustomRepositoryInitParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -873,6 +1163,11 @@ func (in *PythonRepositoryInitParameters) DeepCopy() *PythonRepositoryInitParame // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PythonRepositoryObservation) DeepCopyInto(out *PythonRepositoryObservation) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(PythonRepositoryCustomRepositoryObservation) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -893,6 +1188,11 @@ func (in *PythonRepositoryObservation) DeepCopy() *PythonRepositoryObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PythonRepositoryParameters) DeepCopyInto(out *PythonRepositoryParameters) { *out = *in + if in.CustomRepository != nil { + in, out := &in.CustomRepository, &out.CustomRepository + *out = new(PythonRepositoryCustomRepositoryParameters) + (*in).DeepCopyInto(*out) + } if in.PublicRepository != nil { in, out := &in.PublicRepository, &out.PublicRepository *out = new(string) @@ -1672,6 +1972,11 @@ func (in *RemoteRepositoryConfigInitParameters) DeepCopyInto(out *RemoteReposito *out = new(string) **out = **in } + if in.DisableUpstreamValidation != nil { + in, out := &in.DisableUpstreamValidation, &out.DisableUpstreamValidation + *out = new(bool) + **out = **in + } if in.DockerRepository != nil { in, out := &in.DockerRepository, &out.DockerRepository *out = new(DockerRepositoryInitParameters) @@ -1727,6 +2032,11 @@ func (in *RemoteRepositoryConfigObservation) DeepCopyInto(out *RemoteRepositoryC *out = new(string) **out = **in } + if in.DisableUpstreamValidation != nil { + in, out := &in.DisableUpstreamValidation, &out.DisableUpstreamValidation + *out = new(bool) + **out = **in + } if in.DockerRepository != nil { in, out := &in.DockerRepository, &out.DockerRepository *out = new(DockerRepositoryObservation) @@ -1782,6 +2092,11 @@ func (in *RemoteRepositoryConfigParameters) DeepCopyInto(out *RemoteRepositoryCo *out = new(string) **out = **in } + if in.DisableUpstreamValidation != nil { + in, out := &in.DisableUpstreamValidation, &out.DisableUpstreamValidation + *out = new(bool) + **out = **in + } if in.DockerRepository != nil { in, out := &in.DockerRepository, &out.DockerRepository *out = new(DockerRepositoryParameters) diff --git a/apis/artifact/v1beta2/zz_registryrepository_types.go b/apis/artifact/v1beta2/zz_registryrepository_types.go index 8765ea6d4..f2ceddb21 100755 --- a/apis/artifact/v1beta2/zz_registryrepository_types.go +++ b/apis/artifact/v1beta2/zz_registryrepository_types.go @@ -171,6 +171,25 @@ type ConditionParameters struct { VersionNamePrefixes []*string `json:"versionNamePrefixes,omitempty" tf:"version_name_prefixes,omitempty"` } +type CustomRepositoryInitParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type CustomRepositoryObservation struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type CustomRepositoryParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + type DockerConfigInitParameters struct { // The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. @@ -192,6 +211,10 @@ type DockerConfigParameters struct { type DockerRepositoryInitParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *CustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -199,6 +222,10 @@ type DockerRepositoryInitParameters struct { type DockerRepositoryObservation struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *CustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -206,6 +233,11 @@ type DockerRepositoryObservation struct { type DockerRepositoryParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + // +kubebuilder:validation:Optional + CustomRepository *CustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. // +kubebuilder:validation:Optional @@ -250,8 +282,31 @@ type MavenConfigParameters struct { VersionPolicy *string `json:"versionPolicy,omitempty" tf:"version_policy,omitempty"` } +type MavenRepositoryCustomRepositoryInitParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type MavenRepositoryCustomRepositoryObservation struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type MavenRepositoryCustomRepositoryParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + type MavenRepositoryInitParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *MavenRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -259,6 +314,10 @@ type MavenRepositoryInitParameters struct { type MavenRepositoryObservation struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *MavenRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -266,6 +325,11 @@ type MavenRepositoryObservation struct { type MavenRepositoryParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + // +kubebuilder:validation:Optional + CustomRepository *MavenRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. // +kubebuilder:validation:Optional @@ -301,8 +365,31 @@ type MostRecentVersionsParameters struct { PackageNamePrefixes []*string `json:"packageNamePrefixes,omitempty" tf:"package_name_prefixes,omitempty"` } +type NpmRepositoryCustomRepositoryInitParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type NpmRepositoryCustomRepositoryObservation struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type NpmRepositoryCustomRepositoryParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + type NpmRepositoryInitParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *NpmRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -310,6 +397,10 @@ type NpmRepositoryInitParameters struct { type NpmRepositoryObservation struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *NpmRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -317,6 +408,11 @@ type NpmRepositoryObservation struct { type NpmRepositoryParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + // +kubebuilder:validation:Optional + CustomRepository *NpmRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. // +kubebuilder:validation:Optional @@ -355,8 +451,31 @@ type PublicRepositoryParameters struct { RepositoryPath *string `json:"repositoryPath" tf:"repository_path,omitempty"` } +type PythonRepositoryCustomRepositoryInitParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type PythonRepositoryCustomRepositoryObservation struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + +type PythonRepositoryCustomRepositoryParameters struct { + + // Specific uri to the registry, e.g. "https://registry-1.docker.io" + // +kubebuilder:validation:Optional + URI *string `json:"uri,omitempty" tf:"uri,omitempty"` +} + type PythonRepositoryInitParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *PythonRepositoryCustomRepositoryInitParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -364,6 +483,10 @@ type PythonRepositoryInitParameters struct { type PythonRepositoryObservation struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + CustomRepository *PythonRepositoryCustomRepositoryObservation `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. PublicRepository *string `json:"publicRepository,omitempty" tf:"public_repository,omitempty"` @@ -371,6 +494,11 @@ type PythonRepositoryObservation struct { type PythonRepositoryParameters struct { + // Settings for a remote repository with a custom uri. + // Structure is documented below. + // +kubebuilder:validation:Optional + CustomRepository *PythonRepositoryCustomRepositoryParameters `json:"customRepository,omitempty" tf:"custom_repository,omitempty"` + // One of the publicly available Yum repositories supported by Artifact Registry. // Structure is documented below. // +kubebuilder:validation:Optional @@ -619,6 +747,10 @@ type RemoteRepositoryConfigInitParameters struct { // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // If true, the remote repository upstream and upstream credentials will + // not be validated. + DisableUpstreamValidation *bool `json:"disableUpstreamValidation,omitempty" tf:"disable_upstream_validation,omitempty"` + // Specific settings for a Docker remote repository. // Structure is documented below. DockerRepository *DockerRepositoryInitParameters `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` @@ -653,6 +785,10 @@ type RemoteRepositoryConfigObservation struct { // The description of the remote source. Description *string `json:"description,omitempty" tf:"description,omitempty"` + // If true, the remote repository upstream and upstream credentials will + // not be validated. + DisableUpstreamValidation *bool `json:"disableUpstreamValidation,omitempty" tf:"disable_upstream_validation,omitempty"` + // Specific settings for a Docker remote repository. // Structure is documented below. DockerRepository *DockerRepositoryObservation `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` @@ -689,6 +825,11 @@ type RemoteRepositoryConfigParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // If true, the remote repository upstream and upstream credentials will + // not be validated. + // +kubebuilder:validation:Optional + DisableUpstreamValidation *bool `json:"disableUpstreamValidation,omitempty" tf:"disable_upstream_validation,omitempty"` + // Specific settings for a Docker remote repository. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/bigquery/v1beta2/zz_dataset_types.go b/apis/bigquery/v1beta2/zz_dataset_types.go index c27e9e9f9..a293971aa 100755 --- a/apis/bigquery/v1beta2/zz_dataset_types.go +++ b/apis/bigquery/v1beta2/zz_dataset_types.go @@ -305,6 +305,10 @@ type DatasetInitParameters struct { // A user-friendly description of the dataset Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Information about the external metadata storage where the dataset is defined. + // Structure is documented below. + ExternalDatasetReference *ExternalDatasetReferenceInitParameters `json:"externalDatasetReference,omitempty" tf:"external_dataset_reference,omitempty"` + // A descriptive name for the dataset FriendlyName *string `json:"friendlyName,omitempty" tf:"friendly_name,omitempty"` @@ -380,6 +384,10 @@ type DatasetObservation struct { // A hash of the resource. Etag *string `json:"etag,omitempty" tf:"etag,omitempty"` + // Information about the external metadata storage where the dataset is defined. + // Structure is documented below. + ExternalDatasetReference *ExternalDatasetReferenceObservation `json:"externalDatasetReference,omitempty" tf:"external_dataset_reference,omitempty"` + // A descriptive name for the dataset FriendlyName *string `json:"friendlyName,omitempty" tf:"friendly_name,omitempty"` @@ -470,6 +478,11 @@ type DatasetParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` + // Information about the external metadata storage where the dataset is defined. + // Structure is documented below. + // +kubebuilder:validation:Optional + ExternalDatasetReference *ExternalDatasetReferenceParameters `json:"externalDatasetReference,omitempty" tf:"external_dataset_reference,omitempty"` + // A descriptive name for the dataset // +kubebuilder:validation:Optional FriendlyName *string `json:"friendlyName,omitempty" tf:"friendly_name,omitempty"` @@ -553,6 +566,38 @@ type DefaultEncryptionConfigurationParameters struct { KMSKeyNameSelector *v1.Selector `json:"kmsKeyNameSelector,omitempty" tf:"-"` } +type ExternalDatasetReferenceInitParameters struct { + + // The connection id that is used to access the externalSource. + // Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // External source that backs this dataset. + ExternalSource *string `json:"externalSource,omitempty" tf:"external_source,omitempty"` +} + +type ExternalDatasetReferenceObservation struct { + + // The connection id that is used to access the externalSource. + // Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + Connection *string `json:"connection,omitempty" tf:"connection,omitempty"` + + // External source that backs this dataset. + ExternalSource *string `json:"externalSource,omitempty" tf:"external_source,omitempty"` +} + +type ExternalDatasetReferenceParameters struct { + + // The connection id that is used to access the externalSource. + // Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + // +kubebuilder:validation:Optional + Connection *string `json:"connection" tf:"connection,omitempty"` + + // External source that backs this dataset. + // +kubebuilder:validation:Optional + ExternalSource *string `json:"externalSource" tf:"external_source,omitempty"` +} + type RoutineInitParameters struct { // The ID of the dataset containing this table. diff --git a/apis/bigquery/v1beta2/zz_generated.deepcopy.go b/apis/bigquery/v1beta2/zz_generated.deepcopy.go index 420f9894b..3ae9b42e3 100644 --- a/apis/bigquery/v1beta2/zz_generated.deepcopy.go +++ b/apis/bigquery/v1beta2/zz_generated.deepcopy.go @@ -4751,6 +4751,11 @@ func (in *DatasetInitParameters) DeepCopyInto(out *DatasetInitParameters) { *out = new(string) **out = **in } + if in.ExternalDatasetReference != nil { + in, out := &in.ExternalDatasetReference, &out.ExternalDatasetReference + *out = new(ExternalDatasetReferenceInitParameters) + (*in).DeepCopyInto(*out) + } if in.FriendlyName != nil { in, out := &in.FriendlyName, &out.FriendlyName *out = new(string) @@ -4902,6 +4907,11 @@ func (in *DatasetObservation) DeepCopyInto(out *DatasetObservation) { *out = new(string) **out = **in } + if in.ExternalDatasetReference != nil { + in, out := &in.ExternalDatasetReference, &out.ExternalDatasetReference + *out = new(ExternalDatasetReferenceObservation) + (*in).DeepCopyInto(*out) + } if in.FriendlyName != nil { in, out := &in.FriendlyName, &out.FriendlyName *out = new(string) @@ -5031,6 +5041,11 @@ func (in *DatasetParameters) DeepCopyInto(out *DatasetParameters) { *out = new(string) **out = **in } + if in.ExternalDatasetReference != nil { + in, out := &in.ExternalDatasetReference, &out.ExternalDatasetReference + *out = new(ExternalDatasetReferenceParameters) + (*in).DeepCopyInto(*out) + } if in.FriendlyName != nil { in, out := &in.FriendlyName, &out.FriendlyName *out = new(string) @@ -5807,6 +5822,11 @@ func (in *ExternalDataConfigurationInitParameters) DeepCopyInto(out *ExternalDat *out = new(bool) **out = **in } + if in.JSONExtension != nil { + in, out := &in.JSONExtension, &out.JSONExtension + *out = new(string) + **out = **in + } if in.JSONOptions != nil { in, out := &in.JSONOptions, &out.JSONOptions *out = new(JSONOptionsInitParameters) @@ -5918,6 +5938,11 @@ func (in *ExternalDataConfigurationObservation) DeepCopyInto(out *ExternalDataCo *out = new(bool) **out = **in } + if in.JSONExtension != nil { + in, out := &in.JSONExtension, &out.JSONExtension + *out = new(string) + **out = **in + } if in.JSONOptions != nil { in, out := &in.JSONOptions, &out.JSONOptions *out = new(JSONOptionsObservation) @@ -6029,6 +6054,11 @@ func (in *ExternalDataConfigurationParameters) DeepCopyInto(out *ExternalDataCon *out = new(bool) **out = **in } + if in.JSONExtension != nil { + in, out := &in.JSONExtension, &out.JSONExtension + *out = new(string) + **out = **in + } if in.JSONOptions != nil { in, out := &in.JSONOptions, &out.JSONOptions *out = new(JSONOptionsParameters) @@ -6167,6 +6197,81 @@ func (in *ExternalDataConfigurationParquetOptionsParameters) DeepCopy() *Externa return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalDatasetReferenceInitParameters) DeepCopyInto(out *ExternalDatasetReferenceInitParameters) { + *out = *in + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ExternalSource != nil { + in, out := &in.ExternalSource, &out.ExternalSource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalDatasetReferenceInitParameters. +func (in *ExternalDatasetReferenceInitParameters) DeepCopy() *ExternalDatasetReferenceInitParameters { + if in == nil { + return nil + } + out := new(ExternalDatasetReferenceInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalDatasetReferenceObservation) DeepCopyInto(out *ExternalDatasetReferenceObservation) { + *out = *in + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ExternalSource != nil { + in, out := &in.ExternalSource, &out.ExternalSource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalDatasetReferenceObservation. +func (in *ExternalDatasetReferenceObservation) DeepCopy() *ExternalDatasetReferenceObservation { + if in == nil { + return nil + } + out := new(ExternalDatasetReferenceObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalDatasetReferenceParameters) DeepCopyInto(out *ExternalDatasetReferenceParameters) { + *out = *in + if in.Connection != nil { + in, out := &in.Connection, &out.Connection + *out = new(string) + **out = **in + } + if in.ExternalSource != nil { + in, out := &in.ExternalSource, &out.ExternalSource + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalDatasetReferenceParameters. +func (in *ExternalDatasetReferenceParameters) DeepCopy() *ExternalDatasetReferenceParameters { + if in == nil { + return nil + } + out := new(ExternalDatasetReferenceParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ExtractInitParameters) DeepCopyInto(out *ExtractInitParameters) { *out = *in @@ -9381,6 +9486,11 @@ func (in *RoutineInitParameters_2) DeepCopyInto(out *RoutineInitParameters_2) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DataGovernanceType != nil { + in, out := &in.DataGovernanceType, &out.DataGovernanceType + *out = new(string) + **out = **in + } if in.DefinitionBody != nil { in, out := &in.DefinitionBody, &out.DefinitionBody *out = new(string) @@ -9531,6 +9641,11 @@ func (in *RoutineObservation_2) DeepCopyInto(out *RoutineObservation_2) { *out = new(float64) **out = **in } + if in.DataGovernanceType != nil { + in, out := &in.DataGovernanceType, &out.DataGovernanceType + *out = new(string) + **out = **in + } if in.DatasetID != nil { in, out := &in.DatasetID, &out.DatasetID *out = new(string) @@ -9689,6 +9804,11 @@ func (in *RoutineParameters_2) DeepCopyInto(out *RoutineParameters_2) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.DataGovernanceType != nil { + in, out := &in.DataGovernanceType, &out.DataGovernanceType + *out = new(string) + **out = **in + } if in.DatasetID != nil { in, out := &in.DatasetID, &out.DatasetID *out = new(string) diff --git a/apis/bigquery/v1beta2/zz_routine_types.go b/apis/bigquery/v1beta2/zz_routine_types.go index 2c8515a63..ba615ff73 100755 --- a/apis/bigquery/v1beta2/zz_routine_types.go +++ b/apis/bigquery/v1beta2/zz_routine_types.go @@ -191,6 +191,10 @@ type RoutineInitParameters_2 struct { // Structure is documented below. Arguments []ArgumentsInitParameters `json:"arguments,omitempty" tf:"arguments,omitempty"` + // If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + // Possible values are: DATA_MASKING. + DataGovernanceType *string `json:"dataGovernanceType,omitempty" tf:"data_governance_type,omitempty"` + // The body of the routine. For functions, this is the expression in the AS clause. // If language=SQL, it is the substring inside (but excluding) the parentheses. DefinitionBody *string `json:"definitionBody,omitempty" tf:"definition_body,omitempty"` @@ -254,6 +258,10 @@ type RoutineObservation_2 struct { // epoch. CreationTime *float64 `json:"creationTime,omitempty" tf:"creation_time,omitempty"` + // If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + // Possible values are: DATA_MASKING. + DataGovernanceType *string `json:"dataGovernanceType,omitempty" tf:"data_governance_type,omitempty"` + // The ID of the dataset containing this routine DatasetID *string `json:"datasetId,omitempty" tf:"dataset_id,omitempty"` @@ -324,6 +332,11 @@ type RoutineParameters_2 struct { // +kubebuilder:validation:Optional Arguments []ArgumentsParameters `json:"arguments,omitempty" tf:"arguments,omitempty"` + // If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + // Possible values are: DATA_MASKING. + // +kubebuilder:validation:Optional + DataGovernanceType *string `json:"dataGovernanceType,omitempty" tf:"data_governance_type,omitempty"` + // The ID of the dataset containing this routine // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/bigquery/v1beta2.Dataset // +kubebuilder:validation:Optional diff --git a/apis/bigquery/v1beta2/zz_table_types.go b/apis/bigquery/v1beta2/zz_table_types.go index 2b068addd..e0e1c4cc2 100755 --- a/apis/bigquery/v1beta2/zz_table_types.go +++ b/apis/bigquery/v1beta2/zz_table_types.go @@ -245,6 +245,9 @@ type ExternalDataConfigurationInitParameters struct { // The default value is false. IgnoreUnknownValues *bool `json:"ignoreUnknownValues,omitempty" tf:"ignore_unknown_values,omitempty"` + // Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON. + JSONExtension *string `json:"jsonExtension,omitempty" tf:"json_extension,omitempty"` + // Additional properties to set if // source_format is set to "JSON". Structure is documented below. JSONOptions *JSONOptionsInitParameters `json:"jsonOptions,omitempty" tf:"json_options,omitempty"` @@ -338,6 +341,9 @@ type ExternalDataConfigurationObservation struct { // The default value is false. IgnoreUnknownValues *bool `json:"ignoreUnknownValues,omitempty" tf:"ignore_unknown_values,omitempty"` + // Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON. + JSONExtension *string `json:"jsonExtension,omitempty" tf:"json_extension,omitempty"` + // Additional properties to set if // source_format is set to "JSON". Structure is documented below. JSONOptions *JSONOptionsObservation `json:"jsonOptions,omitempty" tf:"json_options,omitempty"` @@ -440,6 +446,10 @@ type ExternalDataConfigurationParameters struct { // +kubebuilder:validation:Optional IgnoreUnknownValues *bool `json:"ignoreUnknownValues,omitempty" tf:"ignore_unknown_values,omitempty"` + // Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON. + // +kubebuilder:validation:Optional + JSONExtension *string `json:"jsonExtension,omitempty" tf:"json_extension,omitempty"` + // Additional properties to set if // source_format is set to "JSON". Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go b/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go index 6a5dbbbf1..26befbff2 100755 --- a/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go +++ b/apis/certificatemanager/v1beta1/zz_dnsauthorization_types.go @@ -32,6 +32,15 @@ type DNSAuthorizationInitParameters struct { // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + // be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + // FIXED_RECORD DNS authorization uses DNS-01 validation method + // PER_PROJECT_RECORD DNS authorization allows for independent management + // of Google-managed certificates with DNS authorization across multiple + // projects. + // Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type DNSAuthorizationObservation struct { @@ -73,6 +82,15 @@ type DNSAuthorizationObservation struct { // and default labels configured on the provider. // +mapType=granular TerraformLabels map[string]*string `json:"terraformLabels,omitempty" tf:"terraform_labels,omitempty"` + + // type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + // be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + // FIXED_RECORD DNS authorization uses DNS-01 validation method + // PER_PROJECT_RECORD DNS authorization allows for independent management + // of Google-managed certificates with DNS authorization across multiple + // projects. + // Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type DNSAuthorizationParameters struct { @@ -102,6 +120,16 @@ type DNSAuthorizationParameters struct { // If it is not provided, the provider project is used. // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + + // type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + // be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + // FIXED_RECORD DNS authorization uses DNS-01 validation method + // PER_PROJECT_RECORD DNS authorization allows for independent management + // of Google-managed certificates with DNS authorization across multiple + // projects. + // Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` } type DNSResourceRecordInitParameters struct { diff --git a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go index 634d01d11..22b146aca 100644 --- a/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go +++ b/apis/certificatemanager/v1beta1/zz_generated.deepcopy.go @@ -1083,6 +1083,11 @@ func (in *DNSAuthorizationInitParameters) DeepCopyInto(out *DNSAuthorizationInit *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSAuthorizationInitParameters. @@ -1210,6 +1215,11 @@ func (in *DNSAuthorizationObservation) DeepCopyInto(out *DNSAuthorizationObserva (*out)[key] = outVal } } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSAuthorizationObservation. @@ -1261,6 +1271,11 @@ func (in *DNSAuthorizationParameters) DeepCopyInto(out *DNSAuthorizationParamete *out = new(string) **out = **in } + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSAuthorizationParameters. diff --git a/apis/cloudfunctions/v1beta2/zz_function_types.go b/apis/cloudfunctions/v1beta2/zz_function_types.go index d3737535b..5f276b3e8 100755 --- a/apis/cloudfunctions/v1beta2/zz_function_types.go +++ b/apis/cloudfunctions/v1beta2/zz_function_types.go @@ -94,10 +94,10 @@ type FunctionInitParameters struct { // Description of the function. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY. + // Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY. DockerRegistry *string `json:"dockerRegistry,omitempty" tf:"docker_registry,omitempty"` - // User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means. + // User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region. DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` // Name of the function that will be executed when the Google Cloud Function is triggered. @@ -203,10 +203,10 @@ type FunctionObservation struct { // Description of the function. Description *string `json:"description,omitempty" tf:"description,omitempty"` - // Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY. + // Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY. DockerRegistry *string `json:"dockerRegistry,omitempty" tf:"docker_registry,omitempty"` - // User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means. + // User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region. DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` // +mapType=granular @@ -315,11 +315,11 @@ type FunctionParameters struct { // +kubebuilder:validation:Optional Description *string `json:"description,omitempty" tf:"description,omitempty"` - // Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY. + // Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY. // +kubebuilder:validation:Optional DockerRegistry *string `json:"dockerRegistry,omitempty" tf:"docker_registry,omitempty"` - // User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means. + // User-managed repository created in Artifact Registry to which the function's Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named 'gcf-artifacts' in the region. // +kubebuilder:validation:Optional DockerRepository *string `json:"dockerRepository,omitempty" tf:"docker_repository,omitempty"` diff --git a/apis/cloudfunctions2/v1beta2/zz_function_types.go b/apis/cloudfunctions2/v1beta2/zz_function_types.go index 4dd9412c8..052aa2993 100755 --- a/apis/cloudfunctions2/v1beta2/zz_function_types.go +++ b/apis/cloudfunctions2/v1beta2/zz_function_types.go @@ -43,6 +43,19 @@ type BuildConfigInitParameters struct { // function, optional when updating an existing function. Runtime *string `json:"runtime,omitempty" tf:"runtime,omitempty"` + // The fully-qualified name of the service account to be used for building the container. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccount. + // +kubebuilder:validation:Optional + ServiceAccountRef *v1.Reference `json:"serviceAccountRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccount. + // +kubebuilder:validation:Optional + ServiceAccountSelector *v1.Selector `json:"serviceAccountSelector,omitempty" tf:"-"` + // The location of the function source code. // Structure is documented below. Source *SourceInitParameters `json:"source,omitempty" tf:"source,omitempty"` @@ -86,6 +99,9 @@ type BuildConfigObservation struct { // function, optional when updating an existing function. Runtime *string `json:"runtime,omitempty" tf:"runtime,omitempty"` + // The fully-qualified name of the service account to be used for building the container. + ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` + // The location of the function source code. // Structure is documented below. Source *SourceObservation `json:"source,omitempty" tf:"source,omitempty"` @@ -128,6 +144,20 @@ type BuildConfigParameters struct { // +kubebuilder:validation:Optional Runtime *string `json:"runtime,omitempty" tf:"runtime,omitempty"` + // The fully-qualified name of the service account to be used for building the container. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractResourceID() + // +kubebuilder:validation:Optional + ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` + + // Reference to a ServiceAccount in cloudplatform to populate serviceAccount. + // +kubebuilder:validation:Optional + ServiceAccountRef *v1.Reference `json:"serviceAccountRef,omitempty" tf:"-"` + + // Selector for a ServiceAccount in cloudplatform to populate serviceAccount. + // +kubebuilder:validation:Optional + ServiceAccountSelector *v1.Selector `json:"serviceAccountSelector,omitempty" tf:"-"` + // The location of the function source code. // Structure is documented below. // +kubebuilder:validation:Optional diff --git a/apis/cloudfunctions2/v1beta2/zz_generated.deepcopy.go b/apis/cloudfunctions2/v1beta2/zz_generated.deepcopy.go index 7b0af4367..c14a65574 100644 --- a/apis/cloudfunctions2/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudfunctions2/v1beta2/zz_generated.deepcopy.go @@ -57,6 +57,21 @@ func (in *BuildConfigInitParameters) DeepCopyInto(out *BuildConfigInitParameters *out = new(string) **out = **in } + if in.ServiceAccount != nil { + in, out := &in.ServiceAccount, &out.ServiceAccount + *out = new(string) + **out = **in + } + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountSelector != nil { + in, out := &in.ServiceAccountSelector, &out.ServiceAccountSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Source != nil { in, out := &in.Source, &out.Source *out = new(SourceInitParameters) @@ -128,6 +143,11 @@ func (in *BuildConfigObservation) DeepCopyInto(out *BuildConfigObservation) { *out = new(string) **out = **in } + if in.ServiceAccount != nil { + in, out := &in.ServiceAccount, &out.ServiceAccount + *out = new(string) + **out = **in + } if in.Source != nil { in, out := &in.Source, &out.Source *out = new(SourceObservation) @@ -194,6 +214,21 @@ func (in *BuildConfigParameters) DeepCopyInto(out *BuildConfigParameters) { *out = new(string) **out = **in } + if in.ServiceAccount != nil { + in, out := &in.ServiceAccount, &out.ServiceAccount + *out = new(string) + **out = **in + } + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.ServiceAccountSelector != nil { + in, out := &in.ServiceAccountSelector, &out.ServiceAccountSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.Source != nil { in, out := &in.Source, &out.Source *out = new(SourceParameters) diff --git a/apis/cloudfunctions2/v1beta2/zz_generated.resolvers.go b/apis/cloudfunctions2/v1beta2/zz_generated.resolvers.go index a5fd189b6..2551ea77a 100644 --- a/apis/cloudfunctions2/v1beta2/zz_generated.resolvers.go +++ b/apis/cloudfunctions2/v1beta2/zz_generated.resolvers.go @@ -47,6 +47,27 @@ func (mg *Function) ResolveReferences(ctx context.Context, c client.Reader) erro mg.Spec.ForProvider.BuildConfig.DockerRepository = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.BuildConfig.DockerRepositoryRef = rsp.ResolvedReference + } + if mg.Spec.ForProvider.BuildConfig != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.BuildConfig.ServiceAccount), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.ForProvider.BuildConfig.ServiceAccountRef, + Selector: mg.Spec.ForProvider.BuildConfig.ServiceAccountSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.BuildConfig.ServiceAccount") + } + mg.Spec.ForProvider.BuildConfig.ServiceAccount = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.BuildConfig.ServiceAccountRef = rsp.ResolvedReference + } if mg.Spec.ForProvider.BuildConfig != nil { if mg.Spec.ForProvider.BuildConfig.Source != nil { @@ -271,6 +292,27 @@ func (mg *Function) ResolveReferences(ctx context.Context, c client.Reader) erro mg.Spec.InitProvider.BuildConfig.DockerRepository = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.BuildConfig.DockerRepositoryRef = rsp.ResolvedReference + } + if mg.Spec.InitProvider.BuildConfig != nil { + { + m, l, err = apisresolver.GetManagedResource("cloudplatform.gcp.upbound.io", "v1beta1", "ServiceAccount", "ServiceAccountList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.BuildConfig.ServiceAccount), + Extract: resource.ExtractResourceID(), + Reference: mg.Spec.InitProvider.BuildConfig.ServiceAccountRef, + Selector: mg.Spec.InitProvider.BuildConfig.ServiceAccountSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.BuildConfig.ServiceAccount") + } + mg.Spec.InitProvider.BuildConfig.ServiceAccount = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.BuildConfig.ServiceAccountRef = rsp.ResolvedReference + } if mg.Spec.InitProvider.BuildConfig != nil { if mg.Spec.InitProvider.BuildConfig.Source != nil { diff --git a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go index b2cd34831..b536ca61e 100644 --- a/apis/cloudrun/v1beta2/zz_generated.deepcopy.go +++ b/apis/cloudrun/v1beta2/zz_generated.deepcopy.go @@ -9298,10 +9298,8 @@ func (in *V2ServiceTemplateContainersInitParameters) DeepCopyInto(out *V2Service } if in.Ports != nil { in, out := &in.Ports, &out.Ports - *out = make([]TemplateContainersPortsInitParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(TemplateContainersPortsInitParameters) + (*in).DeepCopyInto(*out) } if in.Resources != nil { in, out := &in.Resources, &out.Resources @@ -9397,10 +9395,8 @@ func (in *V2ServiceTemplateContainersObservation) DeepCopyInto(out *V2ServiceTem } if in.Ports != nil { in, out := &in.Ports, &out.Ports - *out = make([]TemplateContainersPortsObservation, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(TemplateContainersPortsObservation) + (*in).DeepCopyInto(*out) } if in.Resources != nil { in, out := &in.Resources, &out.Resources @@ -9496,10 +9492,8 @@ func (in *V2ServiceTemplateContainersParameters) DeepCopyInto(out *V2ServiceTemp } if in.Ports != nil { in, out := &in.Ports, &out.Ports - *out = make([]TemplateContainersPortsParameters, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = new(TemplateContainersPortsParameters) + (*in).DeepCopyInto(*out) } if in.Resources != nil { in, out := &in.Resources, &out.Resources diff --git a/apis/cloudrun/v1beta2/zz_v2job_types.go b/apis/cloudrun/v1beta2/zz_v2job_types.go index aed41c72f..75c99b5fe 100755 --- a/apis/cloudrun/v1beta2/zz_v2job_types.go +++ b/apis/cloudrun/v1beta2/zz_v2job_types.go @@ -262,7 +262,7 @@ type SecretItemsInitParameters struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. Path *string `json:"path,omitempty" tf:"path,omitempty"` // The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. @@ -274,7 +274,7 @@ type SecretItemsObservation struct { // Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. Path *string `json:"path,omitempty" tf:"path,omitempty"` // The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version. @@ -287,7 +287,7 @@ type SecretItemsParameters struct { // +kubebuilder:validation:Optional Mode *float64 `json:"mode,omitempty" tf:"mode,omitempty"` - // The relative path of the secret in the container. + // Path that is exported by the NFS server. // +kubebuilder:validation:Optional Path *string `json:"path" tf:"path,omitempty"` diff --git a/apis/cloudrun/v1beta2/zz_v2service_types.go b/apis/cloudrun/v1beta2/zz_v2service_types.go index 78f793f0c..a302a17bd 100755 --- a/apis/cloudrun/v1beta2/zz_v2service_types.go +++ b/apis/cloudrun/v1beta2/zz_v2service_types.go @@ -1301,7 +1301,7 @@ type V2ServiceTemplateContainersInitParameters struct { // List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. // If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on // Structure is documented below. - Ports []TemplateContainersPortsInitParameters `json:"ports,omitempty" tf:"ports,omitempty"` + Ports *TemplateContainersPortsInitParameters `json:"ports,omitempty" tf:"ports,omitempty"` // Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources // Structure is documented below. @@ -1347,7 +1347,7 @@ type V2ServiceTemplateContainersObservation struct { // List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. // If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on // Structure is documented below. - Ports []TemplateContainersPortsObservation `json:"ports,omitempty" tf:"ports,omitempty"` + Ports *TemplateContainersPortsObservation `json:"ports,omitempty" tf:"ports,omitempty"` // Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources // Structure is documented below. @@ -1401,7 +1401,7 @@ type V2ServiceTemplateContainersParameters struct { // If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on // Structure is documented below. // +kubebuilder:validation:Optional - Ports []TemplateContainersPortsParameters `json:"ports,omitempty" tf:"ports,omitempty"` + Ports *TemplateContainersPortsParameters `json:"ports,omitempty" tf:"ports,omitempty"` // Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources // Structure is documented below. @@ -1610,7 +1610,7 @@ type V2ServiceTemplateVolumesInitParameters struct { // Structure is documented below. CloudSQLInstance *VolumesCloudSQLInstanceInitParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Represents a GCS Bucket mounted as a volume. + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. // Structure is documented below. Gcs *GcsInitParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` @@ -1632,7 +1632,7 @@ type V2ServiceTemplateVolumesObservation struct { // Structure is documented below. CloudSQLInstance *VolumesCloudSQLInstanceObservation `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Represents a GCS Bucket mounted as a volume. + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. // Structure is documented below. Gcs *GcsObservation `json:"gcs,omitempty" tf:"gcs,omitempty"` @@ -1655,7 +1655,7 @@ type V2ServiceTemplateVolumesParameters struct { // +kubebuilder:validation:Optional CloudSQLInstance *VolumesCloudSQLInstanceParameters `json:"cloudSqlInstance,omitempty" tf:"cloud_sql_instance,omitempty"` - // Represents a GCS Bucket mounted as a volume. + // Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. // Structure is documented below. // +kubebuilder:validation:Optional Gcs *GcsParameters `json:"gcs,omitempty" tf:"gcs,omitempty"` diff --git a/apis/composer/v1beta2/zz_environment_types.go b/apis/composer/v1beta2/zz_environment_types.go index 9cfa229ae..d497173e7 100755 --- a/apis/composer/v1beta2/zz_environment_types.go +++ b/apis/composer/v1beta2/zz_environment_types.go @@ -1144,7 +1144,7 @@ type SchedulerInitParameters struct { // The amount of memory (GB) for a single Airflow worker. MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1159,7 +1159,7 @@ type SchedulerObservation struct { // The amount of memory (GB) for a single Airflow worker. MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1177,7 +1177,7 @@ type SchedulerParameters struct { // +kubebuilder:validation:Optional MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. // +kubebuilder:validation:Optional StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1196,6 +1196,7 @@ type SoftwareConfigInitParameters struct { // +mapType=granular EnvVariables map[string]*string `json:"envVariables,omitempty" tf:"env_variables,omitempty"` + // In Composer 1, use a specific Composer 1 version in this parameter. If omitted, the default is the latest version of Composer 2. ImageVersion *string `json:"imageVersion,omitempty" tf:"image_version,omitempty"` // Custom Python Package Index (PyPI) packages to be installed @@ -1227,6 +1228,7 @@ type SoftwareConfigObservation struct { // +mapType=granular EnvVariables map[string]*string `json:"envVariables,omitempty" tf:"env_variables,omitempty"` + // In Composer 1, use a specific Composer 1 version in this parameter. If omitted, the default is the latest version of Composer 2. ImageVersion *string `json:"imageVersion,omitempty" tf:"image_version,omitempty"` // Custom Python Package Index (PyPI) packages to be installed @@ -1260,6 +1262,7 @@ type SoftwareConfigParameters struct { // +mapType=granular EnvVariables map[string]*string `json:"envVariables,omitempty" tf:"env_variables,omitempty"` + // In Composer 1, use a specific Composer 1 version in this parameter. If omitted, the default is the latest version of Composer 2. // +kubebuilder:validation:Optional ImageVersion *string `json:"imageVersion,omitempty" tf:"image_version,omitempty"` @@ -1400,7 +1403,7 @@ type WebServerInitParameters struct { // The amount of memory (GB) for a single Airflow worker. MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1431,7 +1434,7 @@ type WebServerObservation struct { // The amount of memory (GB) for a single Airflow worker. MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1445,7 +1448,7 @@ type WebServerParameters struct { // +kubebuilder:validation:Optional MemoryGb *float64 `json:"memoryGb,omitempty" tf:"memory_gb,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. // +kubebuilder:validation:Optional StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1467,7 +1470,7 @@ type WorkerInitParameters struct { // environment does not go above this number, even if a lower number of workers can handle the load. MinCount *float64 `json:"minCount,omitempty" tf:"min_count,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1488,7 +1491,7 @@ type WorkerObservation struct { // environment does not go above this number, even if a lower number of workers can handle the load. MinCount *float64 `json:"minCount,omitempty" tf:"min_count,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } @@ -1513,7 +1516,7 @@ type WorkerParameters struct { // +kubebuilder:validation:Optional MinCount *float64 `json:"minCount,omitempty" tf:"min_count,omitempty"` - // The amount of storage (GB) for the Airflow web server. + // The amount of storage (GB) for a single Airflow worker. // +kubebuilder:validation:Optional StorageGb *float64 `json:"storageGb,omitempty" tf:"storage_gb,omitempty"` } diff --git a/apis/compute/v1beta1/zz_generated.deepcopy.go b/apis/compute/v1beta1/zz_generated.deepcopy.go index 615b12e3c..84165de99 100644 --- a/apis/compute/v1beta1/zz_generated.deepcopy.go +++ b/apis/compute/v1beta1/zz_generated.deepcopy.go @@ -7240,6 +7240,21 @@ func (in *ConsumerAcceptListsInitParameters) DeepCopyInto(out *ConsumerAcceptLis *out = new(float64) **out = **in } + if in.NetworkURL != nil { + in, out := &in.NetworkURL, &out.NetworkURL + *out = new(string) + **out = **in + } + if in.NetworkURLRef != nil { + in, out := &in.NetworkURLRef, &out.NetworkURLRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NetworkURLSelector != nil { + in, out := &in.NetworkURLSelector, &out.NetworkURLSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.ProjectIDOrNum != nil { in, out := &in.ProjectIDOrNum, &out.ProjectIDOrNum *out = new(string) @@ -7265,6 +7280,11 @@ func (in *ConsumerAcceptListsObservation) DeepCopyInto(out *ConsumerAcceptListsO *out = new(float64) **out = **in } + if in.NetworkURL != nil { + in, out := &in.NetworkURL, &out.NetworkURL + *out = new(string) + **out = **in + } if in.ProjectIDOrNum != nil { in, out := &in.ProjectIDOrNum, &out.ProjectIDOrNum *out = new(string) @@ -7290,6 +7310,21 @@ func (in *ConsumerAcceptListsParameters) DeepCopyInto(out *ConsumerAcceptListsPa *out = new(float64) **out = **in } + if in.NetworkURL != nil { + in, out := &in.NetworkURL, &out.NetworkURL + *out = new(string) + **out = **in + } + if in.NetworkURLRef != nil { + in, out := &in.NetworkURLRef, &out.NetworkURLRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.NetworkURLSelector != nil { + in, out := &in.NetworkURLSelector, &out.NetworkURLSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } if in.ProjectIDOrNum != nil { in, out := &in.ProjectIDOrNum, &out.ProjectIDOrNum *out = new(string) @@ -28639,6 +28674,11 @@ func (in *InterconnectAttachmentObservation) DeepCopyInto(out *InterconnectAttac *out = new(string) **out = **in } + if in.CloudRouterIPv6Address != nil { + in, out := &in.CloudRouterIPv6Address, &out.CloudRouterIPv6Address + *out = new(string) + **out = **in + } if in.CreationTimestamp != nil { in, out := &in.CreationTimestamp, &out.CreationTimestamp *out = new(string) @@ -28649,6 +28689,11 @@ func (in *InterconnectAttachmentObservation) DeepCopyInto(out *InterconnectAttac *out = new(string) **out = **in } + if in.CustomerRouterIPv6Address != nil { + in, out := &in.CustomerRouterIPv6Address, &out.CustomerRouterIPv6Address + *out = new(string) + **out = **in + } if in.Description != nil { in, out := &in.Description, &out.Description *out = new(string) @@ -53022,6 +53067,11 @@ func (in *RegionTargetHTTPSProxyInitParameters) DeepCopyInto(out *RegionTargetHT *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -53146,6 +53196,11 @@ func (in *RegionTargetHTTPSProxyObservation) DeepCopyInto(out *RegionTargetHTTPS *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) @@ -53220,6 +53275,11 @@ func (in *RegionTargetHTTPSProxyParameters) DeepCopyInto(out *RegionTargetHTTPSP *out = new(string) **out = **in } + if in.ServerTLSPolicy != nil { + in, out := &in.ServerTLSPolicy, &out.ServerTLSPolicy + *out = new(string) + **out = **in + } if in.URLMap != nil { in, out := &in.URLMap, &out.URLMap *out = new(string) diff --git a/apis/compute/v1beta1/zz_generated.resolvers.go b/apis/compute/v1beta1/zz_generated.resolvers.go index 2efa2ab50..c3a0cdec4 100644 --- a/apis/compute/v1beta1/zz_generated.resolvers.go +++ b/apis/compute/v1beta1/zz_generated.resolvers.go @@ -5281,12 +5281,33 @@ func (mg *ServiceAttachment) ResolveReferences(ctx context.Context, c client.Rea var rsp reference.ResolutionResponse var mrsp reference.MultiResolutionResponse var err error + + for i3 := 0; i3 < len(mg.Spec.ForProvider.ConsumerAcceptLists); i3++ { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURL), + Extract: resource.ExtractParamPath("self_link", true), + Reference: mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURLRef, + Selector: mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURLSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURL") + } + mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURL = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.ConsumerAcceptLists[i3].NetworkURLRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ CurrentValues: reference.FromPtrValues(mg.Spec.ForProvider.NATSubnets), Extract: reference.ExternalName(), @@ -5319,12 +5340,33 @@ func (mg *ServiceAttachment) ResolveReferences(ctx context.Context, c client.Rea } mg.Spec.ForProvider.TargetService = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.TargetServiceRef = rsp.ResolvedReference + + for i3 := 0; i3 < len(mg.Spec.InitProvider.ConsumerAcceptLists); i3++ { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta1", "Network", "NetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURL), + Extract: resource.ExtractParamPath("self_link", true), + Reference: mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURLRef, + Selector: mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURLSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURL") + } + mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURL = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.ConsumerAcceptLists[i3].NetworkURLRef = rsp.ResolvedReference + + } { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") if err != nil { return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") } - mrsp, err = r.ResolveMultiple(ctx, reference.MultiResolutionRequest{ CurrentValues: reference.FromPtrValues(mg.Spec.InitProvider.NATSubnets), Extract: reference.ExternalName(), diff --git a/apis/compute/v1beta1/zz_interconnectattachment_types.go b/apis/compute/v1beta1/zz_interconnectattachment_types.go index ca17636af..275d06519 100755 --- a/apis/compute/v1beta1/zz_interconnectattachment_types.go +++ b/apis/compute/v1beta1/zz_interconnectattachment_types.go @@ -142,6 +142,10 @@ type InterconnectAttachmentObservation struct { // Interface for this interconnect attachment. CloudRouterIPAddress *string `json:"cloudRouterIpAddress,omitempty" tf:"cloud_router_ip_address,omitempty"` + // IPv6 address + prefix length to be configured on Cloud Router + // Interface for this interconnect attachment. + CloudRouterIPv6Address *string `json:"cloudRouterIpv6Address,omitempty" tf:"cloud_router_ipv6_address,omitempty"` + // Creation timestamp in RFC3339 text format. CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` @@ -149,6 +153,10 @@ type InterconnectAttachmentObservation struct { // router subinterface for this interconnect attachment. CustomerRouterIPAddress *string `json:"customerRouterIpAddress,omitempty" tf:"customer_router_ip_address,omitempty"` + // IPv6 address + prefix length to be configured on the customer + // router subinterface for this interconnect attachment. + CustomerRouterIPv6Address *string `json:"customerRouterIpv6Address,omitempty" tf:"customer_router_ipv6_address,omitempty"` + // An optional description of this resource. Description *string `json:"description,omitempty" tf:"description,omitempty"` diff --git a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go index 98ad939b4..ab65a8fa5 100755 --- a/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go +++ b/apis/compute/v1beta1/zz_regiontargethttpsproxy_types.go @@ -47,6 +47,17 @@ type RegionTargetHTTPSProxyInitParameters struct { // resource will not have any SSL policy configured. SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the RegionUrlMap resource that defines the mapping from URL // to the RegionBackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.RegionURLMap @@ -103,6 +114,17 @@ type RegionTargetHTTPSProxyObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the RegionUrlMap resource that defines the mapping from URL // to the RegionBackendService. URLMap *string `json:"urlMap,omitempty" tf:"url_map,omitempty"` @@ -152,6 +174,18 @@ type RegionTargetHTTPSProxyParameters struct { // +kubebuilder:validation:Optional SSLPolicy *string `json:"sslPolicy,omitempty" tf:"ssl_policy,omitempty"` + // A URL referring to a networksecurity.ServerTlsPolicy + // resource that describes how the proxy should authenticate inbound + // traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + // attached to globalForwardingRules with the loadBalancingScheme + // set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + // For details which ServerTlsPolicy resources are accepted with + // INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + // loadBalancingScheme consult ServerTlsPolicy documentation. + // If left blank, communications are not encrypted. + // +kubebuilder:validation:Optional + ServerTLSPolicy *string `json:"serverTlsPolicy,omitempty" tf:"server_tls_policy,omitempty"` + // A reference to the RegionUrlMap resource that defines the mapping from URL // to the RegionBackendService. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.RegionURLMap diff --git a/apis/compute/v1beta1/zz_serviceattachment_types.go b/apis/compute/v1beta1/zz_serviceattachment_types.go index dffea3242..bca17a6de 100755 --- a/apis/compute/v1beta1/zz_serviceattachment_types.go +++ b/apis/compute/v1beta1/zz_serviceattachment_types.go @@ -37,7 +37,22 @@ type ConsumerAcceptListsInitParameters struct { // create. ConnectionLimit *float64 `json:"connectionLimit,omitempty" tf:"connection_limit,omitempty"` + // The network that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) + NetworkURL *string `json:"networkUrl,omitempty" tf:"network_url,omitempty"` + + // Reference to a Network in compute to populate networkUrl. + // +kubebuilder:validation:Optional + NetworkURLRef *v1.Reference `json:"networkUrlRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate networkUrl. + // +kubebuilder:validation:Optional + NetworkURLSelector *v1.Selector `json:"networkUrlSelector,omitempty" tf:"-"` + // A project that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. ProjectIDOrNum *string `json:"projectIdOrNum,omitempty" tf:"project_id_or_num,omitempty"` } @@ -47,7 +62,12 @@ type ConsumerAcceptListsObservation struct { // create. ConnectionLimit *float64 `json:"connectionLimit,omitempty" tf:"connection_limit,omitempty"` + // The network that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. + NetworkURL *string `json:"networkUrl,omitempty" tf:"network_url,omitempty"` + // A project that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. ProjectIDOrNum *string `json:"projectIdOrNum,omitempty" tf:"project_id_or_num,omitempty"` } @@ -58,9 +78,25 @@ type ConsumerAcceptListsParameters struct { // +kubebuilder:validation:Optional ConnectionLimit *float64 `json:"connectionLimit" tf:"connection_limit,omitempty"` + // The network that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta1.Network + // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("self_link",true) + // +kubebuilder:validation:Optional + NetworkURL *string `json:"networkUrl,omitempty" tf:"network_url,omitempty"` + + // Reference to a Network in compute to populate networkUrl. + // +kubebuilder:validation:Optional + NetworkURLRef *v1.Reference `json:"networkUrlRef,omitempty" tf:"-"` + + // Selector for a Network in compute to populate networkUrl. + // +kubebuilder:validation:Optional + NetworkURLSelector *v1.Selector `json:"networkUrlSelector,omitempty" tf:"-"` + // A project that is allowed to connect to this service attachment. + // Only one of project_id_or_num and network_url may be set. // +kubebuilder:validation:Optional - ProjectIDOrNum *string `json:"projectIdOrNum" tf:"project_id_or_num,omitempty"` + ProjectIDOrNum *string `json:"projectIdOrNum,omitempty" tf:"project_id_or_num,omitempty"` } type ServiceAttachmentInitParameters struct { diff --git a/apis/compute/v1beta2/zz_disk_types.go b/apis/compute/v1beta2/zz_disk_types.go index c1ac42286..47b752179 100755 --- a/apis/compute/v1beta2/zz_disk_types.go +++ b/apis/compute/v1beta2/zz_disk_types.go @@ -529,21 +529,21 @@ type DiskParameters struct { type GuestOsFeaturesInitParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type GuestOsFeaturesObservation struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. Type *string `json:"type,omitempty" tf:"type,omitempty"` } type GuestOsFeaturesParameters struct { // The type of supported feature. Read Enabling guest operating system features to see a list of available options. - // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + // Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. // +kubebuilder:validation:Optional Type *string `json:"type" tf:"type,omitempty"` } diff --git a/apis/compute/v1beta2/zz_generated.deepcopy.go b/apis/compute/v1beta2/zz_generated.deepcopy.go index c24ebd1b7..0665a8321 100644 --- a/apis/compute/v1beta2/zz_generated.deepcopy.go +++ b/apis/compute/v1beta2/zz_generated.deepcopy.go @@ -1777,11 +1777,21 @@ func (in *AutoscalingPolicyLoadBalancingUtilizationParameters) DeepCopy() *Autos // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingPolicyMetricInitParameters) DeepCopyInto(out *AutoscalingPolicyMetricInitParameters) { *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(string) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } + if in.SingleInstanceAssignment != nil { + in, out := &in.SingleInstanceAssignment, &out.SingleInstanceAssignment + *out = new(float64) + **out = **in + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(float64) @@ -1807,11 +1817,21 @@ func (in *AutoscalingPolicyMetricInitParameters) DeepCopy() *AutoscalingPolicyMe // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingPolicyMetricObservation) DeepCopyInto(out *AutoscalingPolicyMetricObservation) { *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(string) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } + if in.SingleInstanceAssignment != nil { + in, out := &in.SingleInstanceAssignment, &out.SingleInstanceAssignment + *out = new(float64) + **out = **in + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(float64) @@ -1837,11 +1857,21 @@ func (in *AutoscalingPolicyMetricObservation) DeepCopy() *AutoscalingPolicyMetri // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AutoscalingPolicyMetricParameters) DeepCopyInto(out *AutoscalingPolicyMetricParameters) { *out = *in + if in.Filter != nil { + in, out := &in.Filter, &out.Filter + *out = new(string) + **out = **in + } if in.Name != nil { in, out := &in.Name, &out.Name *out = new(string) **out = **in } + if in.SingleInstanceAssignment != nil { + in, out := &in.SingleInstanceAssignment, &out.SingleInstanceAssignment + *out = new(float64) + **out = **in + } if in.Target != nil { in, out := &in.Target, &out.Target *out = new(float64) @@ -19852,6 +19882,11 @@ func (in *InstanceInitParameters) DeepCopy() *InstanceInitParameters { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceLifecyclePolicyInitParameters) DeepCopyInto(out *InstanceLifecyclePolicyInitParameters) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -19872,6 +19907,11 @@ func (in *InstanceLifecyclePolicyInitParameters) DeepCopy() *InstanceLifecyclePo // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceLifecyclePolicyObservation) DeepCopyInto(out *InstanceLifecyclePolicyObservation) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -19892,6 +19932,11 @@ func (in *InstanceLifecyclePolicyObservation) DeepCopy() *InstanceLifecyclePolic // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InstanceLifecyclePolicyParameters) DeepCopyInto(out *InstanceLifecyclePolicyParameters) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -25246,6 +25291,11 @@ func (in *MatchRulesInitParameters) DeepCopyInto(out *MatchRulesInitParameters) (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PathTemplateMatch != nil { + in, out := &in.PathTemplateMatch, &out.PathTemplateMatch + *out = new(string) + **out = **in + } if in.PrefixMatch != nil { in, out := &in.PrefixMatch, &out.PrefixMatch *out = new(string) @@ -25458,6 +25508,11 @@ func (in *MatchRulesObservation) DeepCopyInto(out *MatchRulesObservation) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PathTemplateMatch != nil { + in, out := &in.PathTemplateMatch, &out.PathTemplateMatch + *out = new(string) + **out = **in + } if in.PrefixMatch != nil { in, out := &in.PrefixMatch, &out.PrefixMatch *out = new(string) @@ -25514,6 +25569,11 @@ func (in *MatchRulesParameters) DeepCopyInto(out *MatchRulesParameters) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PathTemplateMatch != nil { + in, out := &in.PathTemplateMatch, &out.PathTemplateMatch + *out = new(string) + **out = **in + } if in.PrefixMatch != nil { in, out := &in.PrefixMatch, &out.PrefixMatch *out = new(string) @@ -37560,6 +37620,11 @@ func (in *RegionBackendServiceObservation) DeepCopyInto(out *RegionBackendServic *out = new(string) **out = **in } + if in.GeneratedID != nil { + in, out := &in.GeneratedID, &out.GeneratedID + *out = new(float64) + **out = **in + } if in.HealthChecks != nil { in, out := &in.HealthChecks, &out.HealthChecks *out = make([]*string, len(*in)) @@ -40878,6 +40943,11 @@ func (in *RegionInstanceGroupManagerInitParameters) DeepCopy() *RegionInstanceGr // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters) DeepCopyInto(out *RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -40898,6 +40968,11 @@ func (in *RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters) DeepC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerInstanceLifecyclePolicyObservation) DeepCopyInto(out *RegionInstanceGroupManagerInstanceLifecyclePolicyObservation) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -40918,6 +40993,11 @@ func (in *RegionInstanceGroupManagerInstanceLifecyclePolicyObservation) DeepCopy // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerInstanceLifecyclePolicyParameters) DeepCopyInto(out *RegionInstanceGroupManagerInstanceLifecyclePolicyParameters) { *out = *in + if in.DefaultActionOnFailure != nil { + in, out := &in.DefaultActionOnFailure, &out.DefaultActionOnFailure + *out = new(string) + **out = **in + } if in.ForceUpdateOnRepair != nil { in, out := &in.ForceUpdateOnRepair, &out.ForceUpdateOnRepair *out = new(string) @@ -41648,6 +41728,11 @@ func (in *RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters) Deep // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RegionInstanceGroupManagerStatusAllInstancesConfigObservation) DeepCopyInto(out *RegionInstanceGroupManagerStatusAllInstancesConfigObservation) { *out = *in + if in.CurrentRevision != nil { + in, out := &in.CurrentRevision, &out.CurrentRevision + *out = new(string) + **out = **in + } if in.Effective != nil { in, out := &in.Effective, &out.Effective *out = new(bool) @@ -48114,6 +48199,11 @@ func (in *RouteRulesRouteActionURLRewriteInitParameters) DeepCopyInto(out *Route *out = new(string) **out = **in } + if in.PathTemplateRewrite != nil { + in, out := &in.PathTemplateRewrite, &out.PathTemplateRewrite + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteRulesRouteActionURLRewriteInitParameters. @@ -48139,6 +48229,11 @@ func (in *RouteRulesRouteActionURLRewriteObservation) DeepCopyInto(out *RouteRul *out = new(string) **out = **in } + if in.PathTemplateRewrite != nil { + in, out := &in.PathTemplateRewrite, &out.PathTemplateRewrite + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteRulesRouteActionURLRewriteObservation. @@ -48164,6 +48259,11 @@ func (in *RouteRulesRouteActionURLRewriteParameters) DeepCopyInto(out *RouteRule *out = new(string) **out = **in } + if in.PathTemplateRewrite != nil { + in, out := &in.PathTemplateRewrite, &out.PathTemplateRewrite + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RouteRulesRouteActionURLRewriteParameters. @@ -48894,6 +48994,17 @@ func (in *RouterNATInitParameters) DeepCopyInto(out *RouterNATInitParameters) { *out = new(bool) **out = **in } + if in.EndpointTypes != nil { + in, out := &in.EndpointTypes, &out.EndpointTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.IcmpIdleTimeoutSec != nil { in, out := &in.IcmpIdleTimeoutSec, &out.IcmpIdleTimeoutSec *out = new(float64) @@ -49117,6 +49228,17 @@ func (in *RouterNATObservation) DeepCopyInto(out *RouterNATObservation) { *out = new(bool) **out = **in } + if in.EndpointTypes != nil { + in, out := &in.EndpointTypes, &out.EndpointTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.ID != nil { in, out := &in.ID, &out.ID *out = new(string) @@ -49248,6 +49370,17 @@ func (in *RouterNATParameters) DeepCopyInto(out *RouterNATParameters) { *out = new(bool) **out = **in } + if in.EndpointTypes != nil { + in, out := &in.EndpointTypes, &out.EndpointTypes + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } if in.IcmpIdleTimeoutSec != nil { in, out := &in.IcmpIdleTimeoutSec, &out.IcmpIdleTimeoutSec *out = new(float64) @@ -54246,6 +54379,11 @@ func (in *StatusAllInstancesConfigInitParameters) DeepCopy() *StatusAllInstances // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *StatusAllInstancesConfigObservation) DeepCopyInto(out *StatusAllInstancesConfigObservation) { *out = *in + if in.CurrentRevision != nil { + in, out := &in.CurrentRevision, &out.CurrentRevision + *out = new(string) + **out = **in + } if in.Effective != nil { in, out := &in.Effective, &out.Effective *out = new(bool) diff --git a/apis/compute/v1beta2/zz_instancegroupmanager_types.go b/apis/compute/v1beta2/zz_instancegroupmanager_types.go index 4289f5b05..5736f6907 100755 --- a/apis/compute/v1beta2/zz_instancegroupmanager_types.go +++ b/apis/compute/v1beta2/zz_instancegroupmanager_types.go @@ -172,7 +172,7 @@ type InstanceGroupManagerInitParameters struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` - // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. UpdatePolicy *UpdatePolicyInitParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` // Application versions managed by this instance group. Each @@ -210,6 +210,7 @@ type InstanceGroupManagerObservation struct { // name. BaseInstanceName *string `json:"baseInstanceName,omitempty" tf:"base_instance_name,omitempty"` + // Creation timestamp in RFC3339 text format. CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` // An optional textual description of the instance @@ -272,7 +273,7 @@ type InstanceGroupManagerObservation struct { // lifecycle. Defaults to 0. TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` - // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. UpdatePolicy *UpdatePolicyObservation `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` // Application versions managed by this instance group. Each @@ -380,7 +381,7 @@ type InstanceGroupManagerParameters struct { // +kubebuilder:validation:Optional TargetSize *float64 `json:"targetSize,omitempty" tf:"target_size,omitempty"` - // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API + // The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API. // +kubebuilder:validation:Optional UpdatePolicy *UpdatePolicyParameters `json:"updatePolicy,omitempty" tf:"update_policy,omitempty"` @@ -410,19 +411,29 @@ type InstanceGroupManagerParameters struct { type InstanceLifecyclePolicyInitParameters struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } type InstanceLifecyclePolicyObservation struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } type InstanceLifecyclePolicyParameters struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + // +kubebuilder:validation:Optional + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. // +kubebuilder:validation:Optional ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } @@ -563,7 +574,7 @@ type StatefulObservation struct { // A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. HasStatefulConfig *bool `json:"hasStatefulConfig,omitempty" tf:"has_stateful_config,omitempty"` - // Status of per-instance configs on the instance. + // Status of per-instance configs on the instances. PerInstanceConfigs []PerInstanceConfigsObservation `json:"perInstanceConfigs,omitempty" tf:"per_instance_configs,omitempty"` } @@ -574,6 +585,11 @@ type StatusAllInstancesConfigInitParameters struct { } type StatusAllInstancesConfigObservation struct { + + // Current all-instances configuration revision. This value is in RFC3339 text format. + CurrentRevision *string `json:"currentRevision,omitempty" tf:"current_revision,omitempty"` + + // A bit indicating whether this configuration has been applied to all managed instances in the group. Effective *bool `json:"effective,omitempty" tf:"effective,omitempty"` } @@ -585,9 +601,7 @@ type StatusInitParameters struct { type StatusObservation struct { - // Properties to set on all instances in the group. After setting - // allInstancesConfig on the group, you must update the group's instances to - // apply the configuration. + // Status of all-instances configuration on the group. AllInstancesConfig []StatusAllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` // A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified. diff --git a/apis/compute/v1beta2/zz_regionautoscaler_types.go b/apis/compute/v1beta2/zz_regionautoscaler_types.go index 933df96a1..d33c8084e 100755 --- a/apis/compute/v1beta2/zz_regionautoscaler_types.go +++ b/apis/compute/v1beta2/zz_regionautoscaler_types.go @@ -63,9 +63,54 @@ type AutoscalingPolicyLoadBalancingUtilizationParameters struct { type AutoscalingPolicyMetricInitParameters struct { + // A filter string to be used as the filter string for + // a Stackdriver Monitoring TimeSeries.list API call. + // This filter is used to select a specific TimeSeries for + // the purpose of autoscaling and to determine whether the metric + // is exporting per-instance or per-group data. + // You can only use the AND operator for joining selectors. + // You can only use direct equality comparison operator (=) without + // any functions for each selector. + // You can specify the metric in both the filter string and in the + // metric field. However, if specified in both places, the metric must + // be identical. + // The monitored resource type determines what kind of values are + // expected for the metric. If it is a gce_instance, the autoscaler + // expects the metric to include a separate TimeSeries for each + // instance in a group. In such a case, you cannot filter on resource + // labels. + // If the resource type is any other value, the autoscaler expects + // this metric to contain values that apply to the entire autoscaled + // instance group and resource label filtering can be performed to + // point autoscaler at the correct TimeSeries to scale upon. + // This is called a per-group metric for the purpose of autoscaling. + // If not specified, the type defaults to gce_instance. + // You should provide a filter that is selective enough to pick just + // one TimeSeries for the autoscaled group or for each of the instances + // (if you are using gce_instance resource type). If multiple + // TimeSeries are returned upon the query execution, the autoscaler + // will sum their respective values to obtain its scaling value. + Filter *string `json:"filter,omitempty" tf:"filter,omitempty"` + // The identifier for this object. Format specified above. Name *string `json:"name,omitempty" tf:"name,omitempty"` + // If scaling is based on a per-group metric value that represents the + // total amount of work to be done or resource usage, set this value to + // an amount assigned for a single instance of the scaled group. + // The autoscaler will keep the number of instances proportional to the + // value of this metric, the metric itself should not change value due + // to group resizing. + // For example, a good metric to use with the target is + // pubsub.googleapis.com/subscription/num_undelivered_messages + // or a custom metric exporting the total number of requests coming to + // your instances. + // A bad example would be a metric exporting an average or median + // latency, since this value can't include a chunk assignable to a + // single instance, it could be better used with utilization_target + // instead. + SingleInstanceAssignment *float64 `json:"singleInstanceAssignment,omitempty" tf:"single_instance_assignment,omitempty"` + // URL of the managed instance group that this autoscaler will scale. Target *float64 `json:"target,omitempty" tf:"target,omitempty"` @@ -77,9 +122,54 @@ type AutoscalingPolicyMetricInitParameters struct { type AutoscalingPolicyMetricObservation struct { + // A filter string to be used as the filter string for + // a Stackdriver Monitoring TimeSeries.list API call. + // This filter is used to select a specific TimeSeries for + // the purpose of autoscaling and to determine whether the metric + // is exporting per-instance or per-group data. + // You can only use the AND operator for joining selectors. + // You can only use direct equality comparison operator (=) without + // any functions for each selector. + // You can specify the metric in both the filter string and in the + // metric field. However, if specified in both places, the metric must + // be identical. + // The monitored resource type determines what kind of values are + // expected for the metric. If it is a gce_instance, the autoscaler + // expects the metric to include a separate TimeSeries for each + // instance in a group. In such a case, you cannot filter on resource + // labels. + // If the resource type is any other value, the autoscaler expects + // this metric to contain values that apply to the entire autoscaled + // instance group and resource label filtering can be performed to + // point autoscaler at the correct TimeSeries to scale upon. + // This is called a per-group metric for the purpose of autoscaling. + // If not specified, the type defaults to gce_instance. + // You should provide a filter that is selective enough to pick just + // one TimeSeries for the autoscaled group or for each of the instances + // (if you are using gce_instance resource type). If multiple + // TimeSeries are returned upon the query execution, the autoscaler + // will sum their respective values to obtain its scaling value. + Filter *string `json:"filter,omitempty" tf:"filter,omitempty"` + // The identifier for this object. Format specified above. Name *string `json:"name,omitempty" tf:"name,omitempty"` + // If scaling is based on a per-group metric value that represents the + // total amount of work to be done or resource usage, set this value to + // an amount assigned for a single instance of the scaled group. + // The autoscaler will keep the number of instances proportional to the + // value of this metric, the metric itself should not change value due + // to group resizing. + // For example, a good metric to use with the target is + // pubsub.googleapis.com/subscription/num_undelivered_messages + // or a custom metric exporting the total number of requests coming to + // your instances. + // A bad example would be a metric exporting an average or median + // latency, since this value can't include a chunk assignable to a + // single instance, it could be better used with utilization_target + // instead. + SingleInstanceAssignment *float64 `json:"singleInstanceAssignment,omitempty" tf:"single_instance_assignment,omitempty"` + // URL of the managed instance group that this autoscaler will scale. Target *float64 `json:"target,omitempty" tf:"target,omitempty"` @@ -91,10 +181,57 @@ type AutoscalingPolicyMetricObservation struct { type AutoscalingPolicyMetricParameters struct { + // A filter string to be used as the filter string for + // a Stackdriver Monitoring TimeSeries.list API call. + // This filter is used to select a specific TimeSeries for + // the purpose of autoscaling and to determine whether the metric + // is exporting per-instance or per-group data. + // You can only use the AND operator for joining selectors. + // You can only use direct equality comparison operator (=) without + // any functions for each selector. + // You can specify the metric in both the filter string and in the + // metric field. However, if specified in both places, the metric must + // be identical. + // The monitored resource type determines what kind of values are + // expected for the metric. If it is a gce_instance, the autoscaler + // expects the metric to include a separate TimeSeries for each + // instance in a group. In such a case, you cannot filter on resource + // labels. + // If the resource type is any other value, the autoscaler expects + // this metric to contain values that apply to the entire autoscaled + // instance group and resource label filtering can be performed to + // point autoscaler at the correct TimeSeries to scale upon. + // This is called a per-group metric for the purpose of autoscaling. + // If not specified, the type defaults to gce_instance. + // You should provide a filter that is selective enough to pick just + // one TimeSeries for the autoscaled group or for each of the instances + // (if you are using gce_instance resource type). If multiple + // TimeSeries are returned upon the query execution, the autoscaler + // will sum their respective values to obtain its scaling value. + // +kubebuilder:validation:Optional + Filter *string `json:"filter,omitempty" tf:"filter,omitempty"` + // The identifier for this object. Format specified above. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` + // If scaling is based on a per-group metric value that represents the + // total amount of work to be done or resource usage, set this value to + // an amount assigned for a single instance of the scaled group. + // The autoscaler will keep the number of instances proportional to the + // value of this metric, the metric itself should not change value due + // to group resizing. + // For example, a good metric to use with the target is + // pubsub.googleapis.com/subscription/num_undelivered_messages + // or a custom metric exporting the total number of requests coming to + // your instances. + // A bad example would be a metric exporting an average or median + // latency, since this value can't include a chunk assignable to a + // single instance, it could be better used with utilization_target + // instead. + // +kubebuilder:validation:Optional + SingleInstanceAssignment *float64 `json:"singleInstanceAssignment,omitempty" tf:"single_instance_assignment,omitempty"` + // URL of the managed instance group that this autoscaler will scale. // +kubebuilder:validation:Optional Target *float64 `json:"target,omitempty" tf:"target,omitempty"` diff --git a/apis/compute/v1beta2/zz_regionbackendservice_types.go b/apis/compute/v1beta2/zz_regionbackendservice_types.go index 2c017f444..02b4b5f31 100755 --- a/apis/compute/v1beta2/zz_regionbackendservice_types.go +++ b/apis/compute/v1beta2/zz_regionbackendservice_types.go @@ -1276,6 +1276,9 @@ type RegionBackendServiceObservation struct { // object. This field is used in optimistic locking. Fingerprint *string `json:"fingerprint,omitempty" tf:"fingerprint,omitempty"` + // The unique identifier for the resource. This identifier is defined by the server. + GeneratedID *float64 `json:"generatedId,omitempty" tf:"generated_id,omitempty"` + // The set of URLs to HealthCheck resources for health checking // this RegionBackendService. Currently at most one health // check can be specified. diff --git a/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go b/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go index be74781b8..84db49317 100755 --- a/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go +++ b/apis/compute/v1beta2/zz_regioninstancegroupmanager_types.go @@ -210,19 +210,29 @@ type RegionInstanceGroupManagerInitParameters struct { type RegionInstanceGroupManagerInstanceLifecyclePolicyInitParameters struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } type RegionInstanceGroupManagerInstanceLifecyclePolicyObservation struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } type RegionInstanceGroupManagerInstanceLifecyclePolicyParameters struct { - // ), Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. + // , Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired. + // +kubebuilder:validation:Optional + DefaultActionOnFailure *string `json:"defaultActionOnFailure,omitempty" tf:"default_action_on_failure,omitempty"` + + // , Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type. // +kubebuilder:validation:Optional ForceUpdateOnRepair *string `json:"forceUpdateOnRepair,omitempty" tf:"force_update_on_repair,omitempty"` } @@ -275,6 +285,7 @@ type RegionInstanceGroupManagerObservation struct { // name. BaseInstanceName *string `json:"baseInstanceName,omitempty" tf:"base_instance_name,omitempty"` + // Creation timestamp in RFC3339 text format. CreationTimestamp *string `json:"creationTimestamp,omitempty" tf:"creation_timestamp,omitempty"` // An optional textual description of the instance @@ -590,6 +601,11 @@ type RegionInstanceGroupManagerStatusAllInstancesConfigInitParameters struct { } type RegionInstanceGroupManagerStatusAllInstancesConfigObservation struct { + + // Current all-instances configuration revision. This value is in RFC3339 text format. + CurrentRevision *string `json:"currentRevision,omitempty" tf:"current_revision,omitempty"` + + // A bit indicating whether this configuration has been applied to all managed instances in the group. Effective *bool `json:"effective,omitempty" tf:"effective,omitempty"` } @@ -601,9 +617,7 @@ type RegionInstanceGroupManagerStatusInitParameters struct { type RegionInstanceGroupManagerStatusObservation struct { - // Properties to set on all instances in the group. After setting - // allInstancesConfig on the group, you must update the group's instances to - // apply the configuration. + // Status of all-instances configuration on the group. AllInstancesConfig []RegionInstanceGroupManagerStatusAllInstancesConfigObservation `json:"allInstancesConfig,omitempty" tf:"all_instances_config,omitempty"` // A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified. @@ -797,7 +811,7 @@ type StatusStatefulObservation struct { // A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions. HasStatefulConfig *bool `json:"hasStatefulConfig,omitempty" tf:"has_stateful_config,omitempty"` - // Status of per-instance configs on the instance. + // Status of per-instance configs on the instances. PerInstanceConfigs []StatefulPerInstanceConfigsObservation `json:"perInstanceConfigs,omitempty" tf:"per_instance_configs,omitempty"` } diff --git a/apis/compute/v1beta2/zz_regionurlmap_types.go b/apis/compute/v1beta2/zz_regionurlmap_types.go index c9bcfb53b..c9f9d9002 100755 --- a/apis/compute/v1beta2/zz_regionurlmap_types.go +++ b/apis/compute/v1beta2/zz_regionurlmap_types.go @@ -1060,6 +1060,16 @@ type MatchRulesInitParameters struct { // Structure is documented below. MetadataFilters []MatchRulesMetadataFiltersInitParameters `json:"metadataFilters,omitempty" tf:"metadata_filters,omitempty"` + // For satisfying the matchRule condition, the path of the request + // must match the wildcard pattern specified in pathTemplateMatch + // after removing any query parameters and anchor that may be part + // of the original URL. + // pathTemplateMatch must be between 1 and 255 characters + // (inclusive). The pattern specified by pathTemplateMatch may + // have at most 5 wildcard operators and at most 5 variable + // captures in total. + PathTemplateMatch *string `json:"pathTemplateMatch,omitempty" tf:"path_template_match,omitempty"` + // For satisfying the matchRule condition, the request's path must begin with the // specified prefixMatch. prefixMatch must begin with a /. The value must be // between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or @@ -1151,6 +1161,16 @@ type MatchRulesObservation struct { // Structure is documented below. MetadataFilters []MatchRulesMetadataFiltersObservation `json:"metadataFilters,omitempty" tf:"metadata_filters,omitempty"` + // For satisfying the matchRule condition, the path of the request + // must match the wildcard pattern specified in pathTemplateMatch + // after removing any query parameters and anchor that may be part + // of the original URL. + // pathTemplateMatch must be between 1 and 255 characters + // (inclusive). The pattern specified by pathTemplateMatch may + // have at most 5 wildcard operators and at most 5 variable + // captures in total. + PathTemplateMatch *string `json:"pathTemplateMatch,omitempty" tf:"path_template_match,omitempty"` + // For satisfying the matchRule condition, the request's path must begin with the // specified prefixMatch. prefixMatch must begin with a /. The value must be // between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or @@ -1205,6 +1225,17 @@ type MatchRulesParameters struct { // +kubebuilder:validation:Optional MetadataFilters []MatchRulesMetadataFiltersParameters `json:"metadataFilters,omitempty" tf:"metadata_filters,omitempty"` + // For satisfying the matchRule condition, the path of the request + // must match the wildcard pattern specified in pathTemplateMatch + // after removing any query parameters and anchor that may be part + // of the original URL. + // pathTemplateMatch must be between 1 and 255 characters + // (inclusive). The pattern specified by pathTemplateMatch may + // have at most 5 wildcard operators and at most 5 variable + // captures in total. + // +kubebuilder:validation:Optional + PathTemplateMatch *string `json:"pathTemplateMatch,omitempty" tf:"path_template_match,omitempty"` + // For satisfying the matchRule condition, the request's path must begin with the // specified prefixMatch. prefixMatch must begin with a /. The value must be // between 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or @@ -3670,6 +3701,19 @@ type RouteRulesRouteActionURLRewriteInitParameters struct { // portion of the request's path is replaced by pathPrefixRewrite. The value must // be between 1 and 1024 characters. PathPrefixRewrite *string `json:"pathPrefixRewrite,omitempty" tf:"path_prefix_rewrite,omitempty"` + + // Prior to forwarding the request to the selected origin, if the + // request matched a pathTemplateMatch, the matching portion of the + // request's path is replaced re-written using the pattern specified + // by pathTemplateRewrite. + // pathTemplateRewrite must be between 1 and 255 characters + // (inclusive), must start with a '/', and must only use variables + // captured by the route's pathTemplate matchers. + // pathTemplateRewrite may only be used when all of a route's + // MatchRules specify pathTemplate. + // Only one of pathPrefixRewrite and pathTemplateRewrite may be + // specified. + PathTemplateRewrite *string `json:"pathTemplateRewrite,omitempty" tf:"path_template_rewrite,omitempty"` } type RouteRulesRouteActionURLRewriteObservation struct { @@ -3683,6 +3727,19 @@ type RouteRulesRouteActionURLRewriteObservation struct { // portion of the request's path is replaced by pathPrefixRewrite. The value must // be between 1 and 1024 characters. PathPrefixRewrite *string `json:"pathPrefixRewrite,omitempty" tf:"path_prefix_rewrite,omitempty"` + + // Prior to forwarding the request to the selected origin, if the + // request matched a pathTemplateMatch, the matching portion of the + // request's path is replaced re-written using the pattern specified + // by pathTemplateRewrite. + // pathTemplateRewrite must be between 1 and 255 characters + // (inclusive), must start with a '/', and must only use variables + // captured by the route's pathTemplate matchers. + // pathTemplateRewrite may only be used when all of a route's + // MatchRules specify pathTemplate. + // Only one of pathPrefixRewrite and pathTemplateRewrite may be + // specified. + PathTemplateRewrite *string `json:"pathTemplateRewrite,omitempty" tf:"path_template_rewrite,omitempty"` } type RouteRulesRouteActionURLRewriteParameters struct { @@ -3698,6 +3755,20 @@ type RouteRulesRouteActionURLRewriteParameters struct { // be between 1 and 1024 characters. // +kubebuilder:validation:Optional PathPrefixRewrite *string `json:"pathPrefixRewrite,omitempty" tf:"path_prefix_rewrite,omitempty"` + + // Prior to forwarding the request to the selected origin, if the + // request matched a pathTemplateMatch, the matching portion of the + // request's path is replaced re-written using the pattern specified + // by pathTemplateRewrite. + // pathTemplateRewrite must be between 1 and 255 characters + // (inclusive), must start with a '/', and must only use variables + // captured by the route's pathTemplate matchers. + // pathTemplateRewrite may only be used when all of a route's + // MatchRules specify pathTemplate. + // Only one of pathPrefixRewrite and pathTemplateRewrite may be + // specified. + // +kubebuilder:validation:Optional + PathTemplateRewrite *string `json:"pathTemplateRewrite,omitempty" tf:"path_template_rewrite,omitempty"` } type RouteRulesRouteActionWeightedBackendServicesInitParameters struct { diff --git a/apis/compute/v1beta2/zz_routernat_types.go b/apis/compute/v1beta2/zz_routernat_types.go index cb8940ea1..13ec3bc1c 100755 --- a/apis/compute/v1beta2/zz_routernat_types.go +++ b/apis/compute/v1beta2/zz_routernat_types.go @@ -82,6 +82,12 @@ type RouterNATInitParameters struct { // For more information see the official documentation. EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` + // Specifies the endpoint Types supported by the NAT Gateway. + // Supported values include: + // ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + // ENDPOINT_TYPE_MANAGED_PROXY_LB. + EndpointTypes []*string `json:"endpointTypes,omitempty" tf:"endpoint_types,omitempty"` + // Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. IcmpIdleTimeoutSec *float64 `json:"icmpIdleTimeoutSec,omitempty" tf:"icmp_idle_timeout_sec,omitempty"` @@ -200,6 +206,12 @@ type RouterNATObservation struct { // For more information see the official documentation. EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` + // Specifies the endpoint Types supported by the NAT Gateway. + // Supported values include: + // ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + // ENDPOINT_TYPE_MANAGED_PROXY_LB. + EndpointTypes []*string `json:"endpointTypes,omitempty" tf:"endpoint_types,omitempty"` + // an identifier for the resource with format {{project}}/{{region}}/{{router}}/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` @@ -298,6 +310,13 @@ type RouterNATParameters struct { // +kubebuilder:validation:Optional EnableEndpointIndependentMapping *bool `json:"enableEndpointIndependentMapping,omitempty" tf:"enable_endpoint_independent_mapping,omitempty"` + // Specifies the endpoint Types supported by the NAT Gateway. + // Supported values include: + // ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + // ENDPOINT_TYPE_MANAGED_PROXY_LB. + // +kubebuilder:validation:Optional + EndpointTypes []*string `json:"endpointTypes,omitempty" tf:"endpoint_types,omitempty"` + // Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. // +kubebuilder:validation:Optional IcmpIdleTimeoutSec *float64 `json:"icmpIdleTimeoutSec,omitempty" tf:"icmp_idle_timeout_sec,omitempty"` diff --git a/apis/compute/v1beta2/zz_routerpeer_types.go b/apis/compute/v1beta2/zz_routerpeer_types.go index d4db12484..0b6b33e85 100755 --- a/apis/compute/v1beta2/zz_routerpeer_types.go +++ b/apis/compute/v1beta2/zz_routerpeer_types.go @@ -108,39 +108,27 @@ type BfdParameters struct { } type Md5AuthenticationKeyInitParameters struct { + + // The MD5 authentication key for this BGP peer. Maximum length is 80 characters. Can only contain printable ASCII characters KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` - // Name of this BGP peer. The name must be 1-63 characters long, - // and comply with RFC1035. Specifically, the name must be 1-63 characters - // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - // means the first character must be a lowercase letter, and all - // following characters must be a dash, lowercase letter, or digit, - // except the last character, which cannot be a dash. + // Name used to identify the key. Must be unique within a router. Must comply with RFC1035. Name *string `json:"name,omitempty" tf:"name,omitempty"` } type Md5AuthenticationKeyObservation struct { - // Name of this BGP peer. The name must be 1-63 characters long, - // and comply with RFC1035. Specifically, the name must be 1-63 characters - // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - // means the first character must be a lowercase letter, and all - // following characters must be a dash, lowercase letter, or digit, - // except the last character, which cannot be a dash. + // Name used to identify the key. Must be unique within a router. Must comply with RFC1035. Name *string `json:"name,omitempty" tf:"name,omitempty"` } type Md5AuthenticationKeyParameters struct { + // The MD5 authentication key for this BGP peer. Maximum length is 80 characters. Can only contain printable ASCII characters // +kubebuilder:validation:Optional KeySecretRef v1.SecretKeySelector `json:"keySecretRef" tf:"-"` - // Name of this BGP peer. The name must be 1-63 characters long, - // and comply with RFC1035. Specifically, the name must be 1-63 characters - // long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - // means the first character must be a lowercase letter, and all - // following characters must be a dash, lowercase letter, or digit, - // except the last character, which cannot be a dash. + // Name used to identify the key. Must be unique within a router. Must comply with RFC1035. // +kubebuilder:validation:Optional Name *string `json:"name" tf:"name,omitempty"` } @@ -238,6 +226,8 @@ type RouterPeerInitParameters struct { // +kubebuilder:validation:Optional InterfaceSelector *v1.Selector `json:"interfaceSelector,omitempty" tf:"-"` + // Configuration for MD5 authentication on the BGP session. + // Structure is documented below. Md5AuthenticationKey *Md5AuthenticationKeyInitParameters `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` // Peer BGP Autonomous System Number (ASN). @@ -356,6 +346,8 @@ type RouterPeerObservation struct { // The resource that configures and manages this BGP peer. ManagementType *string `json:"managementType,omitempty" tf:"management_type,omitempty"` + // Configuration for MD5 authentication on the BGP session. + // Structure is documented below. Md5AuthenticationKey *Md5AuthenticationKeyObservation `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` // Peer BGP Autonomous System Number (ASN). @@ -461,6 +453,8 @@ type RouterPeerParameters struct { // +kubebuilder:validation:Optional InterfaceSelector *v1.Selector `json:"interfaceSelector,omitempty" tf:"-"` + // Configuration for MD5 authentication on the BGP session. + // Structure is documented below. // +kubebuilder:validation:Optional Md5AuthenticationKey *Md5AuthenticationKeyParameters `json:"md5AuthenticationKey,omitempty" tf:"md5_authentication_key,omitempty"` diff --git a/apis/container/v1beta2/zz_cluster_types.go b/apis/container/v1beta2/zz_cluster_types.go index 23c36b6b5..5566246cb 100755 --- a/apis/container/v1beta2/zz_cluster_types.go +++ b/apis/container/v1beta2/zz_cluster_types.go @@ -88,6 +88,11 @@ type AddonsConfigInitParameters struct { // It can only be disabled if the nodes already do not have network policies enabled. // Defaults to disabled; set disabled = false to enable. NetworkPolicyConfig *NetworkPolicyConfigInitParameters `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + + // . + // The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + // It is disabled by default for Standard clusters. Set enabled = true to enable. + StatefulHaConfig *StatefulHaConfigInitParameters `json:"statefulHaConfig,omitempty" tf:"stateful_ha_config,omitempty"` } type AddonsConfigObservation struct { @@ -143,6 +148,11 @@ type AddonsConfigObservation struct { // It can only be disabled if the nodes already do not have network policies enabled. // Defaults to disabled; set disabled = false to enable. NetworkPolicyConfig *NetworkPolicyConfigObservation `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + + // . + // The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + // It is disabled by default for Standard clusters. Set enabled = true to enable. + StatefulHaConfig *StatefulHaConfigObservation `json:"statefulHaConfig,omitempty" tf:"stateful_ha_config,omitempty"` } type AddonsConfigParameters struct { @@ -208,6 +218,12 @@ type AddonsConfigParameters struct { // Defaults to disabled; set disabled = false to enable. // +kubebuilder:validation:Optional NetworkPolicyConfig *NetworkPolicyConfigParameters `json:"networkPolicyConfig,omitempty" tf:"network_policy_config,omitempty"` + + // . + // The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + // It is disabled by default for Standard clusters. Set enabled = true to enable. + // +kubebuilder:validation:Optional + StatefulHaConfig *StatefulHaConfigParameters `json:"statefulHaConfig,omitempty" tf:"stateful_ha_config,omitempty"` } type AdvancedDatapathObservabilityConfigInitParameters struct { @@ -766,6 +782,9 @@ type ClusterInitParameters struct { // for available features. EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` + // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. + EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1056,6 +1075,9 @@ type ClusterObservation struct { // for available features. EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` + // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. + EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -1388,6 +1410,10 @@ type ClusterParameters struct { // +kubebuilder:validation:Optional EnableAutopilot *bool `json:"enableAutopilot,omitempty" tf:"enable_autopilot,omitempty"` + // Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. + // +kubebuilder:validation:Optional + EnableCiliumClusterwideNetworkPolicy *bool `json:"enableCiliumClusterwideNetworkPolicy,omitempty" tf:"enable_cilium_clusterwide_network_policy,omitempty"` + // Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. // +kubebuilder:validation:Optional EnableIntranodeVisibility *bool `json:"enableIntranodeVisibility,omitempty" tf:"enable_intranode_visibility,omitempty"` @@ -3007,19 +3033,22 @@ type NetworkPolicyParameters struct { type NetworkTagsInitParameters struct { - // List of network tags applied to auto-provisioned node pools. + // The list of instance tags applied to all nodes. Tags are used to identify + // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } type NetworkTagsObservation struct { - // List of network tags applied to auto-provisioned node pools. + // The list of instance tags applied to all nodes. Tags are used to identify + // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } type NetworkTagsParameters struct { - // List of network tags applied to auto-provisioned node pools. + // The list of instance tags applied to all nodes. Tags are used to identify + // valid sources or targets for network firewalls. // +kubebuilder:validation:Optional Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` } @@ -3340,6 +3369,9 @@ type NodeConfigInitParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions. + SecondaryBootDisks []SecondaryBootDisksInitParameters `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount @@ -3568,6 +3600,9 @@ type NodeConfigObservation struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions. + SecondaryBootDisks []SecondaryBootDisksObservation `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -3751,6 +3786,10 @@ type NodeConfigParameters struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions. + // +kubebuilder:validation:Optional + SecondaryBootDisks []SecondaryBootDisksParameters `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount @@ -3817,6 +3856,22 @@ type NodeConfigReservationAffinityObservation struct { type NodeConfigReservationAffinityParameters struct { } +type NodeConfigSecondaryBootDisksInitParameters struct { +} + +type NodeConfigSecondaryBootDisksObservation struct { + + // Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. + DiskImage *string `json:"diskImage,omitempty" tf:"disk_image,omitempty"` + + // How to expose the node metadata to the workload running on the node. + // Accepted values are: + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type NodeConfigSecondaryBootDisksParameters struct { +} + type NodeConfigShieldedInstanceConfigInitParameters struct { // Defines if the instance has integrity monitoring enabled. @@ -3891,12 +3946,20 @@ type NodePoolAutoConfigInitParameters struct { // The network tag config for the cluster's automatically provisioned node pools. NetworkTags *NetworkTagsInitParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` + + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` } type NodePoolAutoConfigObservation struct { // The network tag config for the cluster's automatically provisioned node pools. NetworkTags *NetworkTagsObservation `json:"networkTags,omitempty" tf:"network_tags,omitempty"` + + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` } type NodePoolAutoConfigParameters struct { @@ -3904,6 +3967,11 @@ type NodePoolAutoConfigParameters struct { // The network tag config for the cluster's automatically provisioned node pools. // +kubebuilder:validation:Optional NetworkTags *NetworkTagsParameters `json:"networkTags,omitempty" tf:"network_tags,omitempty"` + + // A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + // +kubebuilder:validation:Optional + // +mapType=granular + ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` } type NodePoolDefaultsInitParameters struct { @@ -4081,6 +4149,9 @@ type NodePoolNodeConfigObservation struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions. + SecondaryBootDisks []NodeConfigSecondaryBootDisksObservation `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // The service account to be used by the Node VMs. // If not specified, the "default" service account is used. ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -4096,7 +4167,8 @@ type NodePoolNodeConfigObservation struct { // for more information. Defaults to false. Spot *bool `json:"spot,omitempty" tf:"spot,omitempty"` - // List of network tags applied to auto-provisioned node pools. + // The list of instance tags applied to all nodes. Tags are used to identify + // valid sources or targets for network firewalls. Tags []*string `json:"tags,omitempty" tf:"tags,omitempty"` // A list of @@ -4169,6 +4241,8 @@ type NodePoolObservation struct { PlacementPolicy *PlacementPolicyObservation `json:"placementPolicy,omitempty" tf:"placement_policy,omitempty"` + QueuedProvisioning *QueuedProvisioningObservation `json:"queuedProvisioning,omitempty" tf:"queued_provisioning,omitempty"` + // Specifies the upgrade settings for NAP created node pools. Structure is documented below. UpgradeSettings *NodePoolUpgradeSettingsObservation `json:"upgradeSettings,omitempty" tf:"upgrade_settings,omitempty"` @@ -4404,6 +4478,18 @@ type PubsubParameters struct { Topic *string `json:"topic,omitempty" tf:"topic,omitempty"` } +type QueuedProvisioningInitParameters struct { +} + +type QueuedProvisioningObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type QueuedProvisioningParameters struct { +} + type RecurringWindowInitParameters struct { EndTime *string `json:"endTime,omitempty" tf:"end_time,omitempty"` @@ -4598,6 +4684,38 @@ type ResourceUsageExportConfigParameters struct { EnableResourceConsumptionMetering *bool `json:"enableResourceConsumptionMetering,omitempty" tf:"enable_resource_consumption_metering,omitempty"` } +type SecondaryBootDisksInitParameters struct { + + // Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. + DiskImage *string `json:"diskImage,omitempty" tf:"disk_image,omitempty"` + + // How to expose the node metadata to the workload running on the node. + // Accepted values are: + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type SecondaryBootDisksObservation struct { + + // Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. + DiskImage *string `json:"diskImage,omitempty" tf:"disk_image,omitempty"` + + // How to expose the node metadata to the workload running on the node. + // Accepted values are: + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type SecondaryBootDisksParameters struct { + + // Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. + // +kubebuilder:validation:Optional + DiskImage *string `json:"diskImage" tf:"disk_image,omitempty"` + + // How to expose the node metadata to the workload running on the node. + // Accepted values are: + // +kubebuilder:validation:Optional + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + type SecurityPostureConfigInitParameters struct { // Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC. @@ -4746,6 +4864,25 @@ type StandardRolloutPolicyParameters struct { BatchSoakDuration *string `json:"batchSoakDuration,omitempty" tf:"batch_soak_duration,omitempty"` } +type StatefulHaConfigInitParameters struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type StatefulHaConfigObservation struct { + + // Enables vertical pod autoscaling + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type StatefulHaConfigParameters struct { + + // Enables vertical pod autoscaling + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type TaintInitParameters struct { // Effect for taint. Accepted values are NO_SCHEDULE, PREFER_NO_SCHEDULE, and NO_EXECUTE. diff --git a/apis/container/v1beta2/zz_generated.deepcopy.go b/apis/container/v1beta2/zz_generated.deepcopy.go index cf433199c..e8c2974d5 100644 --- a/apis/container/v1beta2/zz_generated.deepcopy.go +++ b/apis/container/v1beta2/zz_generated.deepcopy.go @@ -144,6 +144,11 @@ func (in *AddonsConfigInitParameters) DeepCopyInto(out *AddonsConfigInitParamete *out = new(NetworkPolicyConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.StatefulHaConfig != nil { + in, out := &in.StatefulHaConfig, &out.StatefulHaConfig + *out = new(StatefulHaConfigInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonsConfigInitParameters. @@ -209,6 +214,11 @@ func (in *AddonsConfigObservation) DeepCopyInto(out *AddonsConfigObservation) { *out = new(NetworkPolicyConfigObservation) (*in).DeepCopyInto(*out) } + if in.StatefulHaConfig != nil { + in, out := &in.StatefulHaConfig, &out.StatefulHaConfig + *out = new(StatefulHaConfigObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonsConfigObservation. @@ -274,6 +284,11 @@ func (in *AddonsConfigParameters) DeepCopyInto(out *AddonsConfigParameters) { *out = new(NetworkPolicyConfigParameters) (*in).DeepCopyInto(*out) } + if in.StatefulHaConfig != nil { + in, out := &in.StatefulHaConfig, &out.StatefulHaConfig + *out = new(StatefulHaConfigParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonsConfigParameters. @@ -1480,6 +1495,11 @@ func (in *ClusterInitParameters) DeepCopyInto(out *ClusterInitParameters) { *out = new(bool) **out = **in } + if in.EnableCiliumClusterwideNetworkPolicy != nil { + in, out := &in.EnableCiliumClusterwideNetworkPolicy, &out.EnableCiliumClusterwideNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -1854,6 +1874,11 @@ func (in *ClusterObservation) DeepCopyInto(out *ClusterObservation) { *out = new(bool) **out = **in } + if in.EnableCiliumClusterwideNetworkPolicy != nil { + in, out := &in.EnableCiliumClusterwideNetworkPolicy, &out.EnableCiliumClusterwideNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -2228,6 +2253,11 @@ func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = new(bool) **out = **in } + if in.EnableCiliumClusterwideNetworkPolicy != nil { + in, out := &in.EnableCiliumClusterwideNetworkPolicy, &out.EnableCiliumClusterwideNetworkPolicy + *out = new(bool) + **out = **in + } if in.EnableIntranodeVisibility != nil { in, out := &in.EnableIntranodeVisibility, &out.EnableIntranodeVisibility *out = new(bool) @@ -7212,6 +7242,13 @@ func (in *NodeConfigInitParameters) DeepCopyInto(out *NodeConfigInitParameters) (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]SecondaryBootDisksInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -7660,6 +7697,13 @@ func (in *NodeConfigObservation) DeepCopyInto(out *NodeConfigObservation) { (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]SecondaryBootDisksObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -7910,6 +7954,13 @@ func (in *NodeConfigParameters) DeepCopyInto(out *NodeConfigParameters) { (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]SecondaryBootDisksParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -8041,6 +8092,61 @@ func (in *NodeConfigReservationAffinityParameters) DeepCopy() *NodeConfigReserva return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigSecondaryBootDisksInitParameters) DeepCopyInto(out *NodeConfigSecondaryBootDisksInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigSecondaryBootDisksInitParameters. +func (in *NodeConfigSecondaryBootDisksInitParameters) DeepCopy() *NodeConfigSecondaryBootDisksInitParameters { + if in == nil { + return nil + } + out := new(NodeConfigSecondaryBootDisksInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigSecondaryBootDisksObservation) DeepCopyInto(out *NodeConfigSecondaryBootDisksObservation) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigSecondaryBootDisksObservation. +func (in *NodeConfigSecondaryBootDisksObservation) DeepCopy() *NodeConfigSecondaryBootDisksObservation { + if in == nil { + return nil + } + out := new(NodeConfigSecondaryBootDisksObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeConfigSecondaryBootDisksParameters) DeepCopyInto(out *NodeConfigSecondaryBootDisksParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeConfigSecondaryBootDisksParameters. +func (in *NodeConfigSecondaryBootDisksParameters) DeepCopy() *NodeConfigSecondaryBootDisksParameters { + if in == nil { + return nil + } + out := new(NodeConfigSecondaryBootDisksParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeConfigShieldedInstanceConfigInitParameters) DeepCopyInto(out *NodeConfigShieldedInstanceConfigInitParameters) { *out = *in @@ -8421,6 +8527,22 @@ func (in *NodePoolAutoConfigInitParameters) DeepCopyInto(out *NodePoolAutoConfig *out = new(NetworkTagsInitParameters) (*in).DeepCopyInto(*out) } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigInitParameters. @@ -8441,6 +8563,22 @@ func (in *NodePoolAutoConfigObservation) DeepCopyInto(out *NodePoolAutoConfigObs *out = new(NetworkTagsObservation) (*in).DeepCopyInto(*out) } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigObservation. @@ -8461,6 +8599,22 @@ func (in *NodePoolAutoConfigParameters) DeepCopyInto(out *NodePoolAutoConfigPara *out = new(NetworkTagsParameters) (*in).DeepCopyInto(*out) } + if in.ResourceManagerTags != nil { + in, out := &in.ResourceManagerTags, &out.ResourceManagerTags + *out = make(map[string]*string, len(*in)) + for key, val := range *in { + var outVal *string + if val == nil { + (*out)[key] = nil + } else { + inVal := (*in)[key] + in, out := &inVal, &outVal + *out = new(string) + **out = **in + } + (*out)[key] = outVal + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolAutoConfigParameters. @@ -8727,6 +8881,11 @@ func (in *NodePoolInitParameters_2) DeepCopyInto(out *NodePoolInitParameters_2) *out = new(string) **out = **in } + if in.QueuedProvisioning != nil { + in, out := &in.QueuedProvisioning, &out.QueuedProvisioning + *out = new(NodePoolQueuedProvisioningInitParameters) + (*in).DeepCopyInto(*out) + } if in.UpgradeSettings != nil { in, out := &in.UpgradeSettings, &out.UpgradeSettings *out = new(NodePoolUpgradeSettingsInitParameters_2) @@ -9966,6 +10125,13 @@ func (in *NodePoolNodeConfigInitParameters_2) DeepCopyInto(out *NodePoolNodeConf (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]NodePoolNodeConfigSecondaryBootDisksInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -10506,6 +10672,13 @@ func (in *NodePoolNodeConfigObservation) DeepCopyInto(out *NodePoolNodeConfigObs (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]NodeConfigSecondaryBootDisksObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -10763,6 +10936,13 @@ func (in *NodePoolNodeConfigObservation_2) DeepCopyInto(out *NodePoolNodeConfigO (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]NodePoolNodeConfigSecondaryBootDisksObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -11028,6 +11208,13 @@ func (in *NodePoolNodeConfigParameters_2) DeepCopyInto(out *NodePoolNodeConfigPa (*out)[key] = outVal } } + if in.SecondaryBootDisks != nil { + in, out := &in.SecondaryBootDisks, &out.SecondaryBootDisks + *out = make([]NodePoolNodeConfigSecondaryBootDisksParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ServiceAccount != nil { in, out := &in.ServiceAccount, &out.ServiceAccount *out = new(string) @@ -11201,6 +11388,81 @@ func (in *NodePoolNodeConfigReservationAffinityParameters) DeepCopy() *NodePoolN return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigSecondaryBootDisksInitParameters) DeepCopyInto(out *NodePoolNodeConfigSecondaryBootDisksInitParameters) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigSecondaryBootDisksInitParameters. +func (in *NodePoolNodeConfigSecondaryBootDisksInitParameters) DeepCopy() *NodePoolNodeConfigSecondaryBootDisksInitParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigSecondaryBootDisksInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigSecondaryBootDisksObservation) DeepCopyInto(out *NodePoolNodeConfigSecondaryBootDisksObservation) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigSecondaryBootDisksObservation. +func (in *NodePoolNodeConfigSecondaryBootDisksObservation) DeepCopy() *NodePoolNodeConfigSecondaryBootDisksObservation { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigSecondaryBootDisksObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolNodeConfigSecondaryBootDisksParameters) DeepCopyInto(out *NodePoolNodeConfigSecondaryBootDisksParameters) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolNodeConfigSecondaryBootDisksParameters. +func (in *NodePoolNodeConfigSecondaryBootDisksParameters) DeepCopy() *NodePoolNodeConfigSecondaryBootDisksParameters { + if in == nil { + return nil + } + out := new(NodePoolNodeConfigSecondaryBootDisksParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolNodeConfigShieldedInstanceConfigInitParameters) DeepCopyInto(out *NodePoolNodeConfigShieldedInstanceConfigInitParameters) { *out = *in @@ -11633,6 +11895,11 @@ func (in *NodePoolObservation) DeepCopyInto(out *NodePoolObservation) { *out = new(PlacementPolicyObservation) (*in).DeepCopyInto(*out) } + if in.QueuedProvisioning != nil { + in, out := &in.QueuedProvisioning, &out.QueuedProvisioning + *out = new(QueuedProvisioningObservation) + (*in).DeepCopyInto(*out) + } if in.UpgradeSettings != nil { in, out := &in.UpgradeSettings, &out.UpgradeSettings *out = new(NodePoolUpgradeSettingsObservation) @@ -11756,6 +12023,11 @@ func (in *NodePoolObservation_2) DeepCopyInto(out *NodePoolObservation_2) { *out = new(string) **out = **in } + if in.QueuedProvisioning != nil { + in, out := &in.QueuedProvisioning, &out.QueuedProvisioning + *out = new(NodePoolQueuedProvisioningObservation) + (*in).DeepCopyInto(*out) + } if in.UpgradeSettings != nil { in, out := &in.UpgradeSettings, &out.UpgradeSettings *out = new(NodePoolUpgradeSettingsObservation_2) @@ -11872,6 +12144,11 @@ func (in *NodePoolParameters_2) DeepCopyInto(out *NodePoolParameters_2) { *out = new(string) **out = **in } + if in.QueuedProvisioning != nil { + in, out := &in.QueuedProvisioning, &out.QueuedProvisioning + *out = new(NodePoolQueuedProvisioningParameters) + (*in).DeepCopyInto(*out) + } if in.UpgradeSettings != nil { in, out := &in.UpgradeSettings, &out.UpgradeSettings *out = new(NodePoolUpgradeSettingsParameters_2) @@ -11984,6 +12261,66 @@ func (in *NodePoolPlacementPolicyParameters) DeepCopy() *NodePoolPlacementPolicy return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolQueuedProvisioningInitParameters) DeepCopyInto(out *NodePoolQueuedProvisioningInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolQueuedProvisioningInitParameters. +func (in *NodePoolQueuedProvisioningInitParameters) DeepCopy() *NodePoolQueuedProvisioningInitParameters { + if in == nil { + return nil + } + out := new(NodePoolQueuedProvisioningInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolQueuedProvisioningObservation) DeepCopyInto(out *NodePoolQueuedProvisioningObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolQueuedProvisioningObservation. +func (in *NodePoolQueuedProvisioningObservation) DeepCopy() *NodePoolQueuedProvisioningObservation { + if in == nil { + return nil + } + out := new(NodePoolQueuedProvisioningObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodePoolQueuedProvisioningParameters) DeepCopyInto(out *NodePoolQueuedProvisioningParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodePoolQueuedProvisioningParameters. +func (in *NodePoolQueuedProvisioningParameters) DeepCopy() *NodePoolQueuedProvisioningParameters { + if in == nil { + return nil + } + out := new(NodePoolQueuedProvisioningParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePoolSpec) DeepCopyInto(out *NodePoolSpec) { *out = *in @@ -12669,6 +13006,56 @@ func (in *PubsubParameters) DeepCopy() *PubsubParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueuedProvisioningInitParameters) DeepCopyInto(out *QueuedProvisioningInitParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueuedProvisioningInitParameters. +func (in *QueuedProvisioningInitParameters) DeepCopy() *QueuedProvisioningInitParameters { + if in == nil { + return nil + } + out := new(QueuedProvisioningInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueuedProvisioningObservation) DeepCopyInto(out *QueuedProvisioningObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueuedProvisioningObservation. +func (in *QueuedProvisioningObservation) DeepCopy() *QueuedProvisioningObservation { + if in == nil { + return nil + } + out := new(QueuedProvisioningObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QueuedProvisioningParameters) DeepCopyInto(out *QueuedProvisioningParameters) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QueuedProvisioningParameters. +func (in *QueuedProvisioningParameters) DeepCopy() *QueuedProvisioningParameters { + if in == nil { + return nil + } + out := new(QueuedProvisioningParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RecurringWindowInitParameters) DeepCopyInto(out *RecurringWindowInitParameters) { *out = *in @@ -13107,6 +13494,81 @@ func (in *ResourceUsageExportConfigParameters) DeepCopy() *ResourceUsageExportCo return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryBootDisksInitParameters) DeepCopyInto(out *SecondaryBootDisksInitParameters) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryBootDisksInitParameters. +func (in *SecondaryBootDisksInitParameters) DeepCopy() *SecondaryBootDisksInitParameters { + if in == nil { + return nil + } + out := new(SecondaryBootDisksInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryBootDisksObservation) DeepCopyInto(out *SecondaryBootDisksObservation) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryBootDisksObservation. +func (in *SecondaryBootDisksObservation) DeepCopy() *SecondaryBootDisksObservation { + if in == nil { + return nil + } + out := new(SecondaryBootDisksObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecondaryBootDisksParameters) DeepCopyInto(out *SecondaryBootDisksParameters) { + *out = *in + if in.DiskImage != nil { + in, out := &in.DiskImage, &out.DiskImage + *out = new(string) + **out = **in + } + if in.Mode != nil { + in, out := &in.Mode, &out.Mode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecondaryBootDisksParameters. +func (in *SecondaryBootDisksParameters) DeepCopy() *SecondaryBootDisksParameters { + if in == nil { + return nil + } + out := new(SecondaryBootDisksParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecurityPostureConfigInitParameters) DeepCopyInto(out *SecurityPostureConfigInitParameters) { *out = *in @@ -13539,6 +14001,66 @@ func (in *StandardRolloutPolicyParameters) DeepCopy() *StandardRolloutPolicyPara return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulHaConfigInitParameters) DeepCopyInto(out *StatefulHaConfigInitParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulHaConfigInitParameters. +func (in *StatefulHaConfigInitParameters) DeepCopy() *StatefulHaConfigInitParameters { + if in == nil { + return nil + } + out := new(StatefulHaConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulHaConfigObservation) DeepCopyInto(out *StatefulHaConfigObservation) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulHaConfigObservation. +func (in *StatefulHaConfigObservation) DeepCopy() *StatefulHaConfigObservation { + if in == nil { + return nil + } + out := new(StatefulHaConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StatefulHaConfigParameters) DeepCopyInto(out *StatefulHaConfigParameters) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StatefulHaConfigParameters. +func (in *StatefulHaConfigParameters) DeepCopy() *StatefulHaConfigParameters { + if in == nil { + return nil + } + out := new(StatefulHaConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TaintInitParameters) DeepCopyInto(out *TaintInitParameters) { *out = *in diff --git a/apis/container/v1beta2/zz_nodepool_types.go b/apis/container/v1beta2/zz_nodepool_types.go index 42f8928ab..0046a9921 100755 --- a/apis/container/v1beta2/zz_nodepool_types.go +++ b/apis/container/v1beta2/zz_nodepool_types.go @@ -233,6 +233,10 @@ type NodePoolInitParameters_2 struct { // the provider-configured project will be used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Specifies node pool-level settings of queued provisioning. + // Structure is documented below. + QueuedProvisioning *NodePoolQueuedProvisioningInitParameters `json:"queuedProvisioning,omitempty" tf:"queued_provisioning,omitempty"` + // Specify node upgrade settings to change how GKE upgrades nodes. // The maximum number of nodes upgraded simultaneously is limited to 20. Structure is documented below. UpgradeSettings *NodePoolUpgradeSettingsInitParameters_2 `json:"upgradeSettings,omitempty" tf:"upgrade_settings,omitempty"` @@ -597,6 +601,8 @@ type NodePoolNodeConfigInitParameters_2 struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + SecondaryBootDisks []NodePoolNodeConfigSecondaryBootDisksInitParameters `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` @@ -762,6 +768,8 @@ type NodePoolNodeConfigObservation_2 struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + SecondaryBootDisks []NodePoolNodeConfigSecondaryBootDisksObservation `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + ServiceAccount *string `json:"serviceAccount,omitempty" tf:"service_account,omitempty"` ShieldedInstanceConfig *NodePoolNodeConfigShieldedInstanceConfigObservation_2 `json:"shieldedInstanceConfig,omitempty" tf:"shielded_instance_config,omitempty"` @@ -871,6 +879,9 @@ type NodePoolNodeConfigParameters_2 struct { // +mapType=granular ResourceManagerTags map[string]*string `json:"resourceManagerTags,omitempty" tf:"resource_manager_tags,omitempty"` + // +kubebuilder:validation:Optional + SecondaryBootDisks []NodePoolNodeConfigSecondaryBootDisksParameters `json:"secondaryBootDisks,omitempty" tf:"secondary_boot_disks,omitempty"` + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/cloudplatform/v1beta1.ServiceAccount // +crossplane:generate:reference:extractor=github.com/crossplane/upjet/pkg/resource.ExtractParamPath("email",true) // +kubebuilder:validation:Optional @@ -934,6 +945,27 @@ type NodePoolNodeConfigReservationAffinityParameters struct { Values []*string `json:"values,omitempty" tf:"values,omitempty"` } +type NodePoolNodeConfigSecondaryBootDisksInitParameters struct { + DiskImage *string `json:"diskImage,omitempty" tf:"disk_image,omitempty"` + + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type NodePoolNodeConfigSecondaryBootDisksObservation struct { + DiskImage *string `json:"diskImage,omitempty" tf:"disk_image,omitempty"` + + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + +type NodePoolNodeConfigSecondaryBootDisksParameters struct { + + // +kubebuilder:validation:Optional + DiskImage *string `json:"diskImage" tf:"disk_image,omitempty"` + + // +kubebuilder:validation:Optional + Mode *string `json:"mode,omitempty" tf:"mode,omitempty"` +} + type NodePoolNodeConfigShieldedInstanceConfigInitParameters_2 struct { EnableIntegrityMonitoring *bool `json:"enableIntegrityMonitoring,omitempty" tf:"enable_integrity_monitoring,omitempty"` @@ -1080,6 +1112,10 @@ type NodePoolObservation_2 struct { // the provider-configured project will be used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Specifies node pool-level settings of queued provisioning. + // Structure is documented below. + QueuedProvisioning *NodePoolQueuedProvisioningObservation `json:"queuedProvisioning,omitempty" tf:"queued_provisioning,omitempty"` + // Specify node upgrade settings to change how GKE upgrades nodes. // The maximum number of nodes upgraded simultaneously is limited to 20. Structure is documented below. UpgradeSettings *NodePoolUpgradeSettingsObservation_2 `json:"upgradeSettings,omitempty" tf:"upgrade_settings,omitempty"` @@ -1170,6 +1206,11 @@ type NodePoolParameters_2 struct { // +kubebuilder:validation:Optional Project *string `json:"project,omitempty" tf:"project,omitempty"` + // Specifies node pool-level settings of queued provisioning. + // Structure is documented below. + // +kubebuilder:validation:Optional + QueuedProvisioning *NodePoolQueuedProvisioningParameters `json:"queuedProvisioning,omitempty" tf:"queued_provisioning,omitempty"` + // Specify node upgrade settings to change how GKE upgrades nodes. // The maximum number of nodes upgraded simultaneously is limited to 20. Structure is documented below. // +kubebuilder:validation:Optional @@ -1233,6 +1274,25 @@ type NodePoolPlacementPolicyParameters struct { Type *string `json:"type" tf:"type,omitempty"` } +type NodePoolQueuedProvisioningInitParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolQueuedProvisioningObservation struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` +} + +type NodePoolQueuedProvisioningParameters struct { + + // Makes nodes obtainable through the ProvisioningRequest API exclusively. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled" tf:"enabled,omitempty"` +} + type NodePoolUpgradeSettingsBlueGreenSettingsInitParameters struct { // Time needed after draining the entire blue pool. diff --git a/apis/dataflow/v1beta1/zz_job_types.go b/apis/dataflow/v1beta1/zz_job_types.go index 897133652..582add753 100755 --- a/apis/dataflow/v1beta1/zz_job_types.go +++ b/apis/dataflow/v1beta1/zz_job_types.go @@ -48,7 +48,9 @@ type JobInitParameters struct { // One of "drain" or "cancel". See above note. OnDelete *string `json:"onDelete,omitempty" tf:"on_delete,omitempty"` - // Key/Value pairs to be passed to the Dataflow job (as used in the template). + // Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + // case-sensitive based on the language on which the pipeline is coded, mostly Java. + // Note: do not configure Dataflow options here in parameters. Parameters map[string]string `json:"parameters,omitempty" tf:"parameters,omitempty"` // The project in which the resource belongs. If it is not provided, the provider project is used. @@ -122,7 +124,9 @@ type JobObservation struct { // One of "drain" or "cancel". See above note. OnDelete *string `json:"onDelete,omitempty" tf:"on_delete,omitempty"` - // Key/Value pairs to be passed to the Dataflow job (as used in the template). + // Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + // case-sensitive based on the language on which the pipeline is coded, mostly Java. + // Note: do not configure Dataflow options here in parameters. Parameters map[string]string `json:"parameters,omitempty" tf:"parameters,omitempty"` // The project in which the resource belongs. If it is not provided, the provider project is used. @@ -208,7 +212,9 @@ type JobParameters struct { // +kubebuilder:validation:Optional OnDelete *string `json:"onDelete,omitempty" tf:"on_delete,omitempty"` - // Key/Value pairs to be passed to the Dataflow job (as used in the template). + // Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + // case-sensitive based on the language on which the pipeline is coded, mostly Java. + // Note: do not configure Dataflow options here in parameters. // +kubebuilder:validation:Optional Parameters map[string]string `json:"parameters,omitempty" tf:"parameters,omitempty"` diff --git a/apis/dataproc/v1beta2/zz_generated.deepcopy.go b/apis/dataproc/v1beta2/zz_generated.deepcopy.go index 1c60884b1..0ff051a01 100644 --- a/apis/dataproc/v1beta2/zz_generated.deepcopy.go +++ b/apis/dataproc/v1beta2/zz_generated.deepcopy.go @@ -8962,6 +8962,11 @@ func (in *MetastoreServiceInitParameters) DeepCopyInto(out *MetastoreServiceInit *out = new(ScalingConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.ScheduledBackup != nil { + in, out := &in.ScheduledBackup, &out.ScheduledBackup + *out = new(ScheduledBackupInitParameters) + (*in).DeepCopyInto(*out) + } if in.TelemetryConfig != nil { in, out := &in.TelemetryConfig, &out.TelemetryConfig *out = new(TelemetryConfigInitParameters) @@ -9131,6 +9136,11 @@ func (in *MetastoreServiceObservation) DeepCopyInto(out *MetastoreServiceObserva *out = new(ScalingConfigObservation) (*in).DeepCopyInto(*out) } + if in.ScheduledBackup != nil { + in, out := &in.ScheduledBackup, &out.ScheduledBackup + *out = new(ScheduledBackupObservation) + (*in).DeepCopyInto(*out) + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -9263,6 +9273,11 @@ func (in *MetastoreServiceParameters) DeepCopyInto(out *MetastoreServiceParamete *out = new(ScalingConfigParameters) (*in).DeepCopyInto(*out) } + if in.ScheduledBackup != nil { + in, out := &in.ScheduledBackup, &out.ScheduledBackup + *out = new(ScheduledBackupParameters) + (*in).DeepCopyInto(*out) + } if in.TelemetryConfig != nil { in, out := &in.TelemetryConfig, &out.TelemetryConfig *out = new(TelemetryConfigParameters) @@ -12999,6 +13014,111 @@ func (in *ScalingConfigParameters) DeepCopy() *ScalingConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledBackupInitParameters) DeepCopyInto(out *ScheduledBackupInitParameters) { + *out = *in + if in.BackupLocation != nil { + in, out := &in.BackupLocation, &out.BackupLocation + *out = new(string) + **out = **in + } + if in.CronSchedule != nil { + in, out := &in.CronSchedule, &out.CronSchedule + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.TimeZone != nil { + in, out := &in.TimeZone, &out.TimeZone + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledBackupInitParameters. +func (in *ScheduledBackupInitParameters) DeepCopy() *ScheduledBackupInitParameters { + if in == nil { + return nil + } + out := new(ScheduledBackupInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledBackupObservation) DeepCopyInto(out *ScheduledBackupObservation) { + *out = *in + if in.BackupLocation != nil { + in, out := &in.BackupLocation, &out.BackupLocation + *out = new(string) + **out = **in + } + if in.CronSchedule != nil { + in, out := &in.CronSchedule, &out.CronSchedule + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.TimeZone != nil { + in, out := &in.TimeZone, &out.TimeZone + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledBackupObservation. +func (in *ScheduledBackupObservation) DeepCopy() *ScheduledBackupObservation { + if in == nil { + return nil + } + out := new(ScheduledBackupObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ScheduledBackupParameters) DeepCopyInto(out *ScheduledBackupParameters) { + *out = *in + if in.BackupLocation != nil { + in, out := &in.BackupLocation, &out.BackupLocation + *out = new(string) + **out = **in + } + if in.CronSchedule != nil { + in, out := &in.CronSchedule, &out.CronSchedule + *out = new(string) + **out = **in + } + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + if in.TimeZone != nil { + in, out := &in.TimeZone, &out.TimeZone + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ScheduledBackupParameters. +func (in *ScheduledBackupParameters) DeepCopy() *ScheduledBackupParameters { + if in == nil { + return nil + } + out := new(ScheduledBackupParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SchedulingInitParameters) DeepCopyInto(out *SchedulingInitParameters) { *out = *in diff --git a/apis/dataproc/v1beta2/zz_metastoreservice_types.go b/apis/dataproc/v1beta2/zz_metastoreservice_types.go index 7f6c0a720..2def9ec37 100755 --- a/apis/dataproc/v1beta2/zz_metastoreservice_types.go +++ b/apis/dataproc/v1beta2/zz_metastoreservice_types.go @@ -433,6 +433,10 @@ type MetastoreServiceInitParameters struct { // Structure is documented below. ScalingConfig *ScalingConfigInitParameters `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The configuration of scheduled backup for the metastore service. + // Structure is documented below. + ScheduledBackup *ScheduledBackupInitParameters `json:"scheduledBackup,omitempty" tf:"scheduled_backup,omitempty"` + // The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. // Structure is documented below. TelemetryConfig *TelemetryConfigInitParameters `json:"telemetryConfig,omitempty" tf:"telemetry_config,omitempty"` @@ -517,6 +521,10 @@ type MetastoreServiceObservation struct { // Structure is documented below. ScalingConfig *ScalingConfigObservation `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The configuration of scheduled backup for the metastore service. + // Structure is documented below. + ScheduledBackup *ScheduledBackupObservation `json:"scheduledBackup,omitempty" tf:"scheduled_backup,omitempty"` + // The current state of the metastore service. State *string `json:"state,omitempty" tf:"state,omitempty"` @@ -613,6 +621,11 @@ type MetastoreServiceParameters struct { // +kubebuilder:validation:Optional ScalingConfig *ScalingConfigParameters `json:"scalingConfig,omitempty" tf:"scaling_config,omitempty"` + // The configuration of scheduled backup for the metastore service. + // Structure is documented below. + // +kubebuilder:validation:Optional + ScheduledBackup *ScheduledBackupParameters `json:"scheduledBackup,omitempty" tf:"scheduled_backup,omitempty"` + // The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. // Structure is documented below. // +kubebuilder:validation:Optional @@ -678,6 +691,55 @@ type ScalingConfigParameters struct { ScalingFactor *float64 `json:"scalingFactor,omitempty" tf:"scaling_factor,omitempty"` } +type ScheduledBackupInitParameters struct { + + // A Cloud Storage URI of a folder, in the format gs:///. A sub-folder containing backup files will be stored below it. + BackupLocation *string `json:"backupLocation,omitempty" tf:"backup_location,omitempty"` + + // The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups. + CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` + + // Defines whether the scheduled backup is enabled. The default value is false. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC. + TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` +} + +type ScheduledBackupObservation struct { + + // A Cloud Storage URI of a folder, in the format gs:///. A sub-folder containing backup files will be stored below it. + BackupLocation *string `json:"backupLocation,omitempty" tf:"backup_location,omitempty"` + + // The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups. + CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` + + // Defines whether the scheduled backup is enabled. The default value is false. + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC. + TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` +} + +type ScheduledBackupParameters struct { + + // A Cloud Storage URI of a folder, in the format gs:///. A sub-folder containing backup files will be stored below it. + // +kubebuilder:validation:Optional + BackupLocation *string `json:"backupLocation" tf:"backup_location,omitempty"` + + // The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups. + // +kubebuilder:validation:Optional + CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` + + // Defines whether the scheduled backup is enabled. The default value is false. + // +kubebuilder:validation:Optional + Enabled *bool `json:"enabled,omitempty" tf:"enabled,omitempty"` + + // Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC. + // +kubebuilder:validation:Optional + TimeZone *string `json:"timeZone,omitempty" tf:"time_zone,omitempty"` +} + type TelemetryConfigInitParameters struct { // The output format of the Dataproc Metastore service's logs. diff --git a/apis/dns/v1beta2/zz_recordset_types.go b/apis/dns/v1beta2/zz_recordset_types.go index 3a58e9917..1c80dee33 100755 --- a/apis/dns/v1beta2/zz_recordset_types.go +++ b/apis/dns/v1beta2/zz_recordset_types.go @@ -16,21 +16,21 @@ import ( type BackupGeoHealthCheckedTargetsInitParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type BackupGeoHealthCheckedTargetsObservation struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type BackupGeoHealthCheckedTargetsParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional InternalLoadBalancers []HealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` } @@ -38,7 +38,7 @@ type BackupGeoHealthCheckedTargetsParameters struct { type BackupGeoInitParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *BackupGeoHealthCheckedTargetsInitParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // The location name defined in Google Cloud. @@ -51,7 +51,7 @@ type BackupGeoInitParameters struct { type BackupGeoObservation struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *BackupGeoHealthCheckedTargetsObservation `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // The location name defined in Google Cloud. @@ -64,7 +64,7 @@ type BackupGeoObservation struct { type BackupGeoParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional HealthCheckedTargets *BackupGeoHealthCheckedTargetsParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` @@ -80,7 +80,7 @@ type BackupGeoParameters struct { type GeoInitParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *HealthCheckedTargetsInitParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // The location name defined in Google Cloud. @@ -93,7 +93,7 @@ type GeoInitParameters struct { type GeoObservation struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *HealthCheckedTargetsObservation `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // The location name defined in Google Cloud. @@ -106,7 +106,7 @@ type GeoObservation struct { type GeoParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional HealthCheckedTargets *HealthCheckedTargetsParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` @@ -122,7 +122,7 @@ type GeoParameters struct { type HealthCheckedTargetsInitParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []InternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } @@ -211,14 +211,14 @@ type HealthCheckedTargetsInternalLoadBalancersParameters struct { type HealthCheckedTargetsObservation struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []InternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type HealthCheckedTargetsParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional InternalLoadBalancers []InternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` } @@ -315,7 +315,7 @@ type PrimaryBackupInitParameters struct { EnableGeoFencingForBackups *bool `json:"enableGeoFencingForBackups,omitempty" tf:"enable_geo_fencing_for_backups,omitempty"` // The list of global primary targets to be health checked. - // Structure is document below. + // Structure is documented below. Primary *PrimaryInitParameters `json:"primary,omitempty" tf:"primary,omitempty"` // Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy. @@ -332,7 +332,7 @@ type PrimaryBackupObservation struct { EnableGeoFencingForBackups *bool `json:"enableGeoFencingForBackups,omitempty" tf:"enable_geo_fencing_for_backups,omitempty"` // The list of global primary targets to be health checked. - // Structure is document below. + // Structure is documented below. Primary *PrimaryObservation `json:"primary,omitempty" tf:"primary,omitempty"` // Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy. @@ -351,7 +351,7 @@ type PrimaryBackupParameters struct { EnableGeoFencingForBackups *bool `json:"enableGeoFencingForBackups,omitempty" tf:"enable_geo_fencing_for_backups,omitempty"` // The list of global primary targets to be health checked. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional Primary *PrimaryParameters `json:"primary" tf:"primary,omitempty"` @@ -363,7 +363,7 @@ type PrimaryBackupParameters struct { type PrimaryInitParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []PrimaryInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } @@ -532,14 +532,14 @@ type PrimaryInternalLoadBalancersParameters struct { type PrimaryObservation struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []PrimaryInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type PrimaryParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional InternalLoadBalancers []PrimaryInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` } @@ -665,15 +665,15 @@ type RoutingPolicyInitParameters struct { EnableGeoFencing *bool `json:"enableGeoFencing,omitempty" tf:"enable_geo_fencing,omitempty"` // The configuration for Geolocation based routing policy. - // Structure is document below. + // Structure is documented below. Geo []GeoInitParameters `json:"geo,omitempty" tf:"geo,omitempty"` - // The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - // Structure is document below. + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + // Structure is documented below. PrimaryBackup *PrimaryBackupInitParameters `json:"primaryBackup,omitempty" tf:"primary_backup,omitempty"` // The configuration for Weighted Round Robin based routing policy. - // Structure is document below. + // Structure is documented below. Wrr []WrrInitParameters `json:"wrr,omitempty" tf:"wrr,omitempty"` } @@ -683,15 +683,15 @@ type RoutingPolicyObservation struct { EnableGeoFencing *bool `json:"enableGeoFencing,omitempty" tf:"enable_geo_fencing,omitempty"` // The configuration for Geolocation based routing policy. - // Structure is document below. + // Structure is documented below. Geo []GeoObservation `json:"geo,omitempty" tf:"geo,omitempty"` - // The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - // Structure is document below. + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + // Structure is documented below. PrimaryBackup *PrimaryBackupObservation `json:"primaryBackup,omitempty" tf:"primary_backup,omitempty"` // The configuration for Weighted Round Robin based routing policy. - // Structure is document below. + // Structure is documented below. Wrr []WrrObservation `json:"wrr,omitempty" tf:"wrr,omitempty"` } @@ -702,17 +702,17 @@ type RoutingPolicyParameters struct { EnableGeoFencing *bool `json:"enableGeoFencing,omitempty" tf:"enable_geo_fencing,omitempty"` // The configuration for Geolocation based routing policy. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional Geo []GeoParameters `json:"geo,omitempty" tf:"geo,omitempty"` - // The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - // Structure is document below. + // The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + // Structure is documented below. // +kubebuilder:validation:Optional PrimaryBackup *PrimaryBackupParameters `json:"primaryBackup,omitempty" tf:"primary_backup,omitempty"` // The configuration for Weighted Round Robin based routing policy. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional Wrr []WrrParameters `json:"wrr,omitempty" tf:"wrr,omitempty"` } @@ -720,7 +720,7 @@ type RoutingPolicyParameters struct { type WrrHealthCheckedTargetsInitParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersInitParameters `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } @@ -809,14 +809,14 @@ type WrrHealthCheckedTargetsInternalLoadBalancersParameters struct { type WrrHealthCheckedTargetsObservation struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersObservation `json:"internalLoadBalancers,omitempty" tf:"internal_load_balancers,omitempty"` } type WrrHealthCheckedTargetsParameters struct { // The list of internal load balancers to health check. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional InternalLoadBalancers []WrrHealthCheckedTargetsInternalLoadBalancersParameters `json:"internalLoadBalancers" tf:"internal_load_balancers,omitempty"` } @@ -824,7 +824,7 @@ type WrrHealthCheckedTargetsParameters struct { type WrrInitParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *WrrHealthCheckedTargetsInitParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // Same as rrdatas above. @@ -837,7 +837,7 @@ type WrrInitParameters struct { type WrrObservation struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. HealthCheckedTargets *WrrHealthCheckedTargetsObservation `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` // Same as rrdatas above. @@ -850,7 +850,7 @@ type WrrObservation struct { type WrrParameters struct { // The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - // Structure is document below. + // Structure is documented below. // +kubebuilder:validation:Optional HealthCheckedTargets *WrrHealthCheckedTargetsParameters `json:"healthCheckedTargets,omitempty" tf:"health_checked_targets,omitempty"` diff --git a/apis/gke/v1beta2/zz_backupbackupplan_types.go b/apis/gke/v1beta2/zz_backupbackupplan_types.go index 54e9e9dfa..b7275217a 100755 --- a/apis/gke/v1beta2/zz_backupbackupplan_types.go +++ b/apis/gke/v1beta2/zz_backupbackupplan_types.go @@ -282,28 +282,46 @@ type BackupScheduleInitParameters struct { // A standard cron string that defines a repeating schedule for // creating Backups via this BackupPlan. + // This is mutually exclusive with the rpoConfig field since at most one + // schedule can be defined for a BackupPlan. // If this is defined, then backupRetainDays must also be defined. CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` // This flag denotes whether automatic Backup creation is paused for this BackupPlan. Paused *bool `json:"paused,omitempty" tf:"paused,omitempty"` + + // Defines the RPO schedule configuration for this BackupPlan. This is mutually + // exclusive with the cronSchedule field since at most one schedule can be defined + // for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + // Structure is documented below. + RpoConfig *RpoConfigInitParameters `json:"rpoConfig,omitempty" tf:"rpo_config,omitempty"` } type BackupScheduleObservation struct { // A standard cron string that defines a repeating schedule for // creating Backups via this BackupPlan. + // This is mutually exclusive with the rpoConfig field since at most one + // schedule can be defined for a BackupPlan. // If this is defined, then backupRetainDays must also be defined. CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` // This flag denotes whether automatic Backup creation is paused for this BackupPlan. Paused *bool `json:"paused,omitempty" tf:"paused,omitempty"` + + // Defines the RPO schedule configuration for this BackupPlan. This is mutually + // exclusive with the cronSchedule field since at most one schedule can be defined + // for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + // Structure is documented below. + RpoConfig *RpoConfigObservation `json:"rpoConfig,omitempty" tf:"rpo_config,omitempty"` } type BackupScheduleParameters struct { // A standard cron string that defines a repeating schedule for // creating Backups via this BackupPlan. + // This is mutually exclusive with the rpoConfig field since at most one + // schedule can be defined for a BackupPlan. // If this is defined, then backupRetainDays must also be defined. // +kubebuilder:validation:Optional CronSchedule *string `json:"cronSchedule,omitempty" tf:"cron_schedule,omitempty"` @@ -311,6 +329,38 @@ type BackupScheduleParameters struct { // This flag denotes whether automatic Backup creation is paused for this BackupPlan. // +kubebuilder:validation:Optional Paused *bool `json:"paused,omitempty" tf:"paused,omitempty"` + + // Defines the RPO schedule configuration for this BackupPlan. This is mutually + // exclusive with the cronSchedule field since at most one schedule can be defined + // for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + // Structure is documented below. + // +kubebuilder:validation:Optional + RpoConfig *RpoConfigParameters `json:"rpoConfig,omitempty" tf:"rpo_config,omitempty"` +} + +type DaysOfWeekInitParameters struct { + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + DaysOfWeek []*string `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` +} + +type DaysOfWeekObservation struct { + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + DaysOfWeek []*string `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` +} + +type DaysOfWeekParameters struct { + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + // +kubebuilder:validation:Optional + DaysOfWeek []*string `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` } type EncryptionKeyInitParameters struct { @@ -352,6 +402,92 @@ type EncryptionKeyParameters struct { GCPKMSEncryptionKeySelector *v1.Selector `json:"gcpKmsEncryptionKeySelector,omitempty" tf:"-"` } +type ExclusionWindowsInitParameters struct { + + // The exclusion window occurs every day if set to "True". + // Specifying this field to "False" is an error. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Daily *bool `json:"daily,omitempty" tf:"daily,omitempty"` + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + DaysOfWeek *DaysOfWeekInitParameters `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` + + // Specifies duration of the window in seconds with up to nine fractional digits, + // terminated by 's'. Example: "3.5s". Restrictions for duration based on the + // recurrence type to allow some time for backup to happen: + Duration *string `json:"duration,omitempty" tf:"duration,omitempty"` + + // No recurrence. The exclusion window occurs only once and on this date in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + SingleOccurrenceDate *SingleOccurrenceDateInitParameters `json:"singleOccurrenceDate,omitempty" tf:"single_occurrence_date,omitempty"` + + // Specifies the start time of the window using time of the day in UTC. + // Structure is documented below. + StartTime *StartTimeInitParameters `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type ExclusionWindowsObservation struct { + + // The exclusion window occurs every day if set to "True". + // Specifying this field to "False" is an error. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Daily *bool `json:"daily,omitempty" tf:"daily,omitempty"` + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + DaysOfWeek *DaysOfWeekObservation `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` + + // Specifies duration of the window in seconds with up to nine fractional digits, + // terminated by 's'. Example: "3.5s". Restrictions for duration based on the + // recurrence type to allow some time for backup to happen: + Duration *string `json:"duration,omitempty" tf:"duration,omitempty"` + + // No recurrence. The exclusion window occurs only once and on this date in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + SingleOccurrenceDate *SingleOccurrenceDateObservation `json:"singleOccurrenceDate,omitempty" tf:"single_occurrence_date,omitempty"` + + // Specifies the start time of the window using time of the day in UTC. + // Structure is documented below. + StartTime *StartTimeObservation `json:"startTime,omitempty" tf:"start_time,omitempty"` +} + +type ExclusionWindowsParameters struct { + + // The exclusion window occurs every day if set to "True". + // Specifying this field to "False" is an error. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // +kubebuilder:validation:Optional + Daily *bool `json:"daily,omitempty" tf:"daily,omitempty"` + + // The exclusion window occurs on these days of each week in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + // +kubebuilder:validation:Optional + DaysOfWeek *DaysOfWeekParameters `json:"daysOfWeek,omitempty" tf:"days_of_week,omitempty"` + + // Specifies duration of the window in seconds with up to nine fractional digits, + // terminated by 's'. Example: "3.5s". Restrictions for duration based on the + // recurrence type to allow some time for backup to happen: + // +kubebuilder:validation:Optional + Duration *string `json:"duration" tf:"duration,omitempty"` + + // No recurrence. The exclusion window occurs only once and on this date in UTC. + // Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + // Structure is documented below. + // +kubebuilder:validation:Optional + SingleOccurrenceDate *SingleOccurrenceDateParameters `json:"singleOccurrenceDate,omitempty" tf:"single_occurrence_date,omitempty"` + + // Specifies the start time of the window using time of the day in UTC. + // Structure is documented below. + // +kubebuilder:validation:Optional + StartTime *StartTimeParameters `json:"startTime" tf:"start_time,omitempty"` +} + type NamespacedNamesInitParameters struct { // The name of a Kubernetes Resource. @@ -400,7 +536,9 @@ type RetentionPolicyInitParameters struct { // existing Backups under it. Backups created AFTER a successful update // will automatically pick up the new value. // NOTE: backupRetainDays must be >= backupDeleteLockDays. - // If cronSchedule is defined, then this must be <= 360 * the creation interval.] + // If cronSchedule is defined, then this must be <= 360 * the creation interval. + // If rpo_config is defined, then this must be + // <= 360 * targetRpoMinutes/(1440minutes/day) BackupRetainDays *float64 `json:"backupRetainDays,omitempty" tf:"backup_retain_days,omitempty"` // This flag denotes whether the retention policy of this BackupPlan is locked. @@ -428,7 +566,9 @@ type RetentionPolicyObservation struct { // existing Backups under it. Backups created AFTER a successful update // will automatically pick up the new value. // NOTE: backupRetainDays must be >= backupDeleteLockDays. - // If cronSchedule is defined, then this must be <= 360 * the creation interval.] + // If cronSchedule is defined, then this must be <= 360 * the creation interval. + // If rpo_config is defined, then this must be + // <= 360 * targetRpoMinutes/(1440minutes/day) BackupRetainDays *float64 `json:"backupRetainDays,omitempty" tf:"backup_retain_days,omitempty"` // This flag denotes whether the retention policy of this BackupPlan is locked. @@ -457,7 +597,9 @@ type RetentionPolicyParameters struct { // existing Backups under it. Backups created AFTER a successful update // will automatically pick up the new value. // NOTE: backupRetainDays must be >= backupDeleteLockDays. - // If cronSchedule is defined, then this must be <= 360 * the creation interval.] + // If cronSchedule is defined, then this must be <= 360 * the creation interval. + // If rpo_config is defined, then this must be + // <= 360 * targetRpoMinutes/(1440minutes/day) // +kubebuilder:validation:Optional BackupRetainDays *float64 `json:"backupRetainDays,omitempty" tf:"backup_retain_days,omitempty"` @@ -468,6 +610,62 @@ type RetentionPolicyParameters struct { Locked *bool `json:"locked,omitempty" tf:"locked,omitempty"` } +type RpoConfigInitParameters struct { + + // User specified time windows during which backup can NOT happen for this BackupPlan. + // Backups should start and finish outside of any given exclusion window. Note: backup + // jobs will be scheduled to start and finish outside the duration of the window as + // much as possible, but running jobs will not get canceled when it runs into the window. + // All the time and date values in exclusionWindows entry in the API are in UTC. We + // only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + // restriction on number of single occurrence windows. + // Structure is documented below. + ExclusionWindows []ExclusionWindowsInitParameters `json:"exclusionWindows,omitempty" tf:"exclusion_windows,omitempty"` + + // Defines the target RPO for the BackupPlan in minutes, which means the target + // maximum data loss in time that is acceptable for this BackupPlan. This must be + // at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + TargetRpoMinutes *float64 `json:"targetRpoMinutes,omitempty" tf:"target_rpo_minutes,omitempty"` +} + +type RpoConfigObservation struct { + + // User specified time windows during which backup can NOT happen for this BackupPlan. + // Backups should start and finish outside of any given exclusion window. Note: backup + // jobs will be scheduled to start and finish outside the duration of the window as + // much as possible, but running jobs will not get canceled when it runs into the window. + // All the time and date values in exclusionWindows entry in the API are in UTC. We + // only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + // restriction on number of single occurrence windows. + // Structure is documented below. + ExclusionWindows []ExclusionWindowsObservation `json:"exclusionWindows,omitempty" tf:"exclusion_windows,omitempty"` + + // Defines the target RPO for the BackupPlan in minutes, which means the target + // maximum data loss in time that is acceptable for this BackupPlan. This must be + // at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + TargetRpoMinutes *float64 `json:"targetRpoMinutes,omitempty" tf:"target_rpo_minutes,omitempty"` +} + +type RpoConfigParameters struct { + + // User specified time windows during which backup can NOT happen for this BackupPlan. + // Backups should start and finish outside of any given exclusion window. Note: backup + // jobs will be scheduled to start and finish outside the duration of the window as + // much as possible, but running jobs will not get canceled when it runs into the window. + // All the time and date values in exclusionWindows entry in the API are in UTC. We + // only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + // restriction on number of single occurrence windows. + // Structure is documented below. + // +kubebuilder:validation:Optional + ExclusionWindows []ExclusionWindowsParameters `json:"exclusionWindows,omitempty" tf:"exclusion_windows,omitempty"` + + // Defines the target RPO for the BackupPlan in minutes, which means the target + // maximum data loss in time that is acceptable for this BackupPlan. This must be + // at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + // +kubebuilder:validation:Optional + TargetRpoMinutes *float64 `json:"targetRpoMinutes" tf:"target_rpo_minutes,omitempty"` +} + type SelectedApplicationsInitParameters struct { // A list of namespaced Kubernetes resources. @@ -509,6 +707,94 @@ type SelectedNamespacesParameters struct { Namespaces []*string `json:"namespaces" tf:"namespaces,omitempty"` } +type SingleOccurrenceDateInitParameters struct { + + // Day of a month. + Day *float64 `json:"day,omitempty" tf:"day,omitempty"` + + // Month of a year. + Month *float64 `json:"month,omitempty" tf:"month,omitempty"` + + // Year of the date. + Year *float64 `json:"year,omitempty" tf:"year,omitempty"` +} + +type SingleOccurrenceDateObservation struct { + + // Day of a month. + Day *float64 `json:"day,omitempty" tf:"day,omitempty"` + + // Month of a year. + Month *float64 `json:"month,omitempty" tf:"month,omitempty"` + + // Year of the date. + Year *float64 `json:"year,omitempty" tf:"year,omitempty"` +} + +type SingleOccurrenceDateParameters struct { + + // Day of a month. + // +kubebuilder:validation:Optional + Day *float64 `json:"day,omitempty" tf:"day,omitempty"` + + // Month of a year. + // +kubebuilder:validation:Optional + Month *float64 `json:"month,omitempty" tf:"month,omitempty"` + + // Year of the date. + // +kubebuilder:validation:Optional + Year *float64 `json:"year,omitempty" tf:"year,omitempty"` +} + +type StartTimeInitParameters struct { + + // Hours of day in 24 hour format. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StartTimeObservation struct { + + // Hours of day in 24 hour format. + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + +type StartTimeParameters struct { + + // Hours of day in 24 hour format. + // +kubebuilder:validation:Optional + Hours *float64 `json:"hours,omitempty" tf:"hours,omitempty"` + + // Minutes of hour of day. + // +kubebuilder:validation:Optional + Minutes *float64 `json:"minutes,omitempty" tf:"minutes,omitempty"` + + // Fractions of seconds in nanoseconds. + // +kubebuilder:validation:Optional + Nanos *float64 `json:"nanos,omitempty" tf:"nanos,omitempty"` + + // Seconds of minutes of the time. + // +kubebuilder:validation:Optional + Seconds *float64 `json:"seconds,omitempty" tf:"seconds,omitempty"` +} + // BackupBackupPlanSpec defines the desired state of BackupBackupPlan type BackupBackupPlanSpec struct { v1.ResourceSpec `json:",inline"` diff --git a/apis/gke/v1beta2/zz_generated.deepcopy.go b/apis/gke/v1beta2/zz_generated.deepcopy.go index 28d2bc560..9b95d865f 100644 --- a/apis/gke/v1beta2/zz_generated.deepcopy.go +++ b/apis/gke/v1beta2/zz_generated.deepcopy.go @@ -545,6 +545,11 @@ func (in *BackupScheduleInitParameters) DeepCopyInto(out *BackupScheduleInitPara *out = new(bool) **out = **in } + if in.RpoConfig != nil { + in, out := &in.RpoConfig, &out.RpoConfig + *out = new(RpoConfigInitParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupScheduleInitParameters. @@ -570,6 +575,11 @@ func (in *BackupScheduleObservation) DeepCopyInto(out *BackupScheduleObservation *out = new(bool) **out = **in } + if in.RpoConfig != nil { + in, out := &in.RpoConfig, &out.RpoConfig + *out = new(RpoConfigObservation) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupScheduleObservation. @@ -595,6 +605,11 @@ func (in *BackupScheduleParameters) DeepCopyInto(out *BackupScheduleParameters) *out = new(bool) **out = **in } + if in.RpoConfig != nil { + in, out := &in.RpoConfig, &out.RpoConfig + *out = new(RpoConfigParameters) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackupScheduleParameters. @@ -607,6 +622,84 @@ func (in *BackupScheduleParameters) DeepCopy() *BackupScheduleParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DaysOfWeekInitParameters) DeepCopyInto(out *DaysOfWeekInitParameters) { + *out = *in + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaysOfWeekInitParameters. +func (in *DaysOfWeekInitParameters) DeepCopy() *DaysOfWeekInitParameters { + if in == nil { + return nil + } + out := new(DaysOfWeekInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DaysOfWeekObservation) DeepCopyInto(out *DaysOfWeekObservation) { + *out = *in + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaysOfWeekObservation. +func (in *DaysOfWeekObservation) DeepCopy() *DaysOfWeekObservation { + if in == nil { + return nil + } + out := new(DaysOfWeekObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DaysOfWeekParameters) DeepCopyInto(out *DaysOfWeekParameters) { + *out = *in + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DaysOfWeekParameters. +func (in *DaysOfWeekParameters) DeepCopy() *DaysOfWeekParameters { + if in == nil { + return nil + } + out := new(DaysOfWeekParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *EncryptionKeyInitParameters) DeepCopyInto(out *EncryptionKeyInitParameters) { *out = *in @@ -687,6 +780,126 @@ func (in *EncryptionKeyParameters) DeepCopy() *EncryptionKeyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionWindowsInitParameters) DeepCopyInto(out *ExclusionWindowsInitParameters) { + *out = *in + if in.Daily != nil { + in, out := &in.Daily, &out.Daily + *out = new(bool) + **out = **in + } + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = new(DaysOfWeekInitParameters) + (*in).DeepCopyInto(*out) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(string) + **out = **in + } + if in.SingleOccurrenceDate != nil { + in, out := &in.SingleOccurrenceDate, &out.SingleOccurrenceDate + *out = new(SingleOccurrenceDateInitParameters) + (*in).DeepCopyInto(*out) + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionWindowsInitParameters. +func (in *ExclusionWindowsInitParameters) DeepCopy() *ExclusionWindowsInitParameters { + if in == nil { + return nil + } + out := new(ExclusionWindowsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionWindowsObservation) DeepCopyInto(out *ExclusionWindowsObservation) { + *out = *in + if in.Daily != nil { + in, out := &in.Daily, &out.Daily + *out = new(bool) + **out = **in + } + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = new(DaysOfWeekObservation) + (*in).DeepCopyInto(*out) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(string) + **out = **in + } + if in.SingleOccurrenceDate != nil { + in, out := &in.SingleOccurrenceDate, &out.SingleOccurrenceDate + *out = new(SingleOccurrenceDateObservation) + (*in).DeepCopyInto(*out) + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionWindowsObservation. +func (in *ExclusionWindowsObservation) DeepCopy() *ExclusionWindowsObservation { + if in == nil { + return nil + } + out := new(ExclusionWindowsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExclusionWindowsParameters) DeepCopyInto(out *ExclusionWindowsParameters) { + *out = *in + if in.Daily != nil { + in, out := &in.Daily, &out.Daily + *out = new(bool) + **out = **in + } + if in.DaysOfWeek != nil { + in, out := &in.DaysOfWeek, &out.DaysOfWeek + *out = new(DaysOfWeekParameters) + (*in).DeepCopyInto(*out) + } + if in.Duration != nil { + in, out := &in.Duration, &out.Duration + *out = new(string) + **out = **in + } + if in.SingleOccurrenceDate != nil { + in, out := &in.SingleOccurrenceDate, &out.SingleOccurrenceDate + *out = new(SingleOccurrenceDateParameters) + (*in).DeepCopyInto(*out) + } + if in.StartTime != nil { + in, out := &in.StartTime, &out.StartTime + *out = new(StartTimeParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExclusionWindowsParameters. +func (in *ExclusionWindowsParameters) DeepCopy() *ExclusionWindowsParameters { + if in == nil { + return nil + } + out := new(ExclusionWindowsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NamespacedNamesInitParameters) DeepCopyInto(out *NamespacedNamesInitParameters) { *out = *in @@ -852,6 +1065,87 @@ func (in *RetentionPolicyParameters) DeepCopy() *RetentionPolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RpoConfigInitParameters) DeepCopyInto(out *RpoConfigInitParameters) { + *out = *in + if in.ExclusionWindows != nil { + in, out := &in.ExclusionWindows, &out.ExclusionWindows + *out = make([]ExclusionWindowsInitParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRpoMinutes != nil { + in, out := &in.TargetRpoMinutes, &out.TargetRpoMinutes + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RpoConfigInitParameters. +func (in *RpoConfigInitParameters) DeepCopy() *RpoConfigInitParameters { + if in == nil { + return nil + } + out := new(RpoConfigInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RpoConfigObservation) DeepCopyInto(out *RpoConfigObservation) { + *out = *in + if in.ExclusionWindows != nil { + in, out := &in.ExclusionWindows, &out.ExclusionWindows + *out = make([]ExclusionWindowsObservation, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRpoMinutes != nil { + in, out := &in.TargetRpoMinutes, &out.TargetRpoMinutes + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RpoConfigObservation. +func (in *RpoConfigObservation) DeepCopy() *RpoConfigObservation { + if in == nil { + return nil + } + out := new(RpoConfigObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RpoConfigParameters) DeepCopyInto(out *RpoConfigParameters) { + *out = *in + if in.ExclusionWindows != nil { + in, out := &in.ExclusionWindows, &out.ExclusionWindows + *out = make([]ExclusionWindowsParameters, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.TargetRpoMinutes != nil { + in, out := &in.TargetRpoMinutes, &out.TargetRpoMinutes + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RpoConfigParameters. +func (in *RpoConfigParameters) DeepCopy() *RpoConfigParameters { + if in == nil { + return nil + } + out := new(RpoConfigParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SelectedApplicationsInitParameters) DeepCopyInto(out *SelectedApplicationsInitParameters) { *out = *in @@ -995,3 +1289,198 @@ func (in *SelectedNamespacesParameters) DeepCopy() *SelectedNamespacesParameters in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SingleOccurrenceDateInitParameters) DeepCopyInto(out *SingleOccurrenceDateInitParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(float64) + **out = **in + } + if in.Month != nil { + in, out := &in.Month, &out.Month + *out = new(float64) + **out = **in + } + if in.Year != nil { + in, out := &in.Year, &out.Year + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleOccurrenceDateInitParameters. +func (in *SingleOccurrenceDateInitParameters) DeepCopy() *SingleOccurrenceDateInitParameters { + if in == nil { + return nil + } + out := new(SingleOccurrenceDateInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SingleOccurrenceDateObservation) DeepCopyInto(out *SingleOccurrenceDateObservation) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(float64) + **out = **in + } + if in.Month != nil { + in, out := &in.Month, &out.Month + *out = new(float64) + **out = **in + } + if in.Year != nil { + in, out := &in.Year, &out.Year + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleOccurrenceDateObservation. +func (in *SingleOccurrenceDateObservation) DeepCopy() *SingleOccurrenceDateObservation { + if in == nil { + return nil + } + out := new(SingleOccurrenceDateObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SingleOccurrenceDateParameters) DeepCopyInto(out *SingleOccurrenceDateParameters) { + *out = *in + if in.Day != nil { + in, out := &in.Day, &out.Day + *out = new(float64) + **out = **in + } + if in.Month != nil { + in, out := &in.Month, &out.Month + *out = new(float64) + **out = **in + } + if in.Year != nil { + in, out := &in.Year, &out.Year + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleOccurrenceDateParameters. +func (in *SingleOccurrenceDateParameters) DeepCopy() *SingleOccurrenceDateParameters { + if in == nil { + return nil + } + out := new(SingleOccurrenceDateParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeInitParameters) DeepCopyInto(out *StartTimeInitParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeInitParameters. +func (in *StartTimeInitParameters) DeepCopy() *StartTimeInitParameters { + if in == nil { + return nil + } + out := new(StartTimeInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeObservation) DeepCopyInto(out *StartTimeObservation) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeObservation. +func (in *StartTimeObservation) DeepCopy() *StartTimeObservation { + if in == nil { + return nil + } + out := new(StartTimeObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *StartTimeParameters) DeepCopyInto(out *StartTimeParameters) { + *out = *in + if in.Hours != nil { + in, out := &in.Hours, &out.Hours + *out = new(float64) + **out = **in + } + if in.Minutes != nil { + in, out := &in.Minutes, &out.Minutes + *out = new(float64) + **out = **in + } + if in.Nanos != nil { + in, out := &in.Nanos, &out.Nanos + *out = new(float64) + **out = **in + } + if in.Seconds != nil { + in, out := &in.Seconds, &out.Seconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StartTimeParameters. +func (in *StartTimeParameters) DeepCopy() *StartTimeParameters { + if in == nil { + return nil + } + out := new(StartTimeParameters) + in.DeepCopyInto(out) + return out +} diff --git a/apis/kms/v1beta2/zz_cryptokey_types.go b/apis/kms/v1beta2/zz_cryptokey_types.go index e2a4b6d5d..42acecf2a 100755 --- a/apis/kms/v1beta2/zz_cryptokey_types.go +++ b/apis/kms/v1beta2/zz_cryptokey_types.go @@ -15,6 +15,10 @@ import ( type CryptoKeyInitParameters struct { + // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + // The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + CryptoKeyBackend *string `json:"cryptoKeyBackend,omitempty" tf:"crypto_key_backend,omitempty"` + // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 24 hours. DestroyScheduledDuration *string `json:"destroyScheduledDuration,omitempty" tf:"destroy_scheduled_duration,omitempty"` @@ -49,6 +53,10 @@ type CryptoKeyInitParameters struct { type CryptoKeyObservation struct { + // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + // The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + CryptoKeyBackend *string `json:"cryptoKeyBackend,omitempty" tf:"crypto_key_backend,omitempty"` + // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 24 hours. DestroyScheduledDuration *string `json:"destroyScheduledDuration,omitempty" tf:"destroy_scheduled_duration,omitempty"` @@ -104,6 +112,11 @@ type CryptoKeyObservation struct { type CryptoKeyParameters struct { + // The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + // The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + // +kubebuilder:validation:Optional + CryptoKeyBackend *string `json:"cryptoKeyBackend,omitempty" tf:"crypto_key_backend,omitempty"` + // The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. // If not specified at creation time, the default duration is 24 hours. // +kubebuilder:validation:Optional diff --git a/apis/kms/v1beta2/zz_cryptokeyversion_types.go b/apis/kms/v1beta2/zz_cryptokeyversion_types.go index dff4be5f4..7a56307e3 100755 --- a/apis/kms/v1beta2/zz_cryptokeyversion_types.go +++ b/apis/kms/v1beta2/zz_cryptokeyversion_types.go @@ -44,18 +44,47 @@ type CertChainsInitParameters struct { type CertChainsObservation struct { // Cavium certificate chain corresponding to the attestation. - CaviumCerts *string `json:"caviumCerts,omitempty" tf:"cavium_certs,omitempty"` + CaviumCerts []*string `json:"caviumCerts,omitempty" tf:"cavium_certs,omitempty"` // Google card certificate chain corresponding to the attestation. - GoogleCardCerts *string `json:"googleCardCerts,omitempty" tf:"google_card_certs,omitempty"` + GoogleCardCerts []*string `json:"googleCardCerts,omitempty" tf:"google_card_certs,omitempty"` // Google partition certificate chain corresponding to the attestation. - GooglePartitionCerts *string `json:"googlePartitionCerts,omitempty" tf:"google_partition_certs,omitempty"` + GooglePartitionCerts []*string `json:"googlePartitionCerts,omitempty" tf:"google_partition_certs,omitempty"` } type CertChainsParameters struct { } +type CryptoKeyVersionExternalProtectionLevelOptionsInitParameters struct { + + // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. + EkmConnectionKeyPath *string `json:"ekmConnectionKeyPath,omitempty" tf:"ekm_connection_key_path,omitempty"` + + // The URI for an external resource that this CryptoKeyVersion represents. + ExternalKeyURI *string `json:"externalKeyUri,omitempty" tf:"external_key_uri,omitempty"` +} + +type CryptoKeyVersionExternalProtectionLevelOptionsObservation struct { + + // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. + EkmConnectionKeyPath *string `json:"ekmConnectionKeyPath,omitempty" tf:"ekm_connection_key_path,omitempty"` + + // The URI for an external resource that this CryptoKeyVersion represents. + ExternalKeyURI *string `json:"externalKeyUri,omitempty" tf:"external_key_uri,omitempty"` +} + +type CryptoKeyVersionExternalProtectionLevelOptionsParameters struct { + + // The path to the external key material on the EKM when using EkmConnection e.g., "v0/my/key". Set this field instead of externalKeyUri when using an EkmConnection. + // +kubebuilder:validation:Optional + EkmConnectionKeyPath *string `json:"ekmConnectionKeyPath,omitempty" tf:"ekm_connection_key_path,omitempty"` + + // The URI for an external resource that this CryptoKeyVersion represents. + // +kubebuilder:validation:Optional + ExternalKeyURI *string `json:"externalKeyUri,omitempty" tf:"external_key_uri,omitempty"` +} + type CryptoKeyVersionInitParameters struct { // The name of the cryptoKey associated with the CryptoKeyVersions. @@ -72,6 +101,10 @@ type CryptoKeyVersionInitParameters struct { // +kubebuilder:validation:Optional CryptoKeySelector *v1.Selector `json:"cryptoKeySelector,omitempty" tf:"-"` + // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + // Structure is documented below. + ExternalProtectionLevelOptions *CryptoKeyVersionExternalProtectionLevelOptionsInitParameters `json:"externalProtectionLevelOptions,omitempty" tf:"external_protection_level_options,omitempty"` + // The current state of the CryptoKeyVersion. // Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED. State *string `json:"state,omitempty" tf:"state,omitempty"` @@ -91,6 +124,10 @@ type CryptoKeyVersionObservation struct { // Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' CryptoKey *string `json:"cryptoKey,omitempty" tf:"crypto_key,omitempty"` + // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + // Structure is documented below. + ExternalProtectionLevelOptions *CryptoKeyVersionExternalProtectionLevelOptionsObservation `json:"externalProtectionLevelOptions,omitempty" tf:"external_protection_level_options,omitempty"` + // The time this CryptoKeyVersion key material was generated GenerateTime *string `json:"generateTime,omitempty" tf:"generate_time,omitempty"` @@ -125,6 +162,11 @@ type CryptoKeyVersionParameters struct { // +kubebuilder:validation:Optional CryptoKeySelector *v1.Selector `json:"cryptoKeySelector,omitempty" tf:"-"` + // ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + // Structure is documented below. + // +kubebuilder:validation:Optional + ExternalProtectionLevelOptions *CryptoKeyVersionExternalProtectionLevelOptionsParameters `json:"externalProtectionLevelOptions,omitempty" tf:"external_protection_level_options,omitempty"` + // The current state of the CryptoKeyVersion. // Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED. // +kubebuilder:validation:Optional diff --git a/apis/kms/v1beta2/zz_generated.deepcopy.go b/apis/kms/v1beta2/zz_generated.deepcopy.go index decaf9bd0..a60f435df 100644 --- a/apis/kms/v1beta2/zz_generated.deepcopy.go +++ b/apis/kms/v1beta2/zz_generated.deepcopy.go @@ -98,18 +98,36 @@ func (in *CertChainsObservation) DeepCopyInto(out *CertChainsObservation) { *out = *in if in.CaviumCerts != nil { in, out := &in.CaviumCerts, &out.CaviumCerts - *out = new(string) - **out = **in + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } if in.GoogleCardCerts != nil { in, out := &in.GoogleCardCerts, &out.GoogleCardCerts - *out = new(string) - **out = **in + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } if in.GooglePartitionCerts != nil { in, out := &in.GooglePartitionCerts, &out.GooglePartitionCerts - *out = new(string) - **out = **in + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } } } @@ -487,6 +505,11 @@ func (in *CryptoKeyIAMMemberStatus) DeepCopy() *CryptoKeyIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoKeyInitParameters) DeepCopyInto(out *CryptoKeyInitParameters) { *out = *in + if in.CryptoKeyBackend != nil { + in, out := &in.CryptoKeyBackend, &out.CryptoKeyBackend + *out = new(string) + **out = **in + } if in.DestroyScheduledDuration != nil { in, out := &in.DestroyScheduledDuration, &out.DestroyScheduledDuration *out = new(string) @@ -580,6 +603,11 @@ func (in *CryptoKeyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoKeyObservation) DeepCopyInto(out *CryptoKeyObservation) { *out = *in + if in.CryptoKeyBackend != nil { + in, out := &in.CryptoKeyBackend, &out.CryptoKeyBackend + *out = new(string) + **out = **in + } if in.DestroyScheduledDuration != nil { in, out := &in.DestroyScheduledDuration, &out.DestroyScheduledDuration *out = new(string) @@ -690,6 +718,11 @@ func (in *CryptoKeyObservation) DeepCopy() *CryptoKeyObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoKeyParameters) DeepCopyInto(out *CryptoKeyParameters) { *out = *in + if in.CryptoKeyBackend != nil { + in, out := &in.CryptoKeyBackend, &out.CryptoKeyBackend + *out = new(string) + **out = **in + } if in.DestroyScheduledDuration != nil { in, out := &in.DestroyScheduledDuration, &out.DestroyScheduledDuration *out = new(string) @@ -825,6 +858,81 @@ func (in *CryptoKeyVersion) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsInitParameters) DeepCopyInto(out *CryptoKeyVersionExternalProtectionLevelOptionsInitParameters) { + *out = *in + if in.EkmConnectionKeyPath != nil { + in, out := &in.EkmConnectionKeyPath, &out.EkmConnectionKeyPath + *out = new(string) + **out = **in + } + if in.ExternalKeyURI != nil { + in, out := &in.ExternalKeyURI, &out.ExternalKeyURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CryptoKeyVersionExternalProtectionLevelOptionsInitParameters. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsInitParameters) DeepCopy() *CryptoKeyVersionExternalProtectionLevelOptionsInitParameters { + if in == nil { + return nil + } + out := new(CryptoKeyVersionExternalProtectionLevelOptionsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsObservation) DeepCopyInto(out *CryptoKeyVersionExternalProtectionLevelOptionsObservation) { + *out = *in + if in.EkmConnectionKeyPath != nil { + in, out := &in.EkmConnectionKeyPath, &out.EkmConnectionKeyPath + *out = new(string) + **out = **in + } + if in.ExternalKeyURI != nil { + in, out := &in.ExternalKeyURI, &out.ExternalKeyURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CryptoKeyVersionExternalProtectionLevelOptionsObservation. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsObservation) DeepCopy() *CryptoKeyVersionExternalProtectionLevelOptionsObservation { + if in == nil { + return nil + } + out := new(CryptoKeyVersionExternalProtectionLevelOptionsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsParameters) DeepCopyInto(out *CryptoKeyVersionExternalProtectionLevelOptionsParameters) { + *out = *in + if in.EkmConnectionKeyPath != nil { + in, out := &in.EkmConnectionKeyPath, &out.EkmConnectionKeyPath + *out = new(string) + **out = **in + } + if in.ExternalKeyURI != nil { + in, out := &in.ExternalKeyURI, &out.ExternalKeyURI + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CryptoKeyVersionExternalProtectionLevelOptionsParameters. +func (in *CryptoKeyVersionExternalProtectionLevelOptionsParameters) DeepCopy() *CryptoKeyVersionExternalProtectionLevelOptionsParameters { + if in == nil { + return nil + } + out := new(CryptoKeyVersionExternalProtectionLevelOptionsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CryptoKeyVersionInitParameters) DeepCopyInto(out *CryptoKeyVersionInitParameters) { *out = *in @@ -843,6 +951,11 @@ func (in *CryptoKeyVersionInitParameters) DeepCopyInto(out *CryptoKeyVersionInit *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.ExternalProtectionLevelOptions != nil { + in, out := &in.ExternalProtectionLevelOptions, &out.ExternalProtectionLevelOptions + *out = new(CryptoKeyVersionExternalProtectionLevelOptionsInitParameters) + (*in).DeepCopyInto(*out) + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) @@ -912,6 +1025,11 @@ func (in *CryptoKeyVersionObservation) DeepCopyInto(out *CryptoKeyVersionObserva *out = new(string) **out = **in } + if in.ExternalProtectionLevelOptions != nil { + in, out := &in.ExternalProtectionLevelOptions, &out.ExternalProtectionLevelOptions + *out = new(CryptoKeyVersionExternalProtectionLevelOptionsObservation) + (*in).DeepCopyInto(*out) + } if in.GenerateTime != nil { in, out := &in.GenerateTime, &out.GenerateTime *out = new(string) @@ -967,6 +1085,11 @@ func (in *CryptoKeyVersionParameters) DeepCopyInto(out *CryptoKeyVersionParamete *out = new(v1.Selector) (*in).DeepCopyInto(*out) } + if in.ExternalProtectionLevelOptions != nil { + in, out := &in.ExternalProtectionLevelOptions, &out.ExternalProtectionLevelOptions + *out = new(CryptoKeyVersionExternalProtectionLevelOptionsParameters) + (*in).DeepCopyInto(*out) + } if in.State != nil { in, out := &in.State, &out.State *out = new(string) diff --git a/apis/logging/v1beta2/zz_foldersink_types.go b/apis/logging/v1beta2/zz_foldersink_types.go index 9fe9a5650..2fc790aad 100755 --- a/apis/logging/v1beta2/zz_foldersink_types.go +++ b/apis/logging/v1beta2/zz_foldersink_types.go @@ -118,6 +118,8 @@ type FolderSinkInitParameters struct { // Whether or not to include children folders in the sink export. If true, logs // associated with child projects are also exported; otherwise only logs relating to the provided folder are included. IncludeChildren *bool `json:"includeChildren,omitempty" tf:"include_children,omitempty"` + + InterceptChildren *bool `json:"interceptChildren,omitempty" tf:"intercept_children,omitempty"` } type FolderSinkObservation struct { @@ -153,6 +155,8 @@ type FolderSinkObservation struct { // associated with child projects are also exported; otherwise only logs relating to the provided folder are included. IncludeChildren *bool `json:"includeChildren,omitempty" tf:"include_children,omitempty"` + InterceptChildren *bool `json:"interceptChildren,omitempty" tf:"intercept_children,omitempty"` + // The identity associated with this sink. This identity must be granted write access to the // configured destination. WriterIdentity *string `json:"writerIdentity,omitempty" tf:"writer_identity,omitempty"` @@ -205,6 +209,9 @@ type FolderSinkParameters struct { // associated with child projects are also exported; otherwise only logs relating to the provided folder are included. // +kubebuilder:validation:Optional IncludeChildren *bool `json:"includeChildren,omitempty" tf:"include_children,omitempty"` + + // +kubebuilder:validation:Optional + InterceptChildren *bool `json:"interceptChildren,omitempty" tf:"intercept_children,omitempty"` } // FolderSinkSpec defines the desired state of FolderSink diff --git a/apis/logging/v1beta2/zz_generated.deepcopy.go b/apis/logging/v1beta2/zz_generated.deepcopy.go index da54e8caa..f4a315587 100644 --- a/apis/logging/v1beta2/zz_generated.deepcopy.go +++ b/apis/logging/v1beta2/zz_generated.deepcopy.go @@ -838,6 +838,11 @@ func (in *FolderSinkInitParameters) DeepCopyInto(out *FolderSinkInitParameters) *out = new(bool) **out = **in } + if in.InterceptChildren != nil { + in, out := &in.InterceptChildren, &out.InterceptChildren + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FolderSinkInitParameters. @@ -932,6 +937,11 @@ func (in *FolderSinkObservation) DeepCopyInto(out *FolderSinkObservation) { *out = new(bool) **out = **in } + if in.InterceptChildren != nil { + in, out := &in.InterceptChildren, &out.InterceptChildren + *out = new(bool) + **out = **in + } if in.WriterIdentity != nil { in, out := &in.WriterIdentity, &out.WriterIdentity *out = new(string) @@ -1004,6 +1014,11 @@ func (in *FolderSinkParameters) DeepCopyInto(out *FolderSinkParameters) { *out = new(bool) **out = **in } + if in.InterceptChildren != nil { + in, out := &in.InterceptChildren, &out.InterceptChildren + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FolderSinkParameters. diff --git a/apis/monitoring/v1beta2/zz_alertpolicy_types.go b/apis/monitoring/v1beta2/zz_alertpolicy_types.go index 7d6929a6d..a5a5d3440 100755 --- a/apis/monitoring/v1beta2/zz_alertpolicy_types.go +++ b/apis/monitoring/v1beta2/zz_alertpolicy_types.go @@ -2399,18 +2399,21 @@ type NotificationChannelStrategyParameters struct { type NotificationRateLimitInitParameters struct { // Not more than one notification per period. + // A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". Period *string `json:"period,omitempty" tf:"period,omitempty"` } type NotificationRateLimitObservation struct { // Not more than one notification per period. + // A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". Period *string `json:"period,omitempty" tf:"period,omitempty"` } type NotificationRateLimitParameters struct { // Not more than one notification per period. + // A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". // +kubebuilder:validation:Optional Period *string `json:"period,omitempty" tf:"period,omitempty"` } diff --git a/apis/monitoring/v1beta2/zz_generated.deepcopy.go b/apis/monitoring/v1beta2/zz_generated.deepcopy.go index 230108c62..dab71c2b3 100644 --- a/apis/monitoring/v1beta2/zz_generated.deepcopy.go +++ b/apis/monitoring/v1beta2/zz_generated.deepcopy.go @@ -3636,6 +3636,11 @@ func (in *HTTPCheckInitParameters) DeepCopyInto(out *HTTPCheckInitParameters) { *out = new(string) **out = **in } + if in.ServiceAgentAuthentication != nil { + in, out := &in.ServiceAgentAuthentication, &out.ServiceAgentAuthentication + *out = new(ServiceAgentAuthenticationInitParameters) + (*in).DeepCopyInto(*out) + } if in.UseSSL != nil { in, out := &in.UseSSL, &out.UseSSL *out = new(bool) @@ -3729,6 +3734,11 @@ func (in *HTTPCheckObservation) DeepCopyInto(out *HTTPCheckObservation) { *out = new(string) **out = **in } + if in.ServiceAgentAuthentication != nil { + in, out := &in.ServiceAgentAuthentication, &out.ServiceAgentAuthentication + *out = new(ServiceAgentAuthenticationObservation) + (*in).DeepCopyInto(*out) + } if in.UseSSL != nil { in, out := &in.UseSSL, &out.UseSSL *out = new(bool) @@ -3822,6 +3832,11 @@ func (in *HTTPCheckParameters) DeepCopyInto(out *HTTPCheckParameters) { *out = new(string) **out = **in } + if in.ServiceAgentAuthentication != nil { + in, out := &in.ServiceAgentAuthentication, &out.ServiceAgentAuthentication + *out = new(ServiceAgentAuthenticationParameters) + (*in).DeepCopyInto(*out) + } if in.UseSSL != nil { in, out := &in.UseSSL, &out.UseSSL *out = new(bool) @@ -6390,6 +6405,66 @@ func (in *Service) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAgentAuthenticationInitParameters) DeepCopyInto(out *ServiceAgentAuthenticationInitParameters) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAgentAuthenticationInitParameters. +func (in *ServiceAgentAuthenticationInitParameters) DeepCopy() *ServiceAgentAuthenticationInitParameters { + if in == nil { + return nil + } + out := new(ServiceAgentAuthenticationInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAgentAuthenticationObservation) DeepCopyInto(out *ServiceAgentAuthenticationObservation) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAgentAuthenticationObservation. +func (in *ServiceAgentAuthenticationObservation) DeepCopy() *ServiceAgentAuthenticationObservation { + if in == nil { + return nil + } + out := new(ServiceAgentAuthenticationObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAgentAuthenticationParameters) DeepCopyInto(out *ServiceAgentAuthenticationParameters) { + *out = *in + if in.Type != nil { + in, out := &in.Type, &out.Type + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAgentAuthenticationParameters. +func (in *ServiceAgentAuthenticationParameters) DeepCopy() *ServiceAgentAuthenticationParameters { + if in == nil { + return nil + } + out := new(ServiceAgentAuthenticationParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceInitParameters) DeepCopyInto(out *ServiceInitParameters) { *out = *in diff --git a/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go b/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go index 481b9baf9..064523628 100755 --- a/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go +++ b/apis/monitoring/v1beta2/zz_uptimecheckconfig_types.go @@ -166,7 +166,7 @@ type HTTPCheckInitParameters struct { // Structure is documented below. AcceptedResponseStatusCodes []AcceptedResponseStatusCodesInitParameters `json:"acceptedResponseStatusCodes,omitempty" tf:"accepted_response_status_codes,omitempty"` - // The authentication information. Optional when creating an HTTP check; defaults to empty. + // The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. // Structure is documented below. AuthInfo *AuthInfoInitParameters `json:"authInfo,omitempty" tf:"auth_info,omitempty"` @@ -202,6 +202,10 @@ type HTTPCheckInitParameters struct { // Possible values are: METHOD_UNSPECIFIED, GET, POST. RequestMethod *string `json:"requestMethod,omitempty" tf:"request_method,omitempty"` + // The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + // Structure is documented below. + ServiceAgentAuthentication *ServiceAgentAuthenticationInitParameters `json:"serviceAgentAuthentication,omitempty" tf:"service_agent_authentication,omitempty"` + // If true, use HTTPS instead of HTTP to run the check. UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` @@ -215,7 +219,7 @@ type HTTPCheckObservation struct { // Structure is documented below. AcceptedResponseStatusCodes []AcceptedResponseStatusCodesObservation `json:"acceptedResponseStatusCodes,omitempty" tf:"accepted_response_status_codes,omitempty"` - // The authentication information. Optional when creating an HTTP check; defaults to empty. + // The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. // Structure is documented below. AuthInfo *AuthInfoObservation `json:"authInfo,omitempty" tf:"auth_info,omitempty"` @@ -251,6 +255,10 @@ type HTTPCheckObservation struct { // Possible values are: METHOD_UNSPECIFIED, GET, POST. RequestMethod *string `json:"requestMethod,omitempty" tf:"request_method,omitempty"` + // The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + // Structure is documented below. + ServiceAgentAuthentication *ServiceAgentAuthenticationObservation `json:"serviceAgentAuthentication,omitempty" tf:"service_agent_authentication,omitempty"` + // If true, use HTTPS instead of HTTP to run the check. UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` @@ -265,7 +273,7 @@ type HTTPCheckParameters struct { // +kubebuilder:validation:Optional AcceptedResponseStatusCodes []AcceptedResponseStatusCodesParameters `json:"acceptedResponseStatusCodes,omitempty" tf:"accepted_response_status_codes,omitempty"` - // The authentication information. Optional when creating an HTTP check; defaults to empty. + // The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. // Structure is documented below. // +kubebuilder:validation:Optional AuthInfo *AuthInfoParameters `json:"authInfo,omitempty" tf:"auth_info,omitempty"` @@ -311,6 +319,11 @@ type HTTPCheckParameters struct { // +kubebuilder:validation:Optional RequestMethod *string `json:"requestMethod,omitempty" tf:"request_method,omitempty"` + // The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + // Structure is documented below. + // +kubebuilder:validation:Optional + ServiceAgentAuthentication *ServiceAgentAuthenticationParameters `json:"serviceAgentAuthentication,omitempty" tf:"service_agent_authentication,omitempty"` + // If true, use HTTPS instead of HTTP to run the check. // +kubebuilder:validation:Optional UseSSL *bool `json:"useSsl,omitempty" tf:"use_ssl,omitempty"` @@ -458,6 +471,28 @@ type ResourceGroupParameters struct { ResourceType *string `json:"resourceType,omitempty" tf:"resource_type,omitempty"` } +type ServiceAgentAuthenticationInitParameters struct { + + // The type of authentication to use. + // Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ServiceAgentAuthenticationObservation struct { + + // The type of authentication to use. + // Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + +type ServiceAgentAuthenticationParameters struct { + + // The type of authentication to use. + // Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + // +kubebuilder:validation:Optional + Type *string `json:"type,omitempty" tf:"type,omitempty"` +} + type SyntheticMonitorInitParameters struct { // Target a Synthetic Monitor GCFv2 Instance diff --git a/apis/privateca/v1beta2/zz_certificate_types.go b/apis/privateca/v1beta2/zz_certificate_types.go index d4a6e950b..b10df16a8 100755 --- a/apis/privateca/v1beta2/zz_certificate_types.go +++ b/apis/privateca/v1beta2/zz_certificate_types.go @@ -30,8 +30,7 @@ type AuthorityKeyIDInitParameters struct { type AuthorityKeyIDObservation struct { - // (Output) - // Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + // The value of the KeyId in lowercase hexidecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } @@ -324,6 +323,10 @@ type ConfigInitParameters struct { // Structure is documented below. SubjectConfig *SubjectConfigInitParameters `json:"subjectConfig,omitempty" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + SubjectKeyID *ConfigSubjectKeyIDInitParameters `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. X509Config *X509ConfigInitParameters `json:"x509Config,omitempty" tf:"x509_config,omitempty"` @@ -339,6 +342,10 @@ type ConfigObservation struct { // Structure is documented below. SubjectConfig *SubjectConfigObservation `json:"subjectConfig,omitempty" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + SubjectKeyID *ConfigSubjectKeyIDObservation `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. X509Config *X509ConfigObservation `json:"x509Config,omitempty" tf:"x509_config,omitempty"` @@ -356,6 +363,11 @@ type ConfigParameters struct { // +kubebuilder:validation:Optional SubjectConfig *SubjectConfigParameters `json:"subjectConfig" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + // +kubebuilder:validation:Optional + SubjectKeyID *ConfigSubjectKeyIDParameters `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. // +kubebuilder:validation:Optional @@ -391,6 +403,25 @@ type ConfigPublicKeyParameters struct { KeySecretRef *v1.SecretKeySelector `json:"keySecretRef,omitempty" tf:"-"` } +type ConfigSubjectKeyIDInitParameters struct { + + // The value of the KeyId in lowercase hexidecimal. + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + +type ConfigSubjectKeyIDObservation struct { + + // The value of the KeyId in lowercase hexidecimal. + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + +type ConfigSubjectKeyIDParameters struct { + + // The value of the KeyId in lowercase hexidecimal. + // +kubebuilder:validation:Optional + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + type CustomSansInitParameters struct { } @@ -780,8 +811,7 @@ type SubjectKeyIDInitParameters struct { type SubjectKeyIDObservation struct { - // (Output) - // Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + // The value of the KeyId in lowercase hexidecimal. KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` } diff --git a/apis/privateca/v1beta2/zz_certificateauthority_types.go b/apis/privateca/v1beta2/zz_certificateauthority_types.go index 6e840aabc..996fdc5dc 100755 --- a/apis/privateca/v1beta2/zz_certificateauthority_types.go +++ b/apis/privateca/v1beta2/zz_certificateauthority_types.go @@ -38,6 +38,10 @@ type CertificateAuthorityConfigInitParameters struct { // Structure is documented below. SubjectConfig *ConfigSubjectConfigInitParameters `json:"subjectConfig,omitempty" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + SubjectKeyID *CertificateAuthorityConfigSubjectKeyIDInitParameters `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. X509Config *ConfigX509ConfigInitParameters `json:"x509Config,omitempty" tf:"x509_config,omitempty"` @@ -49,6 +53,10 @@ type CertificateAuthorityConfigObservation struct { // Structure is documented below. SubjectConfig *ConfigSubjectConfigObservation `json:"subjectConfig,omitempty" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + SubjectKeyID *CertificateAuthorityConfigSubjectKeyIDObservation `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. X509Config *ConfigX509ConfigObservation `json:"x509Config,omitempty" tf:"x509_config,omitempty"` @@ -61,12 +69,36 @@ type CertificateAuthorityConfigParameters struct { // +kubebuilder:validation:Optional SubjectConfig *ConfigSubjectConfigParameters `json:"subjectConfig" tf:"subject_config,omitempty"` + // When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + // Structure is documented below. + // +kubebuilder:validation:Optional + SubjectKeyID *CertificateAuthorityConfigSubjectKeyIDParameters `json:"subjectKeyId,omitempty" tf:"subject_key_id,omitempty"` + // Describes how some of the technical X.509 fields in a certificate should be populated. // Structure is documented below. // +kubebuilder:validation:Optional X509Config *ConfigX509ConfigParameters `json:"x509Config" tf:"x509_config,omitempty"` } +type CertificateAuthorityConfigSubjectKeyIDInitParameters struct { + + // The value of the KeyId in lowercase hexidecimal. + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + +type CertificateAuthorityConfigSubjectKeyIDObservation struct { + + // The value of the KeyId in lowercase hexidecimal. + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + +type CertificateAuthorityConfigSubjectKeyIDParameters struct { + + // The value of the KeyId in lowercase hexidecimal. + // +kubebuilder:validation:Optional + KeyID *string `json:"keyId,omitempty" tf:"key_id,omitempty"` +} + type CertificateAuthorityInitParameters struct { // The config used to create a self-signed X.509 certificate or CSR. diff --git a/apis/privateca/v1beta2/zz_generated.deepcopy.go b/apis/privateca/v1beta2/zz_generated.deepcopy.go index 291d1ef43..66092b7e5 100644 --- a/apis/privateca/v1beta2/zz_generated.deepcopy.go +++ b/apis/privateca/v1beta2/zz_generated.deepcopy.go @@ -1635,6 +1635,11 @@ func (in *CertificateAuthorityConfigInitParameters) DeepCopyInto(out *Certificat *out = new(ConfigSubjectConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(CertificateAuthorityConfigSubjectKeyIDInitParameters) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(ConfigX509ConfigInitParameters) @@ -1660,6 +1665,11 @@ func (in *CertificateAuthorityConfigObservation) DeepCopyInto(out *CertificateAu *out = new(ConfigSubjectConfigObservation) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(CertificateAuthorityConfigSubjectKeyIDObservation) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(ConfigX509ConfigObservation) @@ -1685,6 +1695,11 @@ func (in *CertificateAuthorityConfigParameters) DeepCopyInto(out *CertificateAut *out = new(ConfigSubjectConfigParameters) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(CertificateAuthorityConfigSubjectKeyIDParameters) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(ConfigX509ConfigParameters) @@ -1702,6 +1717,66 @@ func (in *CertificateAuthorityConfigParameters) DeepCopy() *CertificateAuthority return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateAuthorityConfigSubjectKeyIDInitParameters) DeepCopyInto(out *CertificateAuthorityConfigSubjectKeyIDInitParameters) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityConfigSubjectKeyIDInitParameters. +func (in *CertificateAuthorityConfigSubjectKeyIDInitParameters) DeepCopy() *CertificateAuthorityConfigSubjectKeyIDInitParameters { + if in == nil { + return nil + } + out := new(CertificateAuthorityConfigSubjectKeyIDInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateAuthorityConfigSubjectKeyIDObservation) DeepCopyInto(out *CertificateAuthorityConfigSubjectKeyIDObservation) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityConfigSubjectKeyIDObservation. +func (in *CertificateAuthorityConfigSubjectKeyIDObservation) DeepCopy() *CertificateAuthorityConfigSubjectKeyIDObservation { + if in == nil { + return nil + } + out := new(CertificateAuthorityConfigSubjectKeyIDObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CertificateAuthorityConfigSubjectKeyIDParameters) DeepCopyInto(out *CertificateAuthorityConfigSubjectKeyIDParameters) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CertificateAuthorityConfigSubjectKeyIDParameters. +func (in *CertificateAuthorityConfigSubjectKeyIDParameters) DeepCopy() *CertificateAuthorityConfigSubjectKeyIDParameters { + if in == nil { + return nil + } + out := new(CertificateAuthorityConfigSubjectKeyIDParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CertificateAuthorityInitParameters) DeepCopyInto(out *CertificateAuthorityInitParameters) { *out = *in @@ -3519,6 +3594,11 @@ func (in *ConfigInitParameters) DeepCopyInto(out *ConfigInitParameters) { *out = new(SubjectConfigInitParameters) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(ConfigSubjectKeyIDInitParameters) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(X509ConfigInitParameters) @@ -3549,6 +3629,11 @@ func (in *ConfigObservation) DeepCopyInto(out *ConfigObservation) { *out = new(SubjectConfigObservation) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(ConfigSubjectKeyIDObservation) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(X509ConfigObservation) @@ -3579,6 +3664,11 @@ func (in *ConfigParameters) DeepCopyInto(out *ConfigParameters) { *out = new(SubjectConfigParameters) (*in).DeepCopyInto(*out) } + if in.SubjectKeyID != nil { + in, out := &in.SubjectKeyID, &out.SubjectKeyID + *out = new(ConfigSubjectKeyIDParameters) + (*in).DeepCopyInto(*out) + } if in.X509Config != nil { in, out := &in.X509Config, &out.X509Config *out = new(X509ConfigParameters) @@ -4083,6 +4173,66 @@ func (in *ConfigSubjectConfigSubjectParameters) DeepCopy() *ConfigSubjectConfigS return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSubjectKeyIDInitParameters) DeepCopyInto(out *ConfigSubjectKeyIDInitParameters) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSubjectKeyIDInitParameters. +func (in *ConfigSubjectKeyIDInitParameters) DeepCopy() *ConfigSubjectKeyIDInitParameters { + if in == nil { + return nil + } + out := new(ConfigSubjectKeyIDInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSubjectKeyIDObservation) DeepCopyInto(out *ConfigSubjectKeyIDObservation) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSubjectKeyIDObservation. +func (in *ConfigSubjectKeyIDObservation) DeepCopy() *ConfigSubjectKeyIDObservation { + if in == nil { + return nil + } + out := new(ConfigSubjectKeyIDObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConfigSubjectKeyIDParameters) DeepCopyInto(out *ConfigSubjectKeyIDParameters) { + *out = *in + if in.KeyID != nil { + in, out := &in.KeyID, &out.KeyID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigSubjectKeyIDParameters. +func (in *ConfigSubjectKeyIDParameters) DeepCopy() *ConfigSubjectKeyIDParameters { + if in == nil { + return nil + } + out := new(ConfigSubjectKeyIDParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ConfigX509ConfigAdditionalExtensionsInitParameters) DeepCopyInto(out *ConfigX509ConfigAdditionalExtensionsInitParameters) { *out = *in diff --git a/apis/pubsub/v1beta2/zz_generated.deepcopy.go b/apis/pubsub/v1beta2/zz_generated.deepcopy.go index 78c81d1f4..46a79503b 100644 --- a/apis/pubsub/v1beta2/zz_generated.deepcopy.go +++ b/apis/pubsub/v1beta2/zz_generated.deepcopy.go @@ -73,6 +73,111 @@ func (in *AvroConfigParameters) DeepCopy() *AvroConfigParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsKinesisInitParameters) DeepCopyInto(out *AwsKinesisInitParameters) { + *out = *in + if in.AwsRoleArn != nil { + in, out := &in.AwsRoleArn, &out.AwsRoleArn + *out = new(string) + **out = **in + } + if in.ConsumerArn != nil { + in, out := &in.ConsumerArn, &out.ConsumerArn + *out = new(string) + **out = **in + } + if in.GCPServiceAccount != nil { + in, out := &in.GCPServiceAccount, &out.GCPServiceAccount + *out = new(string) + **out = **in + } + if in.StreamArn != nil { + in, out := &in.StreamArn, &out.StreamArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsKinesisInitParameters. +func (in *AwsKinesisInitParameters) DeepCopy() *AwsKinesisInitParameters { + if in == nil { + return nil + } + out := new(AwsKinesisInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsKinesisObservation) DeepCopyInto(out *AwsKinesisObservation) { + *out = *in + if in.AwsRoleArn != nil { + in, out := &in.AwsRoleArn, &out.AwsRoleArn + *out = new(string) + **out = **in + } + if in.ConsumerArn != nil { + in, out := &in.ConsumerArn, &out.ConsumerArn + *out = new(string) + **out = **in + } + if in.GCPServiceAccount != nil { + in, out := &in.GCPServiceAccount, &out.GCPServiceAccount + *out = new(string) + **out = **in + } + if in.StreamArn != nil { + in, out := &in.StreamArn, &out.StreamArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsKinesisObservation. +func (in *AwsKinesisObservation) DeepCopy() *AwsKinesisObservation { + if in == nil { + return nil + } + out := new(AwsKinesisObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AwsKinesisParameters) DeepCopyInto(out *AwsKinesisParameters) { + *out = *in + if in.AwsRoleArn != nil { + in, out := &in.AwsRoleArn, &out.AwsRoleArn + *out = new(string) + **out = **in + } + if in.ConsumerArn != nil { + in, out := &in.ConsumerArn, &out.ConsumerArn + *out = new(string) + **out = **in + } + if in.GCPServiceAccount != nil { + in, out := &in.GCPServiceAccount, &out.GCPServiceAccount + *out = new(string) + **out = **in + } + if in.StreamArn != nil { + in, out := &in.StreamArn, &out.StreamArn + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AwsKinesisParameters. +func (in *AwsKinesisParameters) DeepCopy() *AwsKinesisParameters { + if in == nil { + return nil + } + out := new(AwsKinesisParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BigqueryConfigInitParameters) DeepCopyInto(out *BigqueryConfigInitParameters) { *out = *in @@ -713,6 +818,66 @@ func (in *ExpirationPolicyParameters) DeepCopy() *ExpirationPolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngestionDataSourceSettingsInitParameters) DeepCopyInto(out *IngestionDataSourceSettingsInitParameters) { + *out = *in + if in.AwsKinesis != nil { + in, out := &in.AwsKinesis, &out.AwsKinesis + *out = new(AwsKinesisInitParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsInitParameters. +func (in *IngestionDataSourceSettingsInitParameters) DeepCopy() *IngestionDataSourceSettingsInitParameters { + if in == nil { + return nil + } + out := new(IngestionDataSourceSettingsInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngestionDataSourceSettingsObservation) DeepCopyInto(out *IngestionDataSourceSettingsObservation) { + *out = *in + if in.AwsKinesis != nil { + in, out := &in.AwsKinesis, &out.AwsKinesis + *out = new(AwsKinesisObservation) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsObservation. +func (in *IngestionDataSourceSettingsObservation) DeepCopy() *IngestionDataSourceSettingsObservation { + if in == nil { + return nil + } + out := new(IngestionDataSourceSettingsObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngestionDataSourceSettingsParameters) DeepCopyInto(out *IngestionDataSourceSettingsParameters) { + *out = *in + if in.AwsKinesis != nil { + in, out := &in.AwsKinesis, &out.AwsKinesis + *out = new(AwsKinesisParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionDataSourceSettingsParameters. +func (in *IngestionDataSourceSettingsParameters) DeepCopy() *IngestionDataSourceSettingsParameters { + if in == nil { + return nil + } + out := new(IngestionDataSourceSettingsParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LiteSubscription) DeepCopyInto(out *LiteSubscription) { *out = *in @@ -2969,6 +3134,11 @@ func (in *TopicIAMMemberStatus) DeepCopy() *TopicIAMMemberStatus { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopicInitParameters) DeepCopyInto(out *TopicInitParameters) { *out = *in + if in.IngestionDataSourceSettings != nil { + in, out := &in.IngestionDataSourceSettings, &out.IngestionDataSourceSettings + *out = new(IngestionDataSourceSettingsInitParameters) + (*in).DeepCopyInto(*out) + } if in.KMSKeyName != nil { in, out := &in.KMSKeyName, &out.KMSKeyName *out = new(string) @@ -3088,6 +3258,11 @@ func (in *TopicObservation) DeepCopyInto(out *TopicObservation) { *out = new(string) **out = **in } + if in.IngestionDataSourceSettings != nil { + in, out := &in.IngestionDataSourceSettings, &out.IngestionDataSourceSettings + *out = new(IngestionDataSourceSettingsObservation) + (*in).DeepCopyInto(*out) + } if in.KMSKeyName != nil { in, out := &in.KMSKeyName, &out.KMSKeyName *out = new(string) @@ -3160,6 +3335,11 @@ func (in *TopicObservation) DeepCopy() *TopicObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TopicParameters) DeepCopyInto(out *TopicParameters) { *out = *in + if in.IngestionDataSourceSettings != nil { + in, out := &in.IngestionDataSourceSettings, &out.IngestionDataSourceSettings + *out = new(IngestionDataSourceSettingsParameters) + (*in).DeepCopyInto(*out) + } if in.KMSKeyName != nil { in, out := &in.KMSKeyName, &out.KMSKeyName *out = new(string) diff --git a/apis/pubsub/v1beta2/zz_topic_types.go b/apis/pubsub/v1beta2/zz_topic_types.go index 6462c7fdb..b51f5f472 100755 --- a/apis/pubsub/v1beta2/zz_topic_types.go +++ b/apis/pubsub/v1beta2/zz_topic_types.go @@ -13,6 +13,98 @@ import ( v1 "github.com/crossplane/crossplane-runtime/apis/common/v1" ) +type AwsKinesisInitParameters struct { + + // AWS role ARN to be used for Federated Identity authentication with + // Kinesis. Check the Pub/Sub docs for how to set up this role and the + // required permissions that need to be attached to it. + AwsRoleArn *string `json:"awsRoleArn,omitempty" tf:"aws_role_arn,omitempty"` + + // The Kinesis consumer ARN to used for ingestion in + // Enhanced Fan-Out mode. The consumer must be already + // created and ready to be used. + ConsumerArn *string `json:"consumerArn,omitempty" tf:"consumer_arn,omitempty"` + + // The GCP service account to be used for Federated Identity authentication + // with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + // role). The awsRoleArn must be set up with accounts.google.com:sub + // equals to this service account number. + GCPServiceAccount *string `json:"gcpServiceAccount,omitempty" tf:"gcp_service_account,omitempty"` + + // The Kinesis stream ARN to ingest data from. + StreamArn *string `json:"streamArn,omitempty" tf:"stream_arn,omitempty"` +} + +type AwsKinesisObservation struct { + + // AWS role ARN to be used for Federated Identity authentication with + // Kinesis. Check the Pub/Sub docs for how to set up this role and the + // required permissions that need to be attached to it. + AwsRoleArn *string `json:"awsRoleArn,omitempty" tf:"aws_role_arn,omitempty"` + + // The Kinesis consumer ARN to used for ingestion in + // Enhanced Fan-Out mode. The consumer must be already + // created and ready to be used. + ConsumerArn *string `json:"consumerArn,omitempty" tf:"consumer_arn,omitempty"` + + // The GCP service account to be used for Federated Identity authentication + // with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + // role). The awsRoleArn must be set up with accounts.google.com:sub + // equals to this service account number. + GCPServiceAccount *string `json:"gcpServiceAccount,omitempty" tf:"gcp_service_account,omitempty"` + + // The Kinesis stream ARN to ingest data from. + StreamArn *string `json:"streamArn,omitempty" tf:"stream_arn,omitempty"` +} + +type AwsKinesisParameters struct { + + // AWS role ARN to be used for Federated Identity authentication with + // Kinesis. Check the Pub/Sub docs for how to set up this role and the + // required permissions that need to be attached to it. + // +kubebuilder:validation:Optional + AwsRoleArn *string `json:"awsRoleArn" tf:"aws_role_arn,omitempty"` + + // The Kinesis consumer ARN to used for ingestion in + // Enhanced Fan-Out mode. The consumer must be already + // created and ready to be used. + // +kubebuilder:validation:Optional + ConsumerArn *string `json:"consumerArn" tf:"consumer_arn,omitempty"` + + // The GCP service account to be used for Federated Identity authentication + // with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + // role). The awsRoleArn must be set up with accounts.google.com:sub + // equals to this service account number. + // +kubebuilder:validation:Optional + GCPServiceAccount *string `json:"gcpServiceAccount" tf:"gcp_service_account,omitempty"` + + // The Kinesis stream ARN to ingest data from. + // +kubebuilder:validation:Optional + StreamArn *string `json:"streamArn" tf:"stream_arn,omitempty"` +} + +type IngestionDataSourceSettingsInitParameters struct { + + // Settings for ingestion from Amazon Kinesis Data Streams. + // Structure is documented below. + AwsKinesis *AwsKinesisInitParameters `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` +} + +type IngestionDataSourceSettingsObservation struct { + + // Settings for ingestion from Amazon Kinesis Data Streams. + // Structure is documented below. + AwsKinesis *AwsKinesisObservation `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` +} + +type IngestionDataSourceSettingsParameters struct { + + // Settings for ingestion from Amazon Kinesis Data Streams. + // Structure is documented below. + // +kubebuilder:validation:Optional + AwsKinesis *AwsKinesisParameters `json:"awsKinesis,omitempty" tf:"aws_kinesis,omitempty"` +} + type MessageStoragePolicyInitParameters struct { // A list of IDs of GCP regions where messages that are published to @@ -93,6 +185,10 @@ type SchemaSettingsParameters struct { type TopicInitParameters struct { + // Settings for ingestion from a data source into this topic. + // Structure is documented below. + IngestionDataSourceSettings *IngestionDataSourceSettingsInitParameters `json:"ingestionDataSourceSettings,omitempty" tf:"ingestion_data_source_settings,omitempty"` + // The resource name of the Cloud KMS CryptoKey to be used to protect access // to messages published on this topic. Your project's PubSub service account // (service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com) must have @@ -148,6 +244,10 @@ type TopicObservation struct { // an identifier for the resource with format projects/{{project}}/topics/{{name}} ID *string `json:"id,omitempty" tf:"id,omitempty"` + // Settings for ingestion from a data source into this topic. + // Structure is documented below. + IngestionDataSourceSettings *IngestionDataSourceSettingsObservation `json:"ingestionDataSourceSettings,omitempty" tf:"ingestion_data_source_settings,omitempty"` + // The resource name of the Cloud KMS CryptoKey to be used to protect access // to messages published on this topic. Your project's PubSub service account // (service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com) must have @@ -191,6 +291,11 @@ type TopicObservation struct { type TopicParameters struct { + // Settings for ingestion from a data source into this topic. + // Structure is documented below. + // +kubebuilder:validation:Optional + IngestionDataSourceSettings *IngestionDataSourceSettingsParameters `json:"ingestionDataSourceSettings,omitempty" tf:"ingestion_data_source_settings,omitempty"` + // The resource name of the Cloud KMS CryptoKey to be used to protect access // to messages published on this topic. Your project's PubSub service account // (service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com) must have diff --git a/apis/secretmanager/v1beta2/zz_generated.deepcopy.go b/apis/secretmanager/v1beta2/zz_generated.deepcopy.go index ce9e56bb3..9d00c1798 100644 --- a/apis/secretmanager/v1beta2/zz_generated.deepcopy.go +++ b/apis/secretmanager/v1beta2/zz_generated.deepcopy.go @@ -862,6 +862,11 @@ func (in *SecretInitParameters) DeepCopyInto(out *SecretInitParameters) { (*out)[key] = outVal } } + if in.VersionDestroyTTL != nil { + in, out := &in.VersionDestroyTTL, &out.VersionDestroyTTL + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretInitParameters. @@ -1052,6 +1057,11 @@ func (in *SecretObservation) DeepCopyInto(out *SecretObservation) { (*out)[key] = outVal } } + if in.VersionDestroyTTL != nil { + in, out := &in.VersionDestroyTTL, &out.VersionDestroyTTL + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretObservation. @@ -1147,6 +1157,11 @@ func (in *SecretParameters) DeepCopyInto(out *SecretParameters) { (*out)[key] = outVal } } + if in.VersionDestroyTTL != nil { + in, out := &in.VersionDestroyTTL, &out.VersionDestroyTTL + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretParameters. diff --git a/apis/secretmanager/v1beta2/zz_secret_types.go b/apis/secretmanager/v1beta2/zz_secret_types.go index 3939a85b0..ae6d21f7e 100755 --- a/apis/secretmanager/v1beta2/zz_secret_types.go +++ b/apis/secretmanager/v1beta2/zz_secret_types.go @@ -237,6 +237,13 @@ type SecretInitParameters struct { // { "name": "wrench", "mass": "1.3kg", "count": "3" }. // +mapType=granular VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` + + // Secret Version TTL after destruction request. + // This is a part of the delayed delete feature on Secret Version. + // For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + // on calling destroy instead the version goes to a disabled state and + // the actual destruction happens after this TTL expires. + VersionDestroyTTL *string `json:"versionDestroyTtl,omitempty" tf:"version_destroy_ttl,omitempty"` } type SecretObservation struct { @@ -322,6 +329,13 @@ type SecretObservation struct { // { "name": "wrench", "mass": "1.3kg", "count": "3" }. // +mapType=granular VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` + + // Secret Version TTL after destruction request. + // This is a part of the delayed delete feature on Secret Version. + // For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + // on calling destroy instead the version goes to a disabled state and + // the actual destruction happens after this TTL expires. + VersionDestroyTTL *string `json:"versionDestroyTtl,omitempty" tf:"version_destroy_ttl,omitempty"` } type SecretParameters struct { @@ -395,6 +409,14 @@ type SecretParameters struct { // +kubebuilder:validation:Optional // +mapType=granular VersionAliases map[string]*string `json:"versionAliases,omitempty" tf:"version_aliases,omitempty"` + + // Secret Version TTL after destruction request. + // This is a part of the delayed delete feature on Secret Version. + // For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + // on calling destroy instead the version goes to a disabled state and + // the actual destruction happens after this TTL expires. + // +kubebuilder:validation:Optional + VersionDestroyTTL *string `json:"versionDestroyTtl,omitempty" tf:"version_destroy_ttl,omitempty"` } type TopicsInitParameters struct { diff --git a/apis/sql/v1beta2/zz_databaseinstance_types.go b/apis/sql/v1beta2/zz_databaseinstance_types.go index a563b65dc..d5a2d4c7d 100755 --- a/apis/sql/v1beta2/zz_databaseinstance_types.go +++ b/apis/sql/v1beta2/zz_databaseinstance_types.go @@ -1293,6 +1293,9 @@ type SettingsInitParameters struct { // The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // Enables Cloud SQL instances to connect to Vertex AI and pass requests for real-time predictions and insights. Defaults to false. + EnableGoogleMLIntegration *bool `json:"enableGoogleMlIntegration,omitempty" tf:"enable_google_ml_integration,omitempty"` + IPConfiguration *IPConfigurationInitParameters `json:"ipConfiguration,omitempty" tf:"ip_configuration,omitempty"` InsightsConfig *InsightsConfigInitParameters `json:"insightsConfig,omitempty" tf:"insights_config,omitempty"` @@ -1371,6 +1374,9 @@ type SettingsObservation struct { // The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // Enables Cloud SQL instances to connect to Vertex AI and pass requests for real-time predictions and insights. Defaults to false. + EnableGoogleMLIntegration *bool `json:"enableGoogleMlIntegration,omitempty" tf:"enable_google_ml_integration,omitempty"` + IPConfiguration *IPConfigurationObservation `json:"ipConfiguration,omitempty" tf:"ip_configuration,omitempty"` InsightsConfig *InsightsConfigObservation `json:"insightsConfig,omitempty" tf:"insights_config,omitempty"` @@ -1469,6 +1475,10 @@ type SettingsParameters struct { // +kubebuilder:validation:Optional Edition *string `json:"edition,omitempty" tf:"edition,omitempty"` + // Enables Cloud SQL instances to connect to Vertex AI and pass requests for real-time predictions and insights. Defaults to false. + // +kubebuilder:validation:Optional + EnableGoogleMLIntegration *bool `json:"enableGoogleMlIntegration,omitempty" tf:"enable_google_ml_integration,omitempty"` + // +kubebuilder:validation:Optional IPConfiguration *IPConfigurationParameters `json:"ipConfiguration,omitempty" tf:"ip_configuration,omitempty"` diff --git a/apis/sql/v1beta2/zz_generated.deepcopy.go b/apis/sql/v1beta2/zz_generated.deepcopy.go index ec1e01362..613b13e79 100644 --- a/apis/sql/v1beta2/zz_generated.deepcopy.go +++ b/apis/sql/v1beta2/zz_generated.deepcopy.go @@ -2691,6 +2691,11 @@ func (in *SettingsInitParameters) DeepCopyInto(out *SettingsInitParameters) { *out = new(string) **out = **in } + if in.EnableGoogleMLIntegration != nil { + in, out := &in.EnableGoogleMLIntegration, &out.EnableGoogleMLIntegration + *out = new(bool) + **out = **in + } if in.IPConfiguration != nil { in, out := &in.IPConfiguration, &out.IPConfiguration *out = new(IPConfigurationInitParameters) @@ -2849,6 +2854,11 @@ func (in *SettingsObservation) DeepCopyInto(out *SettingsObservation) { *out = new(string) **out = **in } + if in.EnableGoogleMLIntegration != nil { + in, out := &in.EnableGoogleMLIntegration, &out.EnableGoogleMLIntegration + *out = new(bool) + **out = **in + } if in.IPConfiguration != nil { in, out := &in.IPConfiguration, &out.IPConfiguration *out = new(IPConfigurationObservation) @@ -3012,6 +3022,11 @@ func (in *SettingsParameters) DeepCopyInto(out *SettingsParameters) { *out = new(string) **out = **in } + if in.EnableGoogleMLIntegration != nil { + in, out := &in.EnableGoogleMLIntegration, &out.EnableGoogleMLIntegration + *out = new(bool) + **out = **in + } if in.IPConfiguration != nil { in, out := &in.IPConfiguration, &out.IPConfiguration *out = new(IPConfigurationParameters) diff --git a/apis/storage/v1beta2/zz_bucket_types.go b/apis/storage/v1beta2/zz_bucket_types.go index 6678a8f43..af67db23e 100755 --- a/apis/storage/v1beta2/zz_bucket_types.go +++ b/apis/storage/v1beta2/zz_bucket_types.go @@ -124,6 +124,9 @@ type BucketInitParameters struct { // The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error. Rpo *string `json:"rpo,omitempty" tf:"rpo,omitempty"` + // The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. Structure is documented below. + SoftDeletePolicy *SoftDeletePolicyInitParameters `json:"softDeletePolicy,omitempty" tf:"soft_delete_policy,omitempty"` + // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` @@ -184,6 +187,8 @@ type BucketObservation struct { // is not provided, the provider project is used. Project *string `json:"project,omitempty" tf:"project,omitempty"` + ProjectNumber *float64 `json:"projectNumber,omitempty" tf:"project_number,omitempty"` + // Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses public access prevention. only if the bucket is subject to the public access prevention organization policy constraint. Defaults to "inherited". PublicAccessPrevention *string `json:"publicAccessPrevention,omitempty" tf:"public_access_prevention,omitempty"` @@ -199,6 +204,9 @@ type BucketObservation struct { // The URI of the created resource. SelfLink *string `json:"selfLink,omitempty" tf:"self_link,omitempty"` + // The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. Structure is documented below. + SoftDeletePolicy *SoftDeletePolicyObservation `json:"softDeletePolicy,omitempty" tf:"soft_delete_policy,omitempty"` + // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` @@ -288,6 +296,10 @@ type BucketParameters struct { // +kubebuilder:validation:Optional Rpo *string `json:"rpo,omitempty" tf:"rpo,omitempty"` + // The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. Structure is documented below. + // +kubebuilder:validation:Optional + SoftDeletePolicy *SoftDeletePolicyParameters `json:"softDeletePolicy,omitempty" tf:"soft_delete_policy,omitempty"` + // The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. // +kubebuilder:validation:Optional StorageClass *string `json:"storageClass,omitempty" tf:"storage_class,omitempty"` @@ -620,6 +632,28 @@ type RetentionPolicyParameters struct { RetentionPeriod *float64 `json:"retentionPeriod" tf:"retention_period,omitempty"` } +type SoftDeletePolicyInitParameters struct { + + // The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800. The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0. + RetentionDurationSeconds *float64 `json:"retentionDurationSeconds,omitempty" tf:"retention_duration_seconds,omitempty"` +} + +type SoftDeletePolicyObservation struct { + + // (Computed) Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format. + EffectiveTime *string `json:"effectiveTime,omitempty" tf:"effective_time,omitempty"` + + // The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800. The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0. + RetentionDurationSeconds *float64 `json:"retentionDurationSeconds,omitempty" tf:"retention_duration_seconds,omitempty"` +} + +type SoftDeletePolicyParameters struct { + + // The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800. The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0. + // +kubebuilder:validation:Optional + RetentionDurationSeconds *float64 `json:"retentionDurationSeconds,omitempty" tf:"retention_duration_seconds,omitempty"` +} + type VersioningInitParameters struct { // While set to true, versioning is fully enabled for this bucket. diff --git a/apis/storage/v1beta2/zz_generated.deepcopy.go b/apis/storage/v1beta2/zz_generated.deepcopy.go index 46ae5c3a8..8fd22e215 100644 --- a/apis/storage/v1beta2/zz_generated.deepcopy.go +++ b/apis/storage/v1beta2/zz_generated.deepcopy.go @@ -607,6 +607,11 @@ func (in *BucketInitParameters) DeepCopyInto(out *BucketInitParameters) { *out = new(string) **out = **in } + if in.SoftDeletePolicy != nil { + in, out := &in.SoftDeletePolicy, &out.SoftDeletePolicy + *out = new(SoftDeletePolicyInitParameters) + (*in).DeepCopyInto(*out) + } if in.StorageClass != nil { in, out := &in.StorageClass, &out.StorageClass *out = new(string) @@ -1247,6 +1252,11 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(string) **out = **in } + if in.ProjectNumber != nil { + in, out := &in.ProjectNumber, &out.ProjectNumber + *out = new(float64) + **out = **in + } if in.PublicAccessPrevention != nil { in, out := &in.PublicAccessPrevention, &out.PublicAccessPrevention *out = new(string) @@ -1272,6 +1282,11 @@ func (in *BucketObservation) DeepCopyInto(out *BucketObservation) { *out = new(string) **out = **in } + if in.SoftDeletePolicy != nil { + in, out := &in.SoftDeletePolicy, &out.SoftDeletePolicy + *out = new(SoftDeletePolicyObservation) + (*in).DeepCopyInto(*out) + } if in.StorageClass != nil { in, out := &in.StorageClass, &out.StorageClass *out = new(string) @@ -1423,6 +1438,11 @@ func (in *BucketParameters) DeepCopyInto(out *BucketParameters) { *out = new(string) **out = **in } + if in.SoftDeletePolicy != nil { + in, out := &in.SoftDeletePolicy, &out.SoftDeletePolicy + *out = new(SoftDeletePolicyParameters) + (*in).DeepCopyInto(*out) + } if in.StorageClass != nil { in, out := &in.StorageClass, &out.StorageClass *out = new(string) @@ -2428,6 +2448,71 @@ func (in *RetentionPolicyParameters) DeepCopy() *RetentionPolicyParameters { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SoftDeletePolicyInitParameters) DeepCopyInto(out *SoftDeletePolicyInitParameters) { + *out = *in + if in.RetentionDurationSeconds != nil { + in, out := &in.RetentionDurationSeconds, &out.RetentionDurationSeconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftDeletePolicyInitParameters. +func (in *SoftDeletePolicyInitParameters) DeepCopy() *SoftDeletePolicyInitParameters { + if in == nil { + return nil + } + out := new(SoftDeletePolicyInitParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SoftDeletePolicyObservation) DeepCopyInto(out *SoftDeletePolicyObservation) { + *out = *in + if in.EffectiveTime != nil { + in, out := &in.EffectiveTime, &out.EffectiveTime + *out = new(string) + **out = **in + } + if in.RetentionDurationSeconds != nil { + in, out := &in.RetentionDurationSeconds, &out.RetentionDurationSeconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftDeletePolicyObservation. +func (in *SoftDeletePolicyObservation) DeepCopy() *SoftDeletePolicyObservation { + if in == nil { + return nil + } + out := new(SoftDeletePolicyObservation) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SoftDeletePolicyParameters) DeepCopyInto(out *SoftDeletePolicyParameters) { + *out = *in + if in.RetentionDurationSeconds != nil { + in, out := &in.RetentionDurationSeconds, &out.RetentionDurationSeconds + *out = new(float64) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SoftDeletePolicyParameters. +func (in *SoftDeletePolicyParameters) DeepCopy() *SoftDeletePolicyParameters { + if in == nil { + return nil + } + out := new(SoftDeletePolicyParameters) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VersioningInitParameters) DeepCopyInto(out *VersioningInitParameters) { *out = *in diff --git a/apis/vpcaccess/v1beta2/zz_connector_types.go b/apis/vpcaccess/v1beta2/zz_connector_types.go index 37bc7809b..2466ee1af 100755 --- a/apis/vpcaccess/v1beta2/zz_connector_types.go +++ b/apis/vpcaccess/v1beta2/zz_connector_types.go @@ -21,16 +21,23 @@ type ConnectorInitParameters struct { // Machine type of VM Instance underlying connector. Default is e2-micro MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Maximum value of instances in autoscaling group underlying the connector. + // Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + // higher than the value specified by min_instances. MaxInstances *float64 `json:"maxInstances,omitempty" tf:"max_instances,omitempty"` - // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. + // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + // max_throughput is discouraged in favor of max_instances. MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` - // Minimum value of instances in autoscaling group underlying the connector. + // Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + // lower than the value specified by max_instances. MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` - // Minimum throughput of the connector in Mbps. Default and min is 200. + // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` // Name or self_link of the VPC network. Required if ip_cidr_range is set. @@ -68,16 +75,23 @@ type ConnectorObservation struct { // Machine type of VM Instance underlying connector. Default is e2-micro MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Maximum value of instances in autoscaling group underlying the connector. + // Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + // higher than the value specified by min_instances. MaxInstances *float64 `json:"maxInstances,omitempty" tf:"max_instances,omitempty"` - // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. + // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + // max_throughput is discouraged in favor of max_instances. MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` - // Minimum value of instances in autoscaling group underlying the connector. + // Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + // lower than the value specified by max_instances. MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` - // Minimum throughput of the connector in Mbps. Default and min is 200. + // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` // Name or self_link of the VPC network. Required if ip_cidr_range is set. @@ -111,19 +125,26 @@ type ConnectorParameters struct { // +kubebuilder:validation:Optional MachineType *string `json:"machineType,omitempty" tf:"machine_type,omitempty"` - // Maximum value of instances in autoscaling group underlying the connector. + // Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + // higher than the value specified by min_instances. // +kubebuilder:validation:Optional MaxInstances *float64 `json:"maxInstances,omitempty" tf:"max_instances,omitempty"` - // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. + // Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + // when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + // min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + // max_throughput is discouraged in favor of max_instances. // +kubebuilder:validation:Optional MaxThroughput *float64 `json:"maxThroughput,omitempty" tf:"max_throughput,omitempty"` - // Minimum value of instances in autoscaling group underlying the connector. + // Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + // lower than the value specified by max_instances. // +kubebuilder:validation:Optional MinInstances *float64 `json:"minInstances,omitempty" tf:"min_instances,omitempty"` - // Minimum throughput of the connector in Mbps. Default and min is 200. + // Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + // Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + // min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. // +kubebuilder:validation:Optional MinThroughput *float64 `json:"minThroughput,omitempty" tf:"min_throughput,omitempty"` diff --git a/config/accesscontextmanager/config.go b/config/accesscontextmanager/config.go index d4a6cdb8c..b70bf5351 100644 --- a/config/accesscontextmanager/config.go +++ b/config/accesscontextmanager/config.go @@ -24,5 +24,6 @@ func Configure(p *config.Provider) { s.Optional = false s.Computed = false } + r.MetaResource.Description = "Allows configuring a single GCP resource that should be inside the 'status' block of a service perimeter." }) } diff --git a/config/provider-metadata.yaml b/config/provider-metadata.yaml index c5dfa07c8..e194564c6 100644 --- a/config/provider-metadata.yaml +++ b/config/provider-metadata.yaml @@ -738,9 +738,9 @@ resources: dependencies: google_project.project: |- { - "name": "acm-test-proj-123", + "name": "my-project-name", "org_id": "123456789", - "project_id": "acm-test-proj-123" + "project_id": "my-project-name" } argumentDocs: create: '- Default is 20 minutes.' @@ -1206,6 +1206,100 @@ resources: "parent": "organizations/123456789", "title": "my policy" } + - name: test-access + manifest: |- + { + "name": "accessPolicies/${google_access_context_manager_access_policy.test-access.name}/servicePerimeters/%s", + "parent": "accessPolicies/${google_access_context_manager_access_policy.test-access.name}", + "perimeter_type": "PERIMETER_TYPE_REGULAR", + "status": [ + { + "egress_policies": [ + { + "egress_from": [ + { + "identities": [ + "group:database-admins@google.com" + ] + } + ], + "egress_to": [ + { + "operations": [ + { + "method_selectors": [ + { + "method": "google.storage.objects.create" + } + ], + "service_name": "storage.googleapis.com" + } + ], + "resources": [ + "*" + ] + } + ] + } + ], + "ingress_policies": [ + { + "ingress_from": [ + { + "identities": [ + "group:database-admins@google.com" + ], + "sources": [ + { + "access_level": "${google_access_context_manager_access_level.test-access.name}" + } + ] + } + ], + "ingress_to": [ + { + "operations": [ + { + "method_selectors": [ + { + "method": "google.storage.objects.create" + } + ], + "service_name": "storage.googleapis.com" + } + ], + "resources": [ + "*" + ] + } + ] + } + ], + "restricted_services": [ + "bigquery.googleapis.com", + "storage.googleapis.com" + ], + "vpc_accessible_services": [ + { + "allowed_services": [ + "bigquery.googleapis.com", + "storage.googleapis.com" + ], + "enable_restriction": true + } + ] + } + ], + "title": "%s" + } + references: + status.ingress_policies.ingress_from.sources.access_level: google_access_context_manager_access_level.test-access.name + dependencies: + google_access_context_manager_access_policy.access-policy: |- + { + "parent": "organizations/123456789", + "title": "Policy with Granular Controls Group Support" + } argumentDocs: create: '- Default is 20 minutes.' create_time: |- @@ -1220,9 +1314,10 @@ resources: egress_from.identities: |- - (Optional) - A list of identities that are allowed access through this EgressPolicy. - Should be in the format of email address. The email address should - represent individual user or service account only. + 'A list of identities that are allowed access through this EgressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' egress_from.identity_type: |- - (Optional) @@ -1275,9 +1370,10 @@ resources: ingress_from.identities: |- - (Optional) - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' ingress_from.identity_type: |- - (Optional) @@ -1536,45 +1632,46 @@ resources: Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. importStatements: [] - google_access_context_manager_service_perimeter_resource: + google_access_context_manager_service_perimeter_dry_run_resource: subCategory: Access Context Manager (VPC Service Controls) - description: Allows configuring a single GCP resource that should be inside of a service perimeter. - name: google_access_context_manager_service_perimeter_resource + description: Allows configuring a single GCP resource that should be inside of the + name: google_access_context_manager_service_perimeter_dry_run_resource title: "" examples: - - name: service-perimeter-resource + - name: service-perimeter-dry-run-resource manifest: |- { - "perimeter_name": "${google_access_context_manager_service_perimeter.service-perimeter-resource.name}", + "perimeter_name": "${google_access_context_manager_service_perimeter.service-perimeter-dry-run-resource.name}", "resource": "projects/987654321" } references: - perimeter_name: google_access_context_manager_service_perimeter.service-perimeter-resource.name + perimeter_name: google_access_context_manager_service_perimeter.service-perimeter-dry-run-resource.name dependencies: google_access_context_manager_access_policy.access-policy: |- { "parent": "organizations/123456789", "title": "my policy" } - google_access_context_manager_service_perimeter.service-perimeter-resource: |- + google_access_context_manager_service_perimeter.service-perimeter-dry-run-resource: |- { "lifecycle": [ { "ignore_changes": [ - "${status[0].resources}" + "${spec[0].resources}" ] } ], "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all", "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", - "status": [ + "spec": [ { "restricted_services": [ "storage.googleapis.com" ] } ], - "title": "restrict_all" + "title": "restrict_all", + "use_explicit_dry_run_spec": true } argumentDocs: create: '- Default is 20 minutes.' @@ -1591,92 +1688,91 @@ resources: Currently only projects are allowed. Format: projects/{project_number} importStatements: [] - google_access_context_manager_service_perimeters: + google_access_context_manager_service_perimeter_egress_policy: subCategory: Access Context Manager (VPC Service Controls) - description: Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. - name: google_access_context_manager_service_perimeters + description: EgressPolicies match requests based on egressFrom and egressTo stanzas. + name: google_access_context_manager_service_perimeter_egress_policy title: "" examples: - - name: service-perimeter + - name: egress_policy manifest: |- { - "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", - "service_perimeters": [ + "egress_from": [ { - "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/", - "status": [ - { - "restricted_services": [ - "storage.googleapis.com" - ] - } - ], - "title": "" - }, + "identity_type": "ANY_IDENTITY" + } + ], + "egress_to": [ { - "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/", - "status": [ + "operations": [ { - "restricted_services": [ - "bigtable.googleapis.com" - ] + "method_selectors": [ + { + "method": "*" + } + ], + "service_name": "bigquery.googleapis.com" } ], - "title": "" + "resources": [ + "*" + ] } - ] + ], + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "perimeter": "${google_access_context_manager_service_perimeter.storage-perimeter.name}" } dependencies: - google_access_context_manager_access_level.access-level: |- + google_access_context_manager_access_policy.access-policy: |- { - "basic": [ + "parent": "organizations/123456789", + "title": "Storage Policy" + } + google_access_context_manager_service_perimeter.storage-perimeter: |- + { + "lifecycle": [ { - "conditions": [ - { - "device_policy": [ - { - "os_constraints": [ - { - "os_type": "DESKTOP_CHROME_OS" - } - ], - "require_screen_lock": false - } - ], - "regions": [ - "CH", - "IT", - "US" - ] - } + "ignore_changes": [ + "${status[0].resources}" ] } ], - "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock", - "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", - "title": "chromeos_no_lock" - } - google_access_context_manager_access_policy.access-policy: |- - { - "parent": "organizations/123456789", - "title": "my policy" + "name": "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter", + "parent": "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}", + "status": [ + { + "restricted_services": [ + "storage.googleapis.com" + ] + } + ], + "title": "Storage Perimeter" } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + egress_from: |- + - + (Optional) + Defines conditions on the source of a request causing this EgressPolicy to apply. + Structure is documented below. egress_from.identities: |- - (Optional) A list of identities that are allowed access through this EgressPolicy. - Should be in the format of email address. The email address should - represent individual user or service account only. + Should be in the format of an email address. The email address should + represent an individual user, service account, or Google group. egress_from.identity_type: |- - (Optional) Specifies the type of identities that are allowed access to outside the perimeter. If left unspecified, then members of identities field will be allowed access. - Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + Possible values are: ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. egress_from.source_restriction: |- - (Optional) @@ -1687,12 +1783,7 @@ resources: (Optional) Sources that this EgressPolicy authorizes access from. Structure is documented below. - egress_policies.egress_from: |- - - - (Optional) - Defines conditions on the source of a request causing this EgressPolicy to apply. - Structure is documented below. - egress_policies.egress_to: |- + egress_to: |- - (Optional) Defines the conditions on the ApiOperation and destination resources that @@ -1718,32 +1809,421 @@ resources: if it contains a resource in this list. If * is specified for resources, then this EgressTo rule will authorize access to all resources outside the perimeter. - id: '- an identifier for the resource with format {{parent}}/servicePerimeters' + id: '- an identifier for the resource with format {{perimeter}}' + method_selectors.method: |- + - + (Optional) + Value for method should be a valid method name for the corresponding + serviceName in ApiOperation. If * used as value for method, + then ALL methods and permissions are allowed. + method_selectors.permission: |- + - + (Optional) + Value for permission should be a valid Cloud IAM permission for the + corresponding serviceName in ApiOperation. + operations.method_selectors: |- + - + (Optional) + API methods or permissions to allow. Method or permission must belong + to the service specified by serviceName field. A single MethodSelector + entry with * specified for the method field will allow all methods + AND permissions for the service specified in serviceName. + Structure is documented below. + operations.service_name: |- + - + (Optional) + The name of the API whose methods or permissions the IngressPolicy or + EgressPolicy want to allow. A single ApiOperation with serviceName + field set to * will allow all methods AND permissions for all services. + perimeter: |- + - + (Required) + The name of the Service Perimeter to add this resource to. + sources.access_level: |- + - + (Optional) + An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside. + importStatements: [] + google_access_context_manager_service_perimeter_ingress_policy: + subCategory: Access Context Manager (VPC Service Controls) + description: IngressPolicies match requests based on ingressFrom and ingressTo stanzas. + name: google_access_context_manager_service_perimeter_ingress_policy + title: "" + examples: + - name: ingress_policy + manifest: |- + { + "ingress_from": [ + { + "identity_type": "any_identity", + "sources": [ + { + "access_level": "*" + } + ] + } + ], + "ingress_to": [ + { + "operations": [ + { + "method_selectors": [ + { + "method": "*" + } + ], + "service_name": "bigquery.googleapis.com" + } + ], + "resources": [ + "*" + ] + } + ], + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "perimeter": "${google_access_context_manager_service_perimeter.storage-perimeter.name}" + } + dependencies: + google_access_context_manager_access_policy.access-policy: |- + { + "parent": "organizations/123456789", + "title": "Storage Policy" + } + google_access_context_manager_service_perimeter.storage-perimeter: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${status[0].resources}" + ] + } + ], + "name": "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}/serviceperimeters/storage-perimeter", + "parent": "accesspolicies/${google_access_context_manager_access_policy.access-policy.name}", + "status": [ + { + "restricted_services": [ + "storage.googleapis.com" + ] + } + ], + "title": "Storage Perimeter" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{perimeter}}' + ingress_from: |- + - + (Optional) + Defines the conditions on the source of a request causing this IngressPolicy + to apply. + Structure is documented below. ingress_from.identities: |- - (Optional) - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + A list of identities that are allowed access through this IngressPolicy. + Should be in the format of an email address. The email address should represent + an individual user, service account, or Google group. ingress_from.identity_type: |- - (Optional) Specifies the type of identities that are allowed access from outside the perimeter. If left unspecified, then members of identities field will be allowed access. - Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + Possible values are: ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. ingress_from.sources: |- - (Optional) Sources that this IngressPolicy authorizes access from. Structure is documented below. - ingress_policies.ingress_from: |- - - - (Optional) - Defines the conditions on the source of a request causing this IngressPolicy - to apply. - Structure is documented below. - ingress_policies.ingress_to: |- + ingress_to: |- + - + (Optional) + Defines the conditions on the ApiOperation and request destination that cause + this IngressPolicy to apply. + Structure is documented below. + ingress_to.operations: |- + - + (Optional) + A list of ApiOperations the sources specified in corresponding IngressFrom + are allowed to perform in this ServicePerimeter. + Structure is documented below. + ingress_to.resources: |- + - + (Optional) + A list of resources, currently only projects in the form + projects/, protected by this ServicePerimeter + that are allowed to be accessed by sources defined in the + corresponding IngressFrom. A request matches if it contains + a resource in this list. If * is specified for resources, + then this IngressTo rule will authorize access to all + resources inside the perimeter, provided that the request + also matches the operations field. + method_selectors.method: |- + - + (Optional) + Value for method should be a valid method name for the corresponding + serviceName in ApiOperation. If * used as value for method, then + ALL methods and permissions are allowed. + method_selectors.permission: |- + - + (Optional) + Value for permission should be a valid Cloud IAM permission for the + corresponding serviceName in ApiOperation. + operations.method_selectors: |- + - + (Optional) + API methods or permissions to allow. Method or permission must belong to + the service specified by serviceName field. A single MethodSelector entry + with * specified for the method field will allow all methods AND + permissions for the service specified in serviceName. + Structure is documented below. + operations.service_name: |- + - + (Optional) + The name of the API whose methods or permissions the IngressPolicy or + EgressPolicy want to allow. A single ApiOperation with serviceName + field set to * will allow all methods AND permissions for all services. + perimeter: |- + - + (Required) + The name of the Service Perimeter to add this resource to. + sources.access_level: |- + - + (Optional) + An AccessLevel resource name that allow resources within the + ServicePerimeters to be accessed from the internet. AccessLevels listed + must be in the same policy as this ServicePerimeter. Referencing a nonexistent + AccessLevel will cause an error. If no AccessLevel names are listed, + resources within the perimeter can only be accessed via Google Cloud calls + with request origins within the perimeter. + Example accessPolicies/MY_POLICY/accessLevels/MY_LEVEL. + If * is specified, then all IngressSources will be allowed. + sources.resource: |- + - + (Optional) + A Google Cloud resource that is allowed to ingress the perimeter. + Requests from these resources will be allowed to access perimeter data. + Currently only projects are allowed. Format projects/{project_number} + The project may be in any Google Cloud organization, not just the + organization that the perimeter is defined in. * is not allowed, the case + of allowing all Google Cloud resources only is not supported. + importStatements: [] + google_access_context_manager_service_perimeter_resource: + subCategory: Access Context Manager (VPC Service Controls) + description: Allows configuring a single GCP resource that should be inside the + name: google_access_context_manager_service_perimeter_resource + title: "" + examples: + - name: service-perimeter-resource + manifest: |- + { + "perimeter_name": "${google_access_context_manager_service_perimeter.service-perimeter-resource.name}", + "resource": "projects/987654321" + } + references: + perimeter_name: google_access_context_manager_service_perimeter.service-perimeter-resource.name + dependencies: + google_access_context_manager_access_policy.access-policy: |- + { + "parent": "organizations/123456789", + "title": "my policy" + } + google_access_context_manager_service_perimeter.service-perimeter-resource: |- + { + "lifecycle": [ + { + "ignore_changes": [ + "${status[0].resources}" + ] + } + ], + "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/restrict_all", + "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", + "status": [ + { + "restricted_services": [ + "storage.googleapis.com" + ] + } + ], + "title": "restrict_all" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format {{perimeter_name}}/{{resource}}' + perimeter_name: |- + - + (Required) + The name of the Service Perimeter to add this resource to. + resource: |- + - + (Required) + A GCP resource that is inside of the service perimeter. + Currently only projects are allowed. + Format: projects/{project_number} + importStatements: [] + google_access_context_manager_service_perimeters: + subCategory: Access Context Manager (VPC Service Controls) + description: Replace all existing Service Perimeters in an Access Policy with the Service Perimeters provided. + name: google_access_context_manager_service_perimeters + title: "" + examples: + - name: service-perimeter + manifest: |- + { + "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", + "service_perimeters": [ + { + "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/", + "status": [ + { + "restricted_services": [ + "storage.googleapis.com" + ] + } + ], + "title": "" + }, + { + "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/servicePerimeters/", + "status": [ + { + "restricted_services": [ + "bigtable.googleapis.com" + ] + } + ], + "title": "" + } + ] + } + dependencies: + google_access_context_manager_access_level.access-level: |- + { + "basic": [ + { + "conditions": [ + { + "device_policy": [ + { + "os_constraints": [ + { + "os_type": "DESKTOP_CHROME_OS" + } + ], + "require_screen_lock": false + } + ], + "regions": [ + "CH", + "IT", + "US" + ] + } + ] + } + ], + "name": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}/accessLevels/chromeos_no_lock", + "parent": "accessPolicies/${google_access_context_manager_access_policy.access-policy.name}", + "title": "chromeos_no_lock" + } + google_access_context_manager_access_policy.access-policy: |- + { + "parent": "organizations/123456789", + "title": "my policy" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + egress_from.identities: |- + - + (Optional) + 'A list of identities that are allowed access through this EgressPolicy. + To specify an identity or identity group, use the IAM v1 format + specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + egress_from.identity_type: |- + - + (Optional) + Specifies the type of identities that are allowed access to outside the + perimeter. If left unspecified, then members of identities field will + be allowed access. + Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + egress_from.source_restriction: |- + - + (Optional) + Whether to enforce traffic restrictions based on sources field. If the sources field is non-empty, then this field must be set to SOURCE_RESTRICTION_ENABLED. + Possible values are: SOURCE_RESTRICTION_UNSPECIFIED, SOURCE_RESTRICTION_ENABLED, SOURCE_RESTRICTION_DISABLED. + egress_from.sources: |- + - + (Optional) + Sources that this EgressPolicy authorizes access from. + Structure is documented below. + egress_policies.egress_from: |- + - + (Optional) + Defines conditions on the source of a request causing this EgressPolicy to apply. + Structure is documented below. + egress_policies.egress_to: |- + - + (Optional) + Defines the conditions on the ApiOperation and destination resources that + cause this EgressPolicy to apply. + Structure is documented below. + egress_to.external_resources: |- + - + (Optional) + A list of external resources that are allowed to be accessed. A request + matches if it contains an external resource in this list (Example: + s3://bucket/path). Currently '*' is not allowed. + egress_to.operations: |- + - + (Optional) + A list of ApiOperations that this egress rule applies to. A request matches + if it contains an operation/service in this list. + Structure is documented below. + egress_to.resources: |- + - + (Optional) + A list of resources, currently only projects in the form + projects/, that match this to stanza. A request matches + if it contains a resource in this list. If * is specified for resources, + then this EgressTo rule will authorize access to all resources outside + the perimeter. + id: '- an identifier for the resource with format {{parent}}/servicePerimeters' + ingress_from.identities: |- + - + (Optional) + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 format + specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' + ingress_from.identity_type: |- + - + (Optional) + Specifies the type of identities that are allowed access from outside the + perimeter. If left unspecified, then members of identities field will be + allowed access. + Possible values are: IDENTITY_TYPE_UNSPECIFIED, ANY_IDENTITY, ANY_USER_ACCOUNT, ANY_SERVICE_ACCOUNT. + ingress_from.sources: |- + - + (Optional) + Sources that this IngressPolicy authorizes access from. + Structure is documented below. + ingress_policies.ingress_from: |- + - + (Optional) + Defines the conditions on the source of a request causing this IngressPolicy + to apply. + Structure is documented below. + ingress_policies.ingress_to: |- - (Optional) Defines the conditions on the ApiOperation and request destination that cause @@ -2981,6 +3461,26 @@ resources: - (Required) The location where the alloydb cluster should reside. + maintenance_update_policy: |- + - + (Optional) + MaintenanceUpdatePolicy defines the policy for system updates. + Structure is documented below. + maintenance_update_policy.maintenance_windows: |- + - + (Optional) + Preferred windows to perform maintenance. Currently limited to 1. + Structure is documented below. + maintenance_update_policy.maintenance_windows.day: |- + - + (Required) + Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + maintenance_update_policy.maintenance_windows.start_time: |- + - + (Required) + Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + Structure is documented below. migration_source: |- - Cluster created via DMS migration. @@ -3064,6 +3564,22 @@ resources: (Required) Name of the primary cluster must be in the format 'projects/{project}/locations/{location}/clusters/{cluster_id}' + start_time.hours: |- + - + (Required) + Hours of day in 24 hour format. Should be from 0 to 23. + start_time.minutes: |- + - + (Optional) + Minutes of hour of day. Currently, only the value 0 is supported. + start_time.nanos: |- + - + (Optional) + Fractions of seconds in nanoseconds. Currently, only the value 0 is supported. + start_time.seconds: |- + - + (Optional) + Seconds of minutes of the time. Currently, only the value 0 is supported. start_times.hours: |- - (Optional) @@ -3314,6 +3830,10 @@ resources: Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource. + authorized_external_networks.cidr_range: |- + - + (Optional) + CIDR range for one authorized network of the instance. availability_type: |- - (Optional) @@ -3403,6 +3923,29 @@ resources: name: |- - The name of the instance resource. + network_config: |- + - + (Optional) + Instance level network configuration. + Structure is documented below. + network_config.authorized_external_networks: |- + - + (Optional) + A list of external networks authorized to access this instance. This + field is only allowed to be set when enable_public_ip is set to + true. + Structure is documented below. + network_config.enable_public_ip: |- + - + (Optional) + Enabling public ip for the instance. If a user wishes to disable this, + please also clear the list of the authorized external networks set on + the same instance. + public_ip_address: |- + - + The public IP addresses for the Instance. This is available ONLY when + networkConfig.enablePublicIp is set to true. This is the connection + endpoint for an end-user application. query_insights_config: |- - (Optional) @@ -4567,6 +5110,10 @@ resources: - (Optional) Display name of the environment. + forward_proxy_uri: |- + - + (Optional) + Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of "http" or "https", and the port must be supplied. id: '- an identifier for the resource with format {{org_id}}/environments/{{name}}' name: |- - @@ -5524,6 +6071,16 @@ resources: - (Optional) Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. + api_consumer_data_encryption_key_name: |- + - + (Optional) + Cloud KMS key name used for encrypting API consumer data. + api_consumer_data_location: |- + - + (Optional) + This field is needed only for customers using non-default data residency regions. + Apigee stores some control plane data only in single region. + This field determines which single region Apigee should use. apigee_project_id: |- - Output only. Project ID of the Apigee Tenant Project. @@ -5541,6 +6098,11 @@ resources: - Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when RuntimeType is CLOUD. A base64-encoded string. + control_plane_encryption_key_name: |- + - + (Optional) + Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + Only used for the data residency region "US" or "EU". create: '- Default is 45 minutes.' delete: '- Default is 45 minutes.' description: |- @@ -5673,7 +6235,7 @@ resources: manifest: |- { "depends_on": [ - "${google_project_iam_binding.synchronizer-iam}" + "${google_project_iam_member.synchronizer-iam}" ], "identities": [ "serviceAccount:${google_service_account.service_account.email}" @@ -5699,11 +6261,9 @@ resources: "org_id": "123456789", "project_id": "my-project" } - google_project_iam_binding.synchronizer-iam: |- + google_project_iam_member.synchronizer-iam: |- { - "members": [ - "serviceAccount:${google_service_account.service_account.email}" - ], + "member": "serviceAccount:${google_service_account.service_account.email}", "project": "${google_project.project.project_id}", "role": "roles/apigee.synchronizerManager" } @@ -7743,5019 +8303,6451 @@ resources: (Required) Source URL importStatements: [] - google_artifact_registry_repository: - subCategory: Artifact Registry - description: A repository for storing artifacts - name: google_artifact_registry_repository + google_apphub_application: + subCategory: App Hub + description: Application is a functional grouping of Services and Workloads that helps achieve a desired end-to-end business functionality. + name: google_apphub_application title: "" examples: - - name: my-repo - manifest: |- - { - "description": "example docker repository", - "format": "DOCKER", - "location": "us-central1", - "repository_id": "my-repository" - } - - name: my-repo - manifest: |- - { - "description": "example docker repository", - "docker_config": [ - { - "immutable_tags": true - } - ], - "format": "DOCKER", - "location": "us-central1", - "repository_id": "my-repository" - } - - name: my-repo + - name: example manifest: |- { - "depends_on": [ - "${google_kms_crypto_key_iam_member.crypto_key}" - ], - "description": "example docker repository with cmek", - "format": "DOCKER", - "kms_key_name": "kms-key", - "location": "us-central1", - "repository_id": "my-repository" - } - dependencies: - google_kms_crypto_key_iam_member.crypto_key: |- + "application_id": "example-application", + "location": "us-east1", + "scope": [ { - "crypto_key_id": "kms-key", - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + "type": "REGIONAL" } - - name: my-repo-upstream-1 - manifest: |- - { - "description": "example docker repository (upstream source) 1", - "format": "DOCKER", - "location": "us-central1", - "repository_id": "my-repository-upstream-1" - } - - name: my-repo-upstream-2 - manifest: |- - { - "description": "example docker repository (upstream source) 2", - "format": "DOCKER", - "location": "us-central1", - "repository_id": "my-repository-upstream-2" + ] } - - name: my-repo + - name: example2 manifest: |- { - "depends_on": [], - "description": "example virtual docker repository", - "format": "DOCKER", - "location": "us-central1", - "mode": "VIRTUAL_REPOSITORY", - "repository_id": "my-repository", - "virtual_repository_config": [ + "application_id": "example-application", + "attributes": [ { - "upstream_policies": [ + "business_owners": [ { - "id": "my-repository-upstream-1", - "priority": 20, - "repository": "${google_artifact_registry_repository.my-repo-upstream-1.id}" - }, + "display_name": "Alice", + "email": "alice@google.com" + } + ], + "criticality": [ { - "id": "my-repository-upstream-2", - "priority": 10, - "repository": "${google_artifact_registry_repository.my-repo-upstream-2.id}" + "type": "MISSION_CRITICAL" + } + ], + "developer_owners": [ + { + "display_name": "Bob", + "email": "bob@google.com" + } + ], + "environment": [ + { + "type": "STAGING" + } + ], + "operator_owners": [ + { + "display_name": "Charlie", + "email": "charlie@google.com" } ] } + ], + "description": "Application for testing", + "display_name": "Application Full", + "location": "us-east1", + "scope": [ + { + "type": "REGIONAL" + } ] } - references: - virtual_repository_config.upstream_policies.repository: google_artifact_registry_repository.my-repo-upstream-2.id - - name: my-repo + argumentDocs: + application_id: |- + - + (Required) + Required. The Application identifier. + attributes.business_owners: |- + - + (Optional) + Optional. Business team that ensures user needs are met and value is delivered + Structure is documented below. + attributes.criticality: |- + - + (Optional) + Criticality of the Application, Service, or Workload + Structure is documented below. + attributes.developer_owners: |- + - + (Optional) + Optional. Developer team that owns development and coding. + Structure is documented below. + attributes.environment: |- + - + (Optional) + Environment of the Application, Service, or Workload + Structure is documented below. + attributes.operator_owners: |- + - + (Optional) + Optional. Operator team that ensures runtime and operations. + Structure is documented below. + business_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + business_owners.email: |- + - + (Required) + Required. Email address of the contacts. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Create time. + criticality.type: |- + - + (Required) + Criticality type. + Possible values are: MISSION_CRITICAL, HIGH, MEDIUM, LOW. + delete: '- Default is 20 minutes.' + developer_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + developer_owners.email: |- + - + (Required) + Required. Email address of the contacts. + environment.type: |- + - + (Required) + Environment type. + Possible values are: PRODUCTION, STAGING, TEST, DEVELOPMENT. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/applications/{{application_id}}' + location: |- + - + (Required) + Part of parent. See documentation of projectsId. + name: |- + - + Identifier. The resource name of an Application. Format: + "projects/{host-project-id}/locations/{location}/applications/{application-id}" + operator_owners.display_name: |- + - + (Optional) + Optional. Contact's name. + operator_owners.email: |- + - + (Required) + Required. Email address of the contacts. + scope: |- + - + (Required) + Scope of an application. + Structure is documented below. + scope.attributes: |- + - + (Optional) + Consumer provided attributes. + Structure is documented below. + scope.description: |- + - + (Optional) + Optional. User-defined description of an Application. + scope.display_name: |- + - + (Optional) + Optional. User-defined name for the Application. + scope.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + scope.type: |- + - + (Required) + Required. Scope Type. + Possible values: + REGIONAL + Possible values are: REGIONAL. + state: |- + - + Output only. Application state. + Possible values: + STATE_UNSPECIFIED + CREATING + ACTIVE + DELETING + uid: |- + - + Output only. A universally unique identifier (in UUID4 format) for the Application. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Update time. + importStatements: [] + google_apphub_service: + subCategory: App Hub + description: Service is a network/api interface that exposes some functionality to clients for consumption over the network. + name: google_apphub_service + title: "" + examples: + - name: example manifest: |- { - "description": "example remote docker repository", - "format": "DOCKER", + "application_id": "${google_apphub_application.application.application_id}", + "discovered_service": "${data.google_apphub_discovered_service.catalog-service.name}", "location": "us-central1", - "mode": "REMOTE_REPOSITORY", - "remote_repository_config": [ + "service_id": "${google_compute_forwarding_rule.forwarding_rule.name}" + } + references: + application_id: google_apphub_application.application.application_id + discovered_service: data.google_apphub_discovered_service.catalog-service.name + service_id: google_compute_forwarding_rule.forwarding_rule.name + dependencies: + google_apphub_application.application: |- { - "description": "docker hub", - "docker_repository": [ + "application_id": "example-application-1", + "location": "us-central1", + "scope": [ { - "public_repository": "DOCKER_HUB" + "type": "REGIONAL" } ] } - ], - "repository_id": "my-repository" - } - - name: my-repo - manifest: |- - { - "description": "example remote apt repository", - "format": "APT", - "location": "us-central1", - "mode": "REMOTE_REPOSITORY", - "remote_repository_config": [ + google_apphub_service_project_attachment.service_project_attachment: |- { - "apt_repository": [ - { - "public_repository": [ - { - "repository_base": "DEBIAN", - "repository_path": "debian/dists/buster" - } - ] - } + "depends_on": [ + "${time_sleep.wait_120s}" ], - "description": "Debian buster remote repository" + "service_project_attachment_id": "${google_project.service_project.project_id}" } - ], - "repository_id": "debian-buster" - } - - name: my-repo - manifest: |- - { - "description": "example remote yum repository", - "format": "YUM", - "location": "us-central1", - "mode": "REMOTE_REPOSITORY", - "remote_repository_config": [ + google_compute_forwarding_rule.forwarding_rule: |- { - "description": "Centos 8 remote repository", - "yum_repository": [ + "all_ports": true, + "backend_service": "${google_compute_region_backend_service.backend.id}", + "ip_version": "IPV4", + "load_balancing_scheme": "INTERNAL", + "name": "l7-ilb-forwarding-rule", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" + } + google_compute_health_check.default: |- + { + "check_interval_sec": 1, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-hc", + "project": "${google_project.service_project.project_id}", + "tcp_health_check": [ { - "public_repository": [ - { - "repository_base": "CENTOS", - "repository_path": "centos/8-stream/BaseOS/x86_64/os" - } - ] + "port": "80" } + ], + "timeout_sec": 1 + } + google_compute_network.ilb_network: |- + { + "auto_create_subnetworks": false, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-network", + "project": "${google_project.service_project.project_id}" + } + google_compute_region_backend_service.backend: |- + { + "health_checks": [ + "${google_compute_health_check.default.id}" + ], + "name": "l7-ilb-backend-subnet", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_compute_subnetwork.ilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-ilb-subnet", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_project.service_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + google_project_service.compute_service_project: |- + { + "project": "${google_project.service_project.project_id}", + "service": "compute.googleapis.com" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project_service.compute_service_project}" ] } - ], - "repository_id": "centos-8" - } - - name: my-repo + time_sleep.wait_120s_for_resource_ingestion: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_compute_forwarding_rule.forwarding_rule}" + ] + } + - name: example manifest: |- { - "cleanup_policies": [ + "application_id": "${google_apphub_application.application.application_id}", + "attributes": [ { - "action": "DELETE", - "condition": [ + "business_owners": [ { - "older_than": "2592000s", - "tag_prefixes": [ - "alpha", - "v0" - ], - "tag_state": "TAGGED" + "display_name": "Alice", + "email": "alice@google.com" } ], - "id": "delete-prerelease" - }, - { - "action": "KEEP", - "condition": [ + "criticality": [ { - "package_name_prefixes": [ - "webapp", - "mobile" - ], - "tag_prefixes": [ - "release" - ], - "tag_state": "TAGGED" + "type": "MISSION_CRITICAL" } ], - "id": "keep-tagged-release" - }, - { - "action": "KEEP", - "id": "keep-minimum-versions", - "most_recent_versions": [ + "developer_owners": [ { - "keep_count": 5, - "package_name_prefixes": [ - "webapp", - "mobile", - "sandbox" - ] + "display_name": "Bob", + "email": "bob@google.com" } - ] - } - ], - "cleanup_policy_dry_run": false, - "description": "example docker repository with cleanup policies", - "format": "DOCKER", - "location": "us-central1", - "repository_id": "my-repository" - } - - name: my-repo - manifest: |- - { - "description": "example remote docker repository with credentials", - "format": "DOCKER", - "location": "us-central1", - "mode": "REMOTE_REPOSITORY", - "remote_repository_config": [ - { - "description": "docker hub with custom credentials", - "docker_repository": [ + ], + "environment": [ { - "public_repository": "DOCKER_HUB" + "type": "STAGING" } ], - "upstream_credentials": [ + "operator_owners": [ { - "username_password_credentials": [ - { - "password_secret_version": "${google_secret_manager_secret_version.example-custom-remote-secret_version.name}", - "username": "remote-username" - } - ] + "display_name": "Charlie", + "email": "charlie@google.com" } ] } ], - "repository_id": "example-custom-remote" + "description": "Register service for testing", + "discovered_service": "${data.google_apphub_discovered_service.catalog-service.name}", + "display_name": "Example Service Full", + "location": "us-central1", + "service_id": "${google_compute_forwarding_rule.forwarding_rule.name}" } references: - remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-custom-remote-secret_version.name + application_id: google_apphub_application.application.application_id + discovered_service: data.google_apphub_discovered_service.catalog-service.name + service_id: google_compute_forwarding_rule.forwarding_rule.name dependencies: - google_secret_manager_secret.example-custom-remote-secret: |- + google_apphub_application.application: |- { - "replication": [ + "application_id": "example-application-1", + "location": "us-central1", + "scope": [ { - "auto": [ - {} - ] + "type": "REGIONAL" } + ] + } + google_apphub_service_project_attachment.service_project_attachment: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" ], - "secret_id": "example-secret" + "service_project_attachment_id": "${google_project.service_project.project_id}" } - google_secret_manager_secret_iam_member.secret-access: |- + google_compute_forwarding_rule.forwarding_rule: |- { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", - "role": "roles/secretmanager.secretAccessor", - "secret_id": "${google_secret_manager_secret.example-custom-remote-secret.id}" + "all_ports": true, + "backend_service": "${google_compute_region_backend_service.backend.id}", + "ip_version": "IPV4", + "load_balancing_scheme": "INTERNAL", + "name": "l7-ilb-forwarding-rule", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1", + "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" } - google_secret_manager_secret_version.example-custom-remote-secret_version: |- + google_compute_health_check.default: |- { - "secret": "${google_secret_manager_secret.example-custom-remote-secret.id}", - "secret_data": "remote-password" + "check_interval_sec": 1, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-hc", + "project": "${google_project.service_project.project_id}", + "tcp_health_check": [ + { + "port": "80" + } + ], + "timeout_sec": 1 + } + google_compute_network.ilb_network: |- + { + "auto_create_subnetworks": false, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-network", + "project": "${google_project.service_project.project_id}" + } + google_compute_region_backend_service.backend: |- + { + "health_checks": [ + "${google_compute_health_check.default.id}" + ], + "name": "l7-ilb-backend-subnet", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_compute_subnetwork.ilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-ilb-subnet", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_project.service_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + google_project_service.compute_service_project: |- + { + "project": "${google_project.service_project.project_id}", + "service": "compute.googleapis.com" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project_service.compute_service_project}" + ] + } + time_sleep.wait_120s_for_resource_ingestion: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_compute_forwarding_rule.forwarding_rule}" + ] } argumentDocs: - apt_repository.public_repository: |- - - - (Optional) - One of the publicly available Apt repositories supported by Artifact Registry. - Structure is documented below. - apt_repository.public_repository.repository_base: |- - - - (Required) - A common public repository base for Apt, e.g. "debian/dists/buster" - Possible values are: DEBIAN, UBUNTU. - apt_repository.public_repository.repository_path: |- + application_id: |- - (Required) - Specific repository from the base. - cleanup_policies: |- + Part of parent. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} + attributes: |- - (Optional) - Cleanup policies for this repository. Cleanup policies indicate when - certain package versions can be automatically deleted. - Map keys are policy IDs supplied by users during policy creation. They must - unique within a repository and be under 128 characters in length. + Consumer provided attributes. Structure is documented below. - cleanup_policies.action: |- + attributes.business_owners: |- - (Optional) - Policy action. - Possible values are: DELETE, KEEP. - cleanup_policies.condition: |- + Business team that ensures user needs are met and value is delivered + Structure is documented below. + attributes.criticality: |- - (Optional) - Policy condition for matching versions. + Criticality of the Application, Service, or Workload Structure is documented below. - cleanup_policies.id: '- (Required) The identifier for this object. Format specified above.' - cleanup_policies.most_recent_versions: |- + attributes.developer_owners: |- - (Optional) - Policy condition for retaining a minimum number of versions. May only be - specified with a Keep action. + Developer team that owns development and coding. Structure is documented below. - cleanup_policy_dry_run: |- + attributes.environment: |- - (Optional) - If true, the cleanup pipeline is prevented from deleting versions in this - repository. - condition.newer_than: |- + Environment of the Application, Service, or Workload + Structure is documented below. + attributes.operator_owners: |- - (Optional) - Match versions newer than a duration. - condition.older_than: |- + Operator team that ensures runtime and operations. + Structure is documented below. + business_owners.display_name: |- - (Optional) - Match versions older than a duration. - condition.package_name_prefixes: |- + Contact's name. + business_owners.email: |- - - (Optional) - Match versions by package prefix. Applied on any prefix match. - condition.tag_prefixes: |- + (Required) + Required. Email address of the contacts. + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Create time. + criticality.type: |- + - + (Required) + Criticality type. + Possible values are: MISSION_CRITICAL, HIGH, MEDIUM, LOW. + delete: '- Default is 20 minutes.' + description: |- - (Optional) - Match versions by tag prefix. Applied on any prefix match. - condition.tag_state: |- + User-defined description of a Service. + developer_owners.display_name: |- - (Optional) - Match versions by tag status. - Default value is ANY. - Possible values are: TAGGED, UNTAGGED, ANY. - condition.version_name_prefixes: |- + Contact's name. + developer_owners.email: |- - - (Optional) - Match versions by version name prefix. Applied on any prefix match. - create: '- Default is 20 minutes.' - create_time: |- + (Required) + Required. Email address of the contacts. + discovered_service: |- - - The time when the repository was created. - delete: '- Default is 20 minutes.' - description: |- + (Required) + Immutable. The resource name of the original discovered service. + display_name: |- - (Optional) - The user-provided description of the repository. - docker_config: |- + User-defined name for the Service. + environment.type: |- - - (Optional) - Docker repository config contains repository level configuration for the repositories of docker type. - Structure is documented below. - docker_config.immutable_tags: |- + (Required) + Environment type. + Possible values are: PRODUCTION, STAGING, TEST, DEVELOPMENT. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/applications/{{application_id}}/services/{{service_id}}' + location: |- - - (Optional) - The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. - docker_repository.public_repository: |- + (Required) + Part of parent. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} + name: |- + - + Identifier. The resource name of a Service. Format: + "projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}" + operator_owners.display_name: |- - (Optional) - Address of the remote repository. - Default value is DOCKER_HUB. - Possible values are: DOCKER_HUB. - effective_labels: for all of the labels present on the resource. - format: |- + Contact's name. + operator_owners.email: |- - (Required) - The format of packages that are stored in the repository. Supported formats - can be found here. - You can only create alpha formats if you are a member of the - alpha user group. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}' - kms_key_name: |- + Required. Email address of the contacts. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + service_id: |- - - (Optional) - The Cloud KMS resource name of the customer managed encryption key that’s - used to encrypt the contents of the Repository. Has the form: - projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. - This value may not be changed after the Repository has been created. - labels: |- + (Required) + The Service identifier. + service_properties: |- - - (Optional) - Labels with user-defined metadata. - This field may contain up to 64 entries. Label keys and values may be no - longer than 63 characters. Label keys must begin with a lowercase letter - and may only contain lowercase letters, numeric characters, underscores, - and dashes. - location: |- + Properties of an underlying cloud resource that can comprise a Service. + Structure is documented below. + service_properties.gcp_project: |- - - (Optional) - The name of the location this repository is located in. - maven_config: |- + (Output) + Output only. The service project identifier that the underlying cloud resource resides in. + service_properties.location: |- - - (Optional) - MavenRepositoryConfig is maven related repository details. - Provides additional configuration details for repositories of the maven - format type. - Structure is documented below. - maven_config.allow_snapshot_overwrites: |- + (Output) + Output only. The location that the underlying resource resides in, for example, us-west1. + service_properties.zone: |- - - (Optional) - The repository with this flag will allow publishing the same - snapshot versions. - maven_config.version_policy: |- + (Output) + Output only. The location that the underlying resource resides in if it is zonal, for example, us-west1-a). + service_reference: |- - - (Optional) - Version policy defines the versions that the registry will accept. - Default value is VERSION_POLICY_UNSPECIFIED. - Possible values are: VERSION_POLICY_UNSPECIFIED, RELEASE, SNAPSHOT. - maven_repository.public_repository: |- + Reference to an underlying networking resource that can comprise a Service. + Structure is documented below. + service_reference.uri: |- - - (Optional) - Address of the remote repository. - Default value is MAVEN_CENTRAL. - Possible values are: MAVEN_CENTRAL. - mode: |- + (Output) + Output only. The underlying resource URI (For example, URI of Forwarding Rule, URL Map, + and Backend Service). + state: |- - - (Optional) - The mode configures the repository to serve artifacts from different sources. - Default value is STANDARD_REPOSITORY. - Possible values are: STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY. - most_recent_versions.keep_count: |- + Output only. Service state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED + uid: |- - - (Optional) - Minimum number of versions to keep. - most_recent_versions.package_name_prefixes: |- + Output only. A universally unique identifier (UUID) for the Service in the UUID4 + format. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - Match versions by package prefix. Applied on any prefix match. - name: |- + Output only. Update time. + importStatements: [] + google_apphub_service_project_attachment: + subCategory: App Hub + description: Represents a Service project attachment to the Host Project. + name: google_apphub_service_project_attachment + title: "" + examples: + - name: example + manifest: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "service_project_attachment_id": "${google_project.service_project.project_id}" + } + references: + service_project_attachment_id: google_project.service_project.project_id + dependencies: + google_project.service_project: |- + { + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project.service_project}" + ] + } + - name: example2 + manifest: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "service_project": "${google_project.service_project_full.project_id}", + "service_project_attachment_id": "${google_project.service_project_full.project_id}" + } + references: + service_project: google_project.service_project_full.project_id + service_project_attachment_id: google_project.service_project_full.project_id + dependencies: + google_project.service_project_full: |- + { + "name": "Service Project Full", + "org_id": "123456789", + "project_id": "project-1" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project.service_project_full}" + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- - - The name of the repository, for example: - "repo1" - npm_repository.public_repository: |- + Output only. Create time. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/global/serviceProjectAttachments/{{service_project_attachment_id}}' + name: |- - - (Optional) - Address of the remote repository. - Default value is NPMJS. - Possible values are: NPMJS. + "Identifier. The resource name of a ServiceProjectAttachment. Format:"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}." " project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - python_repository.public_repository: |- + service_project: |- - (Optional) - Address of the remote repository. - Default value is PYPI. - Possible values are: PYPI. - remote_repository_config: |- + "Immutable. Service project name in the format: "projects/abc" + or "projects/123". As input, project name with either project id or number + are accepted. As output, this field will contain project number. " + service_project_attachment_id: |- - - (Optional) - Configuration specific for a Remote Repository. - Structure is documented below. - remote_repository_config.apt_repository: |- + (Required) + Required. The service project attachment identifier must contain the project_id of the service project specified in the service_project_attachment.service_project field. Hint: "projects/{project_id}" + state: |- - - (Optional) - Specific settings for an Apt remote repository. - Structure is documented below. - remote_repository_config.description: |- + ServiceProjectAttachment state. + uid: |- - - (Optional) - The description of the remote source. - remote_repository_config.docker_repository: |- + Output only. A globally unique identifier (in UUID4 format) for the ServiceProjectAttachment. + importStatements: [] + google_apphub_workload: + subCategory: App Hub + description: Workload represents a binary deployment (such as Managed Instance Groups (MIGs), GKE deployments, etc. + name: google_apphub_workload + title: "" + examples: + - name: example + manifest: |- + { + "application_id": "${google_apphub_application.application.application_id}", + "discovered_workload": "${data.google_apphub_discovered_workload.catalog-workload.name}", + "location": "us-central1", + "workload_id": "${google_compute_region_instance_group_manager.mig.name}" + } + references: + application_id: google_apphub_application.application.application_id + discovered_workload: data.google_apphub_discovered_workload.catalog-workload.name + workload_id: google_compute_region_instance_group_manager.mig.name + dependencies: + google_apphub_application.application: |- + { + "application_id": "example-application-1", + "location": "us-central1", + "scope": [ + { + "type": "REGIONAL" + } + ] + } + google_apphub_service_project_attachment.service_project_attachment: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "service_project_attachment_id": "${google_project.service_project.project_id}" + } + google_compute_instance_template.instance_template: |- + { + "disk": [ + { + "auto_delete": true, + "boot": true, + "source_image": "debian-cloud/debian-10" + } + ], + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "machine_type": "e2-small", + "metadata": { + "startup-script": "#! /bin/bash\nset -euo pipefail\nexport DEBIAN_FRONTEND=noninteractive\napt-get update\napt-get install -y nginx-light jq\nNAME=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/hostname\")\nIP=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip\")\nMETADATA=$(curl -f -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True\" | jq 'del(.[\"startup-script\"])')\ncat \u003c\u003cEOF \u003e /var/www/html/index.html\n\u003cpre\u003e\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n\u003c/pre\u003e\nEOF\n" + }, + "name": "l7-ilb-mig-template", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "${google_compute_network.ilb_network.id}", + "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" + } + ], + "project": "${google_project.service_project.project_id}", + "tags": [ + "http-server" + ] + } + google_compute_network.ilb_network: |- + { + "auto_create_subnetworks": false, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-network", + "project": "${google_project.service_project.project_id}" + } + google_compute_region_instance_group_manager.mig: |- + { + "base_instance_name": "vm", + "name": "l7-ilb-mig1", + "project": "${google_project.service_project.project_id}", + "region": "us-central1", + "target_size": 2, + "version": [ + { + "instance_template": "${google_compute_instance_template.instance_template.id}", + "name": "primary" + } + ] + } + google_compute_subnetwork.ilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-ilb-subnet", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_project.service_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + google_project_service.compute_service_project: |- + { + "project": "${google_project.service_project.project_id}", + "service": "compute.googleapis.com" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project_service.compute_service_project}" + ] + } + time_sleep.wait_120s_for_resource_ingestion: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_compute_region_instance_group_manager.mig}" + ] + } + - name: example + manifest: |- + { + "application_id": "${google_apphub_application.application.application_id}", + "attributes": [ + { + "business_owners": [ + { + "display_name": "Alice", + "email": "alice@google.com" + } + ], + "criticality": [ + { + "type": "MISSION_CRITICAL" + } + ], + "developer_owners": [ + { + "display_name": "Bob", + "email": "bob@google.com" + } + ], + "environment": [ + { + "type": "STAGING" + } + ], + "operator_owners": [ + { + "display_name": "Charlie", + "email": "charlie@google.com" + } + ] + } + ], + "description": "Register service for testing", + "discovered_workload": "${data.google_apphub_discovered_workload.catalog-workload.name}", + "display_name": "Example Service Full", + "location": "us-central1", + "workload_id": "${google_compute_region_instance_group_manager.mig.name}" + } + references: + application_id: google_apphub_application.application.application_id + discovered_workload: data.google_apphub_discovered_workload.catalog-workload.name + workload_id: google_compute_region_instance_group_manager.mig.name + dependencies: + google_apphub_application.application: |- + { + "application_id": "example-application-1", + "location": "us-central1", + "scope": [ + { + "type": "REGIONAL" + } + ] + } + google_apphub_service_project_attachment.service_project_attachment: |- + { + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "service_project_attachment_id": "${google_project.service_project.project_id}" + } + google_compute_instance_template.instance_template: |- + { + "disk": [ + { + "auto_delete": true, + "boot": true, + "source_image": "debian-cloud/debian-10" + } + ], + "lifecycle": [ + { + "create_before_destroy": true + } + ], + "machine_type": "e2-small", + "metadata": { + "startup-script": "#! /bin/bash\nset -euo pipefail\nexport DEBIAN_FRONTEND=noninteractive\napt-get update\napt-get install -y nginx-light jq\nNAME=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/hostname\")\nIP=$(curl -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip\")\nMETADATA=$(curl -f -H \"Metadata-Flavor: Google\" \"http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True\" | jq 'del(.[\"startup-script\"])')\ncat \u003c\u003cEOF \u003e /var/www/html/index.html\n\u003cpre\u003e\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n\u003c/pre\u003e\nEOF\n" + }, + "name": "l7-ilb-mig-template", + "network_interface": [ + { + "access_config": [ + {} + ], + "network": "${google_compute_network.ilb_network.id}", + "subnetwork": "${google_compute_subnetwork.ilb_subnet.id}" + } + ], + "project": "${google_project.service_project.project_id}", + "tags": [ + "http-server" + ] + } + google_compute_network.ilb_network: |- + { + "auto_create_subnetworks": false, + "depends_on": [ + "${time_sleep.wait_120s}" + ], + "name": "l7-ilb-network", + "project": "${google_project.service_project.project_id}" + } + google_compute_region_instance_group_manager.mig: |- + { + "base_instance_name": "vm", + "name": "l7-ilb-mig1", + "project": "${google_project.service_project.project_id}", + "region": "us-central1", + "target_size": 2, + "version": [ + { + "instance_template": "${google_compute_instance_template.instance_template.id}", + "name": "primary" + } + ] + } + google_compute_subnetwork.ilb_subnet: |- + { + "ip_cidr_range": "10.0.1.0/24", + "name": "l7-ilb-subnet", + "network": "${google_compute_network.ilb_network.id}", + "project": "${google_project.service_project.project_id}", + "region": "us-central1" + } + google_project.service_project: |- + { + "billing_account": "000000-0000000-0000000-000000", + "name": "Service Project", + "org_id": "123456789", + "project_id": "project-1" + } + google_project_service.compute_service_project: |- + { + "project": "${google_project.service_project.project_id}", + "service": "compute.googleapis.com" + } + time_sleep.wait_120s: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_project_service.compute_service_project}" + ] + } + time_sleep.wait_120s_for_resource_ingestion: |- + { + "create_duration": "120s", + "depends_on": [ + "${google_compute_region_instance_group_manager.mig}" + ] + } + argumentDocs: + application_id: |- + - + (Required) + Part of parent. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} + attributes: |- - (Optional) - Specific settings for a Docker remote repository. + Consumer provided attributes. Structure is documented below. - remote_repository_config.maven_repository: |- + attributes.business_owners: |- - (Optional) - Specific settings for a Maven remote repository. + Business team that ensures user needs are met and value is delivered Structure is documented below. - remote_repository_config.npm_repository: |- + attributes.criticality: |- - (Optional) - Specific settings for an Npm remote repository. + Criticality of the Application, Service, or Workload Structure is documented below. - remote_repository_config.python_repository: |- + attributes.developer_owners: |- - (Optional) - Specific settings for a Python remote repository. + Developer team that owns development and coding. Structure is documented below. - remote_repository_config.upstream_credentials: |- + attributes.environment: |- - (Optional) - The credentials used to access the remote repository. + Environment of the Application, Service, or Workload Structure is documented below. - remote_repository_config.yum_repository: |- + attributes.operator_owners: |- - (Optional) - Specific settings for an Yum remote repository. + Operator team that ensures runtime and operations. Structure is documented below. - repository_id: |- + business_owners.display_name: |- + - + (Optional) + Contact's name. + business_owners.email: |- - (Required) - The last part of the repository name, for example: - "repo1" - terraform_labels: |- + Email address of the contacts. + create: '- Default is 20 minutes.' + create_time: |- - - The combination of labels configured directly on the resource - and default labels configured on the provider. - update: '- Default is 20 minutes.' - update_time: |- + Output only. Create time. + criticality.type: |- - - The time when the repository was last updated. - upstream_credentials.username_password_credentials: |- + (Required) + Criticality type. + Possible values are: MISSION_CRITICAL, HIGH, MEDIUM, LOW. + delete: '- Default is 20 minutes.' + description: |- - (Optional) - Use username and password to access the remote repository. - Structure is documented below. - upstream_credentials.username_password_credentials.password_secret_version: |- + User-defined description of a Workload. + developer_owners.display_name: |- - (Optional) - The Secret Manager key version that holds the password to access the - remote repository. Must be in the format of - projects/{project}/secrets/{secret}/versions/{version}. - upstream_credentials.username_password_credentials.username: |- + Contact's name. + developer_owners.email: |- - - (Optional) - The username to access the remote repository. - virtual_repository_config: |- + (Required) + Email address of the contacts. + discovered_workload: |- - - (Optional) - Configuration specific for a Virtual Repository. - Structure is documented below. - virtual_repository_config.upstream_policies: |- + (Required) + Immutable. The resource name of the original discovered workload. + display_name: |- - (Optional) - Policies that configure the upstream artifacts distributed by the Virtual - Repository. Upstream policies cannot be set on a standard repository. - Structure is documented below. - virtual_repository_config.upstream_policies.id: |- + User-defined name for the Workload. + environment.type: |- - - (Optional) - The user-provided ID of the upstream policy. - virtual_repository_config.upstream_policies.priority: |- + (Required) + Environment type. + Possible values are: PRODUCTION, STAGING, TEST, DEVELOPMENT. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/applications/{{application_id}}/workloads/{{workload_id}}' + location: |- - - (Optional) - Entries with a greater priority value take precedence in the pull order. - virtual_repository_config.upstream_policies.repository: |- + (Required) + Part of parent. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID} + name: |- - - (Optional) - A reference to the repository resource, for example: - "projects/p1/locations/us-central1/repository/repo1". - yum_repository.public_repository: |- + Identifier. The resource name of the Workload. Format:"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}" + operator_owners.display_name: |- - (Optional) - One of the publicly available Yum repositories supported by Artifact Registry. - Structure is documented below. - yum_repository.public_repository.repository_base: |- + Contact's name. + operator_owners.email: |- - (Required) - A common public repository base for Yum. - Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. - yum_repository.public_repository.repository_path: |- + Email address of the contacts. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + state: |- + - + Output only. Workload state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED + uid: |- + - + Output only. A universally unique identifier (UUID) for the Workload in the UUID4 format. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Update time. + workload_id: |- - (Required) - Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" + The Workload identifier. + workload_properties: |- + - + Properties of an underlying compute resource represented by the Workload. + Structure is documented below. + workload_properties.gcp_project: |- + - + (Output) + Output only. The service project identifier that the underlying cloud resource resides in. Empty for non cloud resources. + workload_properties.location: |- + - + (Output) + Output only. The location that the underlying compute resource resides in (e.g us-west1). + workload_properties.zone: |- + - + (Output) + Output only. The location that the underlying compute resource resides in if it is zonal (e.g us-west1-a). + workload_reference: |- + - + Reference of an underlying compute resource represented by the Workload. + Structure is documented below. + workload_reference.uri: |- + - + (Output) + Output only. The underlying compute resource uri. importStatements: [] - google_artifact_registry_repository_iam_policy: + google_artifact_registry_repository: subCategory: Artifact Registry - description: Collection of resources to manage IAM policy for Artifact Registry Repository - name: google_artifact_registry_repository_iam_policy + description: A repository for storing artifacts + name: google_artifact_registry_repository title: "" examples: - - name: policy + - name: my-repo manifest: |- { - "location": "${google_artifact_registry_repository.my-repo.location}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_artifact_registry_repository.my-repo.project}", - "repository": "${google_artifact_registry_repository.my-repo.name}" + "description": "example docker repository", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository" } - references: - location: google_artifact_registry_repository.my-repo.location - policy_data: data.google_iam_policy.admin.policy_data - project: google_artifact_registry_repository.my-repo.project - repository: google_artifact_registry_repository.my-repo.name - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_artifact_registry_repository_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.' - google_artifact_registry_repository_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.' - google_artifact_registry_repository_iam_policy: ': Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.' - location: |- - - (Required) The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_artifact_registry_repository_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - repository: '- (Required) Used to find the parent resource to bind the IAM policy to' - role: |- - - (Required) The role that should be applied. Only one - google_artifact_registry_repository_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_artifact_registry_vpcsc_config: - subCategory: Artifact Registry - description: The Artifact Registry VPC SC config that applies to a Project. - name: google_artifact_registry_vpcsc_config - title: "" - examples: - - name: my-config + - name: my-repo manifest: |- { + "description": "example docker repository", + "docker_config": [ + { + "immutable_tags": true + } + ], + "format": "DOCKER", "location": "us-central1", - "provider": "${google-beta}", - "vpcsc_policy": "ALLOW" + "repository_id": "my-repository" } - references: - provider: google-beta - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vpcscConfig' - location: |- - - - (Optional) - The name of the location this config is located in. - name: |- - - - The name of the project's VPC SC Config. - Always of the form: projects/{project}/location/{location}/vpcscConfig - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' - vpcsc_policy: |- - - - (Optional) - The VPC SC policy for project and location. - Possible values are: DENY, ALLOW. - importStatements: [] - google_assured_workloads_workload: - subCategory: AssuredWorkloads - description: The AssuredWorkloads Workload resource - name: google_assured_workloads_workload - title: "" - examples: - - name: primary + - name: my-repo manifest: |- { - "billing_account": "billingAccounts/000000-0000000-0000000-000000", - "compliance_regime": "FEDRAMP_MODERATE", - "display_name": "{{display}}", - "kms_settings": [ - { - "next_rotation_time": "9999-10-02T15:01:23Z", - "rotation_period": "10368000s" - } + "depends_on": [ + "${google_kms_crypto_key_iam_member.crypto_key}" ], - "labels": { - "label-one": "value-one" - }, - "location": "us-west1", - "organization": "123456789", - "provisioned_resources_parent": "folders/519620126891", - "resource_settings": [ - { - "display_name": "folder-display-name", - "resource_type": "CONSUMER_FOLDER" - }, - { - "resource_type": "ENCRYPTION_KEYS_PROJECT" - }, + "description": "example docker repository with cmek", + "format": "DOCKER", + "kms_key_name": "kms-key", + "location": "us-central1", + "repository_id": "my-repository" + } + dependencies: + google_kms_crypto_key_iam_member.crypto_key: |- { - "resource_id": "ring", - "resource_type": "KEYRING" + "crypto_key_id": "kms-key", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" } - ], - "violation_notifications_enabled": true + - name: my-repo-upstream-1 + manifest: |- + { + "description": "example docker repository (upstream source) 1", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository-upstream-1" } - - name: primary + - name: my-repo-upstream-2 manifest: |- { - "billing_account": "billingAccounts/000000-0000000-0000000-000000", - "compliance_regime": "EU_REGIONS_AND_SUPPORT", - "display_name": "display", - "enable_sovereign_controls": true, - "kms_settings": [ - { - "next_rotation_time": "9999-10-02T15:01:23Z", - "rotation_period": "10368000s" - } - ], - "labels": { - "label-one": "value-one" - }, - "location": "europe-west9", - "organization": "123456789", - "provider": "${google-beta}", - "resource_settings": [ - { - "resource_type": "CONSUMER_FOLDER" - }, - { - "resource_type": "ENCRYPTION_KEYS_PROJECT" - }, + "description": "example docker repository (upstream source) 2", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository-upstream-2" + } + - name: my-repo + manifest: |- + { + "depends_on": [], + "description": "example virtual docker repository", + "format": "DOCKER", + "location": "us-central1", + "mode": "VIRTUAL_REPOSITORY", + "repository_id": "my-repository", + "virtual_repository_config": [ { - "resource_id": "ring", - "resource_type": "KEYRING" + "upstream_policies": [ + { + "id": "my-repository-upstream-1", + "priority": 20, + "repository": "${google_artifact_registry_repository.my-repo-upstream-1.id}" + }, + { + "id": "my-repository-upstream-2", + "priority": 10, + "repository": "${google_artifact_registry_repository.my-repo-upstream-2.id}" + } + ] } ] } references: - provider: google-beta - argumentDocs: - billing_account: |- - - - (Optional) - Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF. - compliance_regime: |- - - - (Required) - Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT - compliance_status: |- - - - Output only. Count of active Violations in the Workload. - compliant_but_disallowed_services: |- - - - Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment. - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. Immutable. The Workload creation timestamp. - delete: '- Default is 20 minutes.' - display_name: |- - - - (Required) - Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload - effective_labels: |- - - - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. - ekm_provisioning_response: |- - - - Optional. Represents the Ekm Provisioning State of the given workload. - enable_sovereign_controls: |- - - - (Optional) - Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. - id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/workloads/{{name}}' - kaj_enrollment_state: |- - - - Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE - kms_settings: |- - - - (Optional) - DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. - kms_settings.next_rotation_time: |- - - - (Required) - Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. - kms_settings.rotation_period: |- - - - (Required) - Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. - labels: |- - - - (Optional) - Optional. Labels applied to the workload. - location: |- - - - (Required) - The location for the resource - name: |- - - - Output only. The resource name of the workload. - organization: |- - - - (Required) - The organization for the resource - partner: |- - - - (Optional) - Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN - partner_permissions: |- - - - (Optional) - Optional. Permissions granted to the AW Partner SA account for the customer workload - partner_permissions.assured_workloads_monitoring: |- - - - (Optional) - Optional. Allow partner to view violation alerts. - partner_permissions.data_logs_viewer: |- - - - (Optional) - Allow the partner to view inspectability logs and monitoring violations. - partner_permissions.service_access_approver: |- - - - (Optional) - Optional. Allow partner to view access approval logs. - provisioned_resources_parent: |- - - - (Optional) - Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} - resource_settings: |- - - - (Optional) - Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. - resource_settings.display_name: |- - - - (Optional) - User-assigned resource display name. If not empty it will be used to create a resource with the specified name. - resource_settings.resource_id: |- - - - (Optional) - Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. - resource_settings.resource_type: |- - - - (Optional) - Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER - resources: |- - - - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. - saa_enrollment_response: |- - - - Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page. - terraform_labels: |- - - - The combination of labels configured directly on the resource and default labels configured on the provider. - update: '- Default is 20 minutes.' - violation_notifications_enabled: |- - - - (Optional) - Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. - importStatements: [] - google_backup_dr_management_server: - subCategory: Backup and DR - description: A Backup and DR Management Server (Also referred as Management Console) - name: google_backup_dr_management_server - title: "" - examples: - - name: ms-console + virtual_repository_config.upstream_policies.repository: google_artifact_registry_repository.my-repo-upstream-2.id + - name: my-repo manifest: |- { - "depends_on": [ - "${google_service_networking_connection.default}" - ], + "description": "example remote docker repository", + "format": "DOCKER", "location": "us-central1", - "name": "ms-console", - "networks": [ + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "network": "${google_compute_network.default.id}", - "peering_mode": "PRIVATE_SERVICE_ACCESS" + "description": "docker hub", + "docker_repository": [ + { + "public_repository": "DOCKER_HUB" + } + ] } ], - "provider": "${google-beta}", - "type": "BACKUP_RESTORE" + "repository_id": "my-repository" } - references: - networks.network: google_compute_network.default.id - provider: google-beta - dependencies: - google_compute_global_address.private_ip_address: |- - { - "address_type": "INTERNAL", - "name": "vpc-network", - "network": "${google_compute_network.default.id}", - "prefix_length": 20, - "provider": "${google-beta}", - "purpose": "VPC_PEERING" - } - google_compute_network.default: |- - { - "name": "vpc-network", - "provider": "${google-beta}" - } - google_service_networking_connection.default: |- - { - "network": "${google_compute_network.default.id}", - "provider": "${google-beta}", - "reserved_peering_ranges": [ - "${google_compute_global_address.private_ip_address.name}" - ], - "service": "servicenetworking.googleapis.com" - } - argumentDocs: - create: '- Default is 40 minutes.' - delete: '- Default is 40 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/managementServers/{{name}}' - location: |- - - - (Required) - The location for the management server (management console) - management_uri: |- - - - The management console URI - Structure is documented below. - management_uri.api: |- - - - (Output) - The management console api endpoint. - management_uri.web_ui: |- - - - (Output) - The management console webUi. - name: |- - - - (Required) - The name of management server (management console) - networks: |- - - - (Required) - Network details to create management server (management console). - Structure is documented below. - networks.network: |- - - - (Required) - Network with format projects/{{project_id}}/global/networks/{{network_id}} - networks.peering_mode: |- - - - (Optional) - Type of Network peeringMode - Default value is PRIVATE_SERVICE_ACCESS. - Possible values are: PRIVATE_SERVICE_ACCESS. - networks.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - networks.type: |- - - - (Optional) - The type of management server (management console). - Default value is BACKUP_RESTORE. - Possible values are: BACKUP_RESTORE. - oauth2_client_id: |- - - - The oauth2ClientId of management console. - importStatements: [] - google_beyondcorp_app_connection: - subCategory: BeyondCorp - description: A BeyondCorp AppConnection resource represents a BeyondCorp protected AppConnection to a remote application. - name: google_beyondcorp_app_connection - title: "" - examples: - - name: app_connection + - name: my-repo manifest: |- { - "application_endpoint": [ + "description": "example remote apt repository", + "format": "APT", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "host": "foo-host", - "port": 8080 + "apt_repository": [ + { + "public_repository": [ + { + "repository_base": "DEBIAN", + "repository_path": "debian/dists/buster" + } + ] + } + ], + "description": "Debian buster remote repository" } ], - "connectors": [ - "${google_beyondcorp_app_connector.app_connector.id}" - ], - "name": "my-app-connection", - "type": "TCP_PROXY" + "repository_id": "debian-buster" } - dependencies: - google_beyondcorp_app_connector.app_connector: |- + - name: my-repo + manifest: |- + { + "description": "example remote yum repository", + "format": "YUM", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "name": "my-app-connector", - "principal_info": [ + "description": "Centos 8 remote repository", + "yum_repository": [ { - "service_account": [ + "public_repository": [ { - "email": "${google_service_account.service_account.email}" + "repository_base": "CENTOS", + "repository_path": "centos/8-stream/BaseOS/x86_64/os" } ] } ] } - google_service_account.service_account: |- - { - "account_id": "my-account", - "display_name": "Test Service Account" - } - - name: app_connection + ], + "repository_id": "centos-8" + } + - name: my-repo manifest: |- { - "application_endpoint": [ + "cleanup_policies": [ { - "host": "foo-host", - "port": 8080 - } - ], - "connectors": [ - "${google_beyondcorp_app_connector.app_connector.id}" - ], - "display_name": "some display name", - "gateway": [ + "action": "DELETE", + "condition": [ + { + "older_than": "2592000s", + "tag_prefixes": [ + "alpha", + "v0" + ], + "tag_state": "TAGGED" + } + ], + "id": "delete-prerelease" + }, { - "app_gateway": "${google_beyondcorp_app_gateway.app_gateway.id}" - } - ], - "labels": { - "bar": "baz", - "foo": "bar" - }, - "name": "my-app-connection", - "type": "TCP_PROXY" - } - references: - gateway.app_gateway: google_beyondcorp_app_gateway.app_gateway.id - dependencies: - google_beyondcorp_app_connector.app_connector: |- + "action": "KEEP", + "condition": [ + { + "package_name_prefixes": [ + "webapp", + "mobile" + ], + "tag_prefixes": [ + "release" + ], + "tag_state": "TAGGED" + } + ], + "id": "keep-tagged-release" + }, { - "name": "my-app-connector", - "principal_info": [ + "action": "KEEP", + "id": "keep-minimum-versions", + "most_recent_versions": [ { - "service_account": [ - { - "email": "${google_service_account.service_account.email}" - } + "keep_count": 5, + "package_name_prefixes": [ + "webapp", + "mobile", + "sandbox" ] } ] } - google_beyondcorp_app_gateway.app_gateway: |- - { - "host_type": "GCP_REGIONAL_MIG", - "name": "my-app-gateway", - "type": "TCP_PROXY" - } - google_service_account.service_account: |- + ], + "cleanup_policy_dry_run": false, + "description": "example docker repository with cleanup policies", + "format": "DOCKER", + "location": "us-central1", + "repository_id": "my-repository" + } + - name: my-repo + manifest: |- + { + "description": "example remote dockerhub repository with credentials", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "account_id": "my-account", - "display_name": "Test Service Account" + "description": "docker hub with custom credentials", + "disable_upstream_validation": true, + "docker_repository": [ + { + "public_repository": "DOCKER_HUB" + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] + } + ] } - argumentDocs: - application_endpoint: |- - - - (Required) - Address of the remote application endpoint for the BeyondCorp AppConnection. - Structure is documented below. - application_endpoint.connectors: |- - - - (Optional) - List of AppConnectors that are authorised to be associated with this AppConnection - application_endpoint.display_name: |- - - - (Optional) - An arbitrary user-provided name for the AppConnection. - application_endpoint.effective_labels: for all of the labels present on the resource. - application_endpoint.gateway: |- - - - (Optional) - Gateway used by the AppConnection. - Structure is documented below. - application_endpoint.host: |- - - - (Required) - Hostname or IP address of the remote application endpoint. - application_endpoint.labels: |- - - - (Optional) - Resource labels to represent user provided metadata. - application_endpoint.port: |- - - - (Required) - Port of the remote application endpoint. - application_endpoint.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - application_endpoint.region: |- - - - (Optional) - The region of the AppConnection. - application_endpoint.type: |- - - - (Optional) - The type of network connectivity used by the AppConnection. Refer to - https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type - for a list of possible values. - create: '- Default is 30 minutes.' - delete: '- Default is 30 minutes.' - effective_labels: |- - - - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. - gateway.app_gateway: |- - - - (Required) - AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}. - gateway.ingress_port: |- - - - (Output) - Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443. - gateway.type: |- - - - (Optional) - The type of hosting used by the gateway. Refer to - https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 - for a list of possible values. - gateway.uri: |- - - - (Output) - Server-defined URI for this resource. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnections/{{name}}' - name: |- - - - (Required) - ID of the AppConnection. - terraform_labels: |- - - - The combination of labels configured directly on the resource - and default labels configured on the provider. - update: '- Default is 30 minutes.' - importStatements: [] - google_beyondcorp_app_connector: - subCategory: BeyondCorp - description: A BeyondCorp AppConnector resource represents an application facing component deployed proximal to and with direct access to the application instances. - name: google_beyondcorp_app_connector - title: "" - examples: - - name: app_connector + ], + "repository_id": "example-dockerhub-remote" + } + references: + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name + dependencies: + google_secret_manager_secret.example-remote-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" + } + - name: my-repo manifest: |- { - "name": "my-app-connector", - "principal_info": [ + "description": "example remote custom docker repository with credentials", + "format": "DOCKER", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "service_account": [ + "description": "custom docker remote with credentials", + "disable_upstream_validation": true, + "docker_repository": [ { - "email": "${google_service_account.service_account.email}" + "custom_repository": [ + { + "uri": "https://registry-1.docker.io" + } + ] + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] } ] } - ] + ], + "repository_id": "example-docker-custom-remote" } references: - principal_info.service_account.email: google_service_account.service_account.email + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name dependencies: - google_service_account.service_account: |- + google_secret_manager_secret.example-remote-secret: |- { - "account_id": "my-account", - "display_name": "Test Service Account" + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" } - - name: app_connector + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" + } + - name: my-repo manifest: |- { - "display_name": "some display name", - "labels": { - "bar": "baz", - "foo": "bar" - }, - "name": "my-app-connector", - "principal_info": [ + "description": "example remote custom maven repository with credentials", + "format": "MAVEN", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ { - "service_account": [ + "description": "custom maven remote with credentials", + "disable_upstream_validation": true, + "maven_repository": [ { - "email": "${google_service_account.service_account.email}" + "custom_repository": [ + { + "uri": "https://my.maven.registry" + } + ] + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] } ] } ], - "region": "us-central1" + "repository_id": "example-maven-custom-remote" } references: - principal_info.service_account.email: google_service_account.service_account.email + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name dependencies: - google_service_account.service_account: |- + google_secret_manager_secret.example-remote-secret: |- { - "account_id": "my-account", - "display_name": "Test Service Account" + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" + } + - name: my-repo + manifest: |- + { + "description": "example remote custom npm repository with credentials", + "format": "NPM", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "description": "custom npm with credentials", + "disable_upstream_validation": true, + "npm_repository": [ + { + "custom_repository": [ + { + "uri": "https://my.npm.registry" + } + ] + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] + } + ] + } + ], + "repository_id": "example-npm-custom-remote" + } + references: + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name + dependencies: + google_secret_manager_secret.example-remote-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" + } + - name: my-repo + manifest: |- + { + "description": "example remote custom python repository with credentials", + "format": "PYTHON", + "location": "us-central1", + "mode": "REMOTE_REPOSITORY", + "remote_repository_config": [ + { + "description": "custom npm with credentials", + "disable_upstream_validation": true, + "python_repository": [ + { + "custom_repository": [ + { + "uri": "https://my.python.registry" + } + ] + } + ], + "upstream_credentials": [ + { + "username_password_credentials": [ + { + "password_secret_version": "${google_secret_manager_secret_version.example-remote-secret_version.name}", + "username": "remote-username" + } + ] + } + ] + } + ], + "repository_id": "example-python-custom-remote" + } + references: + remote_repository_config.upstream_credentials.username_password_credentials.password_secret_version: google_secret_manager_secret_version.example-remote-secret_version.name + dependencies: + google_secret_manager_secret.example-remote-secret: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "example-secret" + } + google_secret_manager_secret_iam_member.secret-access: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com", + "role": "roles/secretmanager.secretAccessor", + "secret_id": "${google_secret_manager_secret.example-remote-secret.id}" + } + google_secret_manager_secret_version.example-remote-secret_version: |- + { + "secret": "${google_secret_manager_secret.example-remote-secret.id}", + "secret_data": "remote-password" } argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - effective_labels: |- + apt_repository.public_repository: |- - - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnectors/{{name}}' - name: |- + (Optional) + One of the publicly available Apt repositories supported by Artifact Registry. + Structure is documented below. + apt_repository.public_repository.repository_base: |- - (Required) - ID of the AppConnector. - principal_info: |- + A common public repository base for Apt, e.g. "debian/dists/buster" + Possible values are: DEBIAN, UBUNTU. + apt_repository.public_repository.repository_path: |- - (Required) - Principal information about the Identity of the AppConnector. - Structure is documented below. - principal_info.service_account: |- + Specific repository from the base. + cleanup_policies: |- - - (Required) - ServiceAccount represents a GCP service account. + (Optional) + Cleanup policies for this repository. Cleanup policies indicate when + certain package versions can be automatically deleted. + Map keys are policy IDs supplied by users during policy creation. They must + unique within a repository and be under 128 characters in length. Structure is documented below. - principal_info.service_account.display_name: |- + cleanup_policies.action: |- - (Optional) - An arbitrary user-provided name for the AppConnector. - principal_info.service_account.effective_labels: for all of the labels present on the resource. - principal_info.service_account.email: |- + Policy action. + Possible values are: DELETE, KEEP. + cleanup_policies.condition: |- - - (Required) - Email address of the service account. - principal_info.service_account.labels: |- + (Optional) + Policy condition for matching versions. + Structure is documented below. + cleanup_policies.id: '- (Required) The identifier for this object. Format specified above.' + cleanup_policies.most_recent_versions: |- - (Optional) - Resource labels to represent user provided metadata. - principal_info.service_account.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - principal_info.service_account.region: |- + Policy condition for retaining a minimum number of versions. May only be + specified with a Keep action. + Structure is documented below. + cleanup_policy_dry_run: |- - (Optional) - The region of the AppConnector. - state: |- + If true, the cleanup pipeline is prevented from deleting versions in this + repository. + condition.newer_than: |- - - Represents the different states of a AppConnector. - terraform_labels: |- + (Optional) + Match versions newer than a duration. + condition.older_than: |- - - The combination of labels configured directly on the resource - and default labels configured on the provider. - update: '- Default is 20 minutes.' - importStatements: [] - google_beyondcorp_app_gateway: - subCategory: BeyondCorp - description: A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway to a remote application. - name: google_beyondcorp_app_gateway - title: "" - examples: - - name: app_gateway - manifest: |- - { - "host_type": "GCP_REGIONAL_MIG", - "name": "my-app-gateway", - "region": "us-central1", - "type": "TCP_PROXY" - } - - name: app_gateway - manifest: |- - { - "display_name": "some display name", - "host_type": "GCP_REGIONAL_MIG", - "labels": { - "bar": "baz", - "foo": "bar" - }, - "name": "my-app-gateway", - "region": "us-central1", - "type": "TCP_PROXY" - } - argumentDocs: - allocated_connections: |- + (Optional) + Match versions older than a duration. + condition.package_name_prefixes: |- - - A list of connections allocated for the Gateway. - Structure is documented below. - allocated_connections.ingress_port: |- + (Optional) + Match versions by package prefix. Applied on any prefix match. + condition.tag_prefixes: |- - (Optional) - The ingress port of an allocated connection. - allocated_connections.psc_uri: |- + Match versions by tag prefix. Applied on any prefix match. + condition.tag_state: |- - (Optional) - The PSC uri of an allocated connection. + Match versions by tag status. + Default value is ANY. + Possible values are: TAGGED, UNTAGGED, ANY. + condition.version_name_prefixes: |- + - + (Optional) + Match versions by version name prefix. Applied on any prefix match. create: '- Default is 20 minutes.' + create_time: |- + - + The time when the repository was created. + custom_repository.uri: |- + - + (Optional) + Specific uri to the registry, e.g. "https://registry-1.docker.io" delete: '- Default is 20 minutes.' - display_name: |- + description: |- - (Optional) - An arbitrary user-provided name for the AppGateway. - effective_labels: for all of the labels present on the resource. - host_type: |- + The user-provided description of the repository. + docker_config: |- - (Optional) - The type of hosting used by the AppGateway. - Default value is HOST_TYPE_UNSPECIFIED. - Possible values are: HOST_TYPE_UNSPECIFIED, GCP_REGIONAL_MIG. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appGateways/{{name}}' - labels: |- + Docker repository config contains repository level configuration for the repositories of docker type. + Structure is documented below. + docker_config.immutable_tags: |- - (Optional) - Resource labels to represent user provided metadata. - name: |- + The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created. + docker_repository.custom_repository: |- - - (Required) - ID of the AppGateway. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - region: |- + (Optional) + Settings for a remote repository with a custom uri. + Structure is documented below. + docker_repository.public_repository: |- - (Optional) - The region of the AppGateway. - state: |- + Address of the remote repository. + Default value is DOCKER_HUB. + Possible values are: DOCKER_HUB. + effective_labels: for all of the labels present on the resource. + format: |- - - Represents the different states of a AppGateway. - terraform_labels: |- + (Required) + The format of packages that are stored in the repository. Supported formats + can be found here. + You can only create alpha formats if you are a member of the + alpha user group. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/repositories/{{repository_id}}' + kms_key_name: |- - - The combination of labels configured directly on the resource - and default labels configured on the provider. - type: |- + (Optional) + The Cloud KMS resource name of the customer managed encryption key that’s + used to encrypt the contents of the Repository. Has the form: + projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. + This value may not be changed after the Repository has been created. + labels: |- - (Optional) - The type of network connectivity used by the AppGateway. - Default value is TYPE_UNSPECIFIED. - Possible values are: TYPE_UNSPECIFIED, TCP_PROXY. - update: '- Default is 20 minutes.' - uri: |- + Labels with user-defined metadata. + This field may contain up to 64 entries. Label keys and values may be no + longer than 63 characters. Label keys must begin with a lowercase letter + and may only contain lowercase letters, numeric characters, underscores, + and dashes. + location: |- - - Server-defined URI for this resource. - importStatements: [] - google_biglake_catalog: - subCategory: Biglake - description: Catalogs are top-level containers for Databases and Tables. - name: google_biglake_catalog - title: "" - examples: - - name: default - manifest: |- - { - "location": "US", - "name": "my_catalog" - } - argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- - - - Output only. The creation time of the catalog. A timestamp in RFC3339 UTC - "Zulu" format, with nanosecond resolution and up to nine fractional - digits. - delete: '- Default is 20 minutes.' - delete_time: |- + (Optional) + The name of the location this repository is located in. + maven_config: |- - - Output only. The deletion time of the catalog. Only set after the catalog - is deleted. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond - resolution and up to nine fractional digits. - expire_time: |- + (Optional) + MavenRepositoryConfig is maven related repository details. + Provides additional configuration details for repositories of the maven + format type. + Structure is documented below. + maven_config.allow_snapshot_overwrites: |- - - Output only. The time when this catalog is considered expired. Only set - after the catalog is deleted. Only set after the catalog is deleted. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and - up to nine fractional digits. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/catalogs/{{name}}' - location: |- + (Optional) + The repository with this flag will allow publishing the same + snapshot versions. + maven_config.version_policy: |- - - (Required) - The geographic location where the Catalog should reside. - name: |- + (Optional) + Version policy defines the versions that the registry will accept. + Default value is VERSION_POLICY_UNSPECIFIED. + Possible values are: VERSION_POLICY_UNSPECIFIED, RELEASE, SNAPSHOT. + maven_repository.custom_repository: |- - - (Required) - The name of the Catalog. Format: - projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update_time: |- + (Optional) + Settings for a remote repository with a custom uri. + Structure is documented below. + maven_repository.public_repository: |- - - Output only. The last modification time of the catalog. A timestamp in - RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine - fractional digits. - importStatements: [] - google_biglake_database: - subCategory: Biglake - description: Databases are containers of tables. - name: google_biglake_database - title: "" - examples: - - name: database - manifest: |- - { - "catalog": "${google_biglake_catalog.catalog.id}", - "hive_options": [ - { - "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", - "parameters": { - "owner": "John Doe" - } - } - ], - "name": "my_database", - "type": "HIVE" - } - references: - catalog: google_biglake_catalog.catalog.id - dependencies: - google_biglake_catalog.catalog: |- - { - "location": "US", - "name": "my_catalog" - } - google_storage_bucket.bucket: |- - { - "force_destroy": true, - "location": "US", - "name": "my_bucket", - "uniform_bucket_level_access": true - } - google_storage_bucket_object.metadata_folder: |- - { - "bucket": "${google_storage_bucket.bucket.name}", - "content": " ", - "name": "metadata/" - } - argumentDocs: - catalog: |- + (Optional) + Address of the remote repository. + Default value is MAVEN_CENTRAL. + Possible values are: MAVEN_CENTRAL. + mode: |- - - (Required) - The parent catalog. - create: '- Default is 20 minutes.' - create_time: |- + (Optional) + The mode configures the repository to serve artifacts from different sources. + Default value is STANDARD_REPOSITORY. + Possible values are: STANDARD_REPOSITORY, VIRTUAL_REPOSITORY, REMOTE_REPOSITORY. + most_recent_versions.keep_count: |- - - Output only. The creation time of the database. A timestamp in RFC3339 - UTC "Zulu" format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and - "2014-10-02T15:01:23.045123456Z". - delete: '- Default is 20 minutes.' - delete_time: |- + (Optional) + Minimum number of versions to keep. + most_recent_versions.package_name_prefixes: |- - - Output only. The deletion time of the database. Only set after the - database is deleted. A timestamp in RFC3339 UTC "Zulu" format, with - nanosecond resolution and up to nine fractional digits. Examples: - "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - expire_time: |- + (Optional) + Match versions by package prefix. Applied on any prefix match. + name: |- - - Output only. The time when this database is considered expired. Only set - after the database is deleted. A timestamp in RFC3339 UTC "Zulu" format, - with nanosecond resolution and up to nine fractional digits. Examples: - "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - hive_options: |- + The name of the repository, for example: + "repo1" + npm_repository.custom_repository: |- - - (Required) - Options of a Hive database. + (Optional) + Settings for a remote repository with a custom uri. Structure is documented below. - hive_options.location_uri: |- + npm_repository.public_repository: |- - (Optional) - Cloud Storage folder URI where the database data is stored, starting with "gs://". - hive_options.parameters: |- + Address of the remote repository. + Default value is NPMJS. + Possible values are: NPMJS. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + python_repository.custom_repository: |- - (Optional) - Stores user supplied Hive database parameters. An object containing a - list of"key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - id: '- an identifier for the resource with format {{catalog}}/databases/{{name}}' - name: |- - - - (Required) - The name of the database. - type: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + python_repository.public_repository: |- - - (Required) - The database type. - update: '- Default is 20 minutes.' - update_time: |- + (Optional) + Address of the remote repository. + Default value is PYPI. + Possible values are: PYPI. + remote_repository_config: |- - - Output only. The last modification time of the database. A timestamp in - RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine - fractional digits. Examples: "2014-10-02T15:01:23Z" and - "2014-10-02T15:01:23.045123456Z". - importStatements: [] - google_biglake_table: - subCategory: Biglake - description: Represents a table. - name: google_biglake_table - title: "" - examples: - - name: table - manifest: |- - { - "database": "${google_biglake_database.database.id}", - "hive_options": [ - { - "parameters": { - "owner": "John Doe", - "provider": "iceberg", - "spark.sql.create.version": "3.1.3", - "spark.sql.partitionProvider": "catalog", - "spark.sql.sources.provider": "iceberg", - "spark.sql.sources.schema.numParts": "1", - "spark.sql.sources.schema.part.0": "{\"type\":\"struct\",\"fields\":[{\"name\":\"id\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}},{\"name\":\"name\",\"type\":\"string\",\"nullable\":true,\"metadata\":{}},{\"name\":\"age\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}}]}", - "transient_lastDdlTime": "1680894197" - }, - "storage_descriptor": [ - { - "input_format": "org.apache.hadoop.mapred.SequenceFileInputFormat", - "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.data_folder.name}", - "output_format": "org.apache.hadoop.hive.ql.io.HiveSequenceFileOutputFormat" - } - ], - "table_type": "MANAGED_TABLE" - } - ], - "name": "my_table", - "type": "HIVE" - } - references: - database: google_biglake_database.database.id - dependencies: - google_biglake_catalog.catalog: |- - { - "location": "US", - "name": "my_catalog" - } - google_biglake_database.database: |- - { - "catalog": "${google_biglake_catalog.catalog.id}", - "hive_options": [ - { - "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", - "parameters": { - "owner": "Alex" - } - } - ], - "name": "my_database", - "type": "HIVE" - } - google_storage_bucket.bucket: |- - { - "force_destroy": true, - "location": "US", - "name": "my_bucket", - "uniform_bucket_level_access": true - } - google_storage_bucket_object.data_folder: |- - { - "bucket": "${google_storage_bucket.bucket.name}", - "content": " ", - "name": "data/" - } - google_storage_bucket_object.metadata_folder: |- - { - "bucket": "${google_storage_bucket.bucket.name}", - "content": " ", - "name": "metadata/" - } - argumentDocs: - create: '- Default is 20 minutes.' - create_time: |- + (Optional) + Configuration specific for a Remote Repository. + Structure is documented below. + remote_repository_config.apt_repository: |- - - Output only. The creation time of the table. A timestamp in RFC3339 UTC - "Zulu" format, with nanosecond resolution and up to nine fractional - digits. Examples: "2014-10-02T15:01:23Z" and - "2014-10-02T15:01:23.045123456Z". - database: |- + (Optional) + Specific settings for an Apt remote repository. + Structure is documented below. + remote_repository_config.description: |- - (Optional) - The id of the parent database. - delete: '- Default is 20 minutes.' - delete_time: |- + The description of the remote source. + remote_repository_config.disable_upstream_validation: |- - - Output only. The deletion time of the table. Only set after the - table is deleted. A timestamp in RFC3339 UTC "Zulu" format, with - nanosecond resolution and up to nine fractional digits. Examples: - "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - etag: |- + (Optional) + If true, the remote repository upstream and upstream credentials will + not be validated. + remote_repository_config.docker_repository: |- - - The checksum of a table object computed by the server based on the value - of other fields. It may be sent on update requests to ensure the client - has an up-to-date value before proceeding. It is only checked for update - table operations. - expire_time: |- + (Optional) + Specific settings for a Docker remote repository. + Structure is documented below. + remote_repository_config.maven_repository: |- - - Output only. The time when this table is considered expired. Only set - after the table is deleted. A timestamp in RFC3339 UTC "Zulu" format, - with nanosecond resolution and up to nine fractional digits. Examples: - "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - hive_options: |- + (Optional) + Specific settings for a Maven remote repository. + Structure is documented below. + remote_repository_config.npm_repository: |- - (Optional) - Options of a Hive table. + Specific settings for an Npm remote repository. Structure is documented below. - hive_options.parameters: |- + remote_repository_config.python_repository: |- - (Optional) - Stores user supplied Hive table parameters. An object containing a - list of "key": value pairs. - Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - hive_options.storage_descriptor: |- + Specific settings for a Python remote repository. + Structure is documented below. + remote_repository_config.upstream_credentials: |- - (Optional) - Stores physical storage information on the data. + The credentials used to access the remote repository. Structure is documented below. - hive_options.table_type: |- + remote_repository_config.yum_repository: |- - (Optional) - Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. - id: '- an identifier for the resource with format {{database}}/tables/{{name}}' - name: |- + Specific settings for an Yum remote repository. + Structure is documented below. + repository_id: |- - (Required) - Output only. The name of the Table. Format: - projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} - storage_descriptor.input_format: |- + The last part of the repository name, for example: + "repo1" + terraform_labels: |- - - (Optional) - The fully qualified Java class name of the input format. - storage_descriptor.location_uri: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - Cloud Storage folder URI where the table data is stored, starting with "gs://". - storage_descriptor.output_format: |- + The time when the repository was last updated. + upstream_credentials.username_password_credentials: |- - (Optional) - The fully qualified Java class name of the output format. - type: |- + Use username and password to access the remote repository. + Structure is documented below. + upstream_credentials.username_password_credentials.password_secret_version: |- - (Optional) - The database type. - Possible values are: HIVE. - update: '- Default is 20 minutes.' - update_time: |- + The Secret Manager key version that holds the password to access the + remote repository. Must be in the format of + projects/{project}/secrets/{secret}/versions/{version}. + upstream_credentials.username_password_credentials.username: |- - - Output only. The last modification time of the table. A timestamp in - RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine - fractional digits. Examples: "2014-10-02T15:01:23Z" and - "2014-10-02T15:01:23.045123456Z". - importStatements: [] - google_bigquery_analytics_hub_data_exchange: - subCategory: Bigquery Analytics Hub - description: A Bigquery Analytics Hub data exchange - name: google_bigquery_analytics_hub_data_exchange - title: "" - examples: - - name: data_exchange - manifest: |- - { - "data_exchange_id": "my_data_exchange", - "description": "example data exchange", - "display_name": "my_data_exchange", - "location": "US" - } - argumentDocs: - create: '- Default is 20 minutes.' - data_exchange_id: |- + (Optional) + The username to access the remote repository. + virtual_repository_config: |- - - (Required) - The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. - delete: '- Default is 20 minutes.' - description: |- + (Optional) + Configuration specific for a Virtual Repository. + Structure is documented below. + virtual_repository_config.upstream_policies: |- - (Optional) - Description of the data exchange. - display_name: |- + Policies that configure the upstream artifacts distributed by the Virtual + Repository. Upstream policies cannot be set on a standard repository. + Structure is documented below. + virtual_repository_config.upstream_policies.id: |- - - (Required) - Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces. - documentation: |- + (Optional) + The user-provided ID of the upstream policy. + virtual_repository_config.upstream_policies.priority: |- - (Optional) - Documentation describing the data exchange. - icon: |- + Entries with a greater priority value take precedence in the pull order. + virtual_repository_config.upstream_policies.repository: |- - (Optional) - Base64 encoded image representing the data exchange. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' - listing_count: |- + A reference to the repository resource, for example: + "projects/p1/locations/us-central1/repository/repo1". + yum_repository.public_repository: |- - - Number of listings contained in the data exchange. - location: |- + (Optional) + One of the publicly available Yum repositories supported by Artifact Registry. + Structure is documented below. + yum_repository.public_repository.repository_base: |- - (Required) - The name of the location this data exchange. - name: |- - - - The resource name of the data exchange, for example: - "projects/myproject/locations/US/dataExchanges/123" - primary_contact: |- + A common public repository base for Yum. + Possible values are: CENTOS, CENTOS_DEBUG, CENTOS_VAULT, CENTOS_STREAM, ROCKY, EPEL. + yum_repository.public_repository.repository_path: |- - - (Optional) - Email or URL of the primary point of contact of the data exchange. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - update: '- Default is 20 minutes.' + (Required) + Specific repository from the base, e.g. "centos/8-stream/BaseOS/x86_64/os" importStatements: [] - google_bigquery_analytics_hub_data_exchange_iam_policy: - subCategory: Bigquery Analytics Hub - description: Collection of resources to manage IAM policy for Bigquery Analytics Hub DataExchange - name: google_bigquery_analytics_hub_data_exchange_iam_policy + google_artifact_registry_repository_iam_policy: + subCategory: Artifact Registry + description: Collection of resources to manage IAM policy for Artifact Registry Repository + name: google_artifact_registry_repository_iam_policy title: "" examples: - name: policy manifest: |- { - "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.data_exchange.data_exchange_id}", - "location": "${google_bigquery_analytics_hub_data_exchange.data_exchange.location}", + "location": "${google_artifact_registry_repository.my-repo.location}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_bigquery_analytics_hub_data_exchange.data_exchange.project}" + "project": "${google_artifact_registry_repository.my-repo.project}", + "repository": "${google_artifact_registry_repository.my-repo.name}" } references: - data_exchange_id: google_bigquery_analytics_hub_data_exchange.data_exchange.data_exchange_id - location: google_bigquery_analytics_hub_data_exchange.data_exchange.location + location: google_artifact_registry_repository.my-repo.location policy_data: data.google_iam_policy.admin.policy_data - project: google_bigquery_analytics_hub_data_exchange.data_exchange.project + project: google_artifact_registry_repository.my-repo.project + repository: google_artifact_registry_repository.my-repo.name argumentDocs: - data_exchange_id: '- (Required) The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' etag: '- (Computed) The etag of the IAM policy.' - google_bigquery_analytics_hub_data_exchange_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.' - google_bigquery_analytics_hub_data_exchange_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.' - google_bigquery_analytics_hub_data_exchange_iam_policy: ': Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.' + google_artifact_registry_repository_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.' + google_artifact_registry_repository_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.' + google_artifact_registry_repository_iam_policy: ': Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.' location: |- - - (Required) The name of the location this data exchange. + - (Required) The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_bigquery_analytics_hub_data_exchange_iam_policy) The policy data generated by + - (Required only by google_artifact_registry_repository_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + repository: '- (Required) Used to find the parent resource to bind the IAM policy to' role: |- - (Required) The role that should be applied. Only one - google_bigquery_analytics_hub_data_exchange_iam_binding can be used per role. Note that custom roles must be of the format + google_artifact_registry_repository_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_bigquery_analytics_hub_listing: - subCategory: Bigquery Analytics Hub - description: A Bigquery Analytics Hub data exchange listing - name: google_bigquery_analytics_hub_listing + google_artifact_registry_vpcsc_config: + subCategory: Artifact Registry + description: The Artifact Registry VPC SC config that applies to a Project. + name: google_artifact_registry_vpcsc_config title: "" examples: - - name: listing + - name: my-config manifest: |- { - "bigquery_dataset": [ - { - "dataset": "${google_bigquery_dataset.listing.id}" - } - ], - "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", - "description": "example data exchange", - "display_name": "my_listing", - "listing_id": "my_listing", - "location": "US" + "location": "us-central1", + "provider": "${google-beta}", + "vpcsc_policy": "ALLOW" } references: - bigquery_dataset.dataset: google_bigquery_dataset.listing.id - data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id - dependencies: - google_bigquery_analytics_hub_data_exchange.listing: |- - { - "data_exchange_id": "my_data_exchange", - "description": "example data exchange", - "display_name": "my_data_exchange", - "location": "US" - } - google_bigquery_dataset.listing: |- - { - "dataset_id": "my_listing", - "description": "example data exchange", - "friendly_name": "my_listing", - "location": "US" - } - - name: listing - manifest: |- - { - "bigquery_dataset": [ - { - "dataset": "${google_bigquery_dataset.listing.id}" + provider: google-beta + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/vpcscConfig' + location: |- + - + (Optional) + The name of the location this config is located in. + name: |- + - + The name of the project's VPC SC Config. + Always of the form: projects/{project}/location/{location}/vpcscConfig + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + vpcsc_policy: |- + - + (Optional) + The VPC SC policy for project and location. + Possible values are: DENY, ALLOW. + importStatements: [] + google_assured_workloads_workload: + subCategory: AssuredWorkloads + description: The AssuredWorkloads Workload resource + name: google_assured_workloads_workload + title: "" + examples: + - name: primary + manifest: |- + { + "billing_account": "billingAccounts/000000-0000000-0000000-000000", + "compliance_regime": "FEDRAMP_MODERATE", + "display_name": "{{display}}", + "kms_settings": [ + { + "next_rotation_time": "9999-10-02T15:01:23Z", + "rotation_period": "10368000s" } ], - "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", - "description": "example data exchange", - "display_name": "my_listing", - "listing_id": "my_listing", - "location": "US", - "restricted_export_config": [ + "labels": { + "label-one": "value-one" + }, + "location": "us-west1", + "organization": "123456789", + "provisioned_resources_parent": "folders/519620126891", + "resource_settings": [ { - "enabled": true, - "restrict_query_result": true + "display_name": "folder-display-name", + "resource_type": "CONSUMER_FOLDER" + }, + { + "resource_type": "ENCRYPTION_KEYS_PROJECT" + }, + { + "resource_id": "ring", + "resource_type": "KEYRING" } - ] + ], + "violation_notifications_enabled": true } - references: - bigquery_dataset.dataset: google_bigquery_dataset.listing.id - data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id - dependencies: - google_bigquery_analytics_hub_data_exchange.listing: |- + - name: primary + manifest: |- + { + "billing_account": "billingAccounts/000000-0000000-0000000-000000", + "compliance_regime": "EU_REGIONS_AND_SUPPORT", + "display_name": "display", + "enable_sovereign_controls": true, + "kms_settings": [ { - "data_exchange_id": "my_data_exchange", - "description": "example data exchange", - "display_name": "my_data_exchange", - "location": "US" + "next_rotation_time": "9999-10-02T15:01:23Z", + "rotation_period": "10368000s" } - google_bigquery_dataset.listing: |- + ], + "labels": { + "label-one": "value-one" + }, + "location": "europe-west9", + "organization": "123456789", + "provider": "${google-beta}", + "resource_settings": [ { - "dataset_id": "my_listing", - "description": "example data exchange", - "friendly_name": "my_listing", - "location": "US" + "resource_type": "CONSUMER_FOLDER" + }, + { + "resource_type": "ENCRYPTION_KEYS_PROJECT" + }, + { + "resource_id": "ring", + "resource_type": "KEYRING" } + ] + } + references: + provider: google-beta argumentDocs: - bigquery_dataset: |- - - - (Required) - Shared dataset i.e. BigQuery dataset source. - Structure is documented below. - bigquery_dataset.categories: |- - - - (Optional) - Categories of the listing. Up to two categories are allowed. - bigquery_dataset.data_provider: |- + billing_account: |- - (Optional) - Details of the data provider who owns the source data. - Structure is documented below. - bigquery_dataset.dataset: |- + Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billing_account_id}. For example, billingAccounts/012345-567890-ABCDEF. + compliance_regime: |- - (Required) - Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123 - bigquery_dataset.description: |- + Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT + compliance_status: |- - - (Optional) - Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). - bigquery_dataset.documentation: |- + Output only. Count of active Violations in the Workload. + compliant_but_disallowed_services: |- - - (Optional) - Documentation describing the listing. - bigquery_dataset.icon: |- + Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment. + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - Base64 encoded image representing the listing. - bigquery_dataset.primary_contact: |- + Output only. Immutable. The Workload creation timestamp. + delete: '- Default is 20 minutes.' + display_name: |- - - (Optional) - Email or URL of the primary point of contact of the listing. - bigquery_dataset.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - bigquery_dataset.publisher: |- + (Required) + Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload + effective_labels: |- - - (Optional) - Details of the publisher who owns the listing and who can share the source data. - Structure is documented below. - bigquery_dataset.request_access: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + ekm_provisioning_response: |- - - (Optional) - Email or URL of the request access of the listing. Subscribers can use this reference to request access. - bigquery_dataset.restricted_export_config: |- + Optional. Represents the Ekm Provisioning State of the given workload. + enable_sovereign_controls: |- - (Optional) - If set, restricted export configuration will be propagated and enforced on the linked dataset. - Structure is documented below. - create: '- Default is 20 minutes.' - data_exchange_id: |- - - - (Required) - The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. - data_provider.name: |- + Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers. + id: '- an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/workloads/{{name}}' + kaj_enrollment_state: |- - - (Required) - Name of the data provider. - data_provider.primary_contact: |- + Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE + kms_settings: |- - (Optional) - Email or URL of the data provider. - delete: '- Default is 20 minutes.' - display_name: |- + DEPRECATED Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field. + kms_settings.next_rotation_time: |- - (Required) - Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (&) and can't start or end with spaces. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' - listing_id: |- + Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary. + kms_settings.rotation_period: |- - (Required) - The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours. + labels: |- + - + (Optional) + Optional. Labels applied to the workload. location: |- - (Required) - The name of the location this data exchange listing. + The location for the resource name: |- - - The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456" - publisher.name: |- + Output only. The resource name of the workload. + organization: |- - (Required) - Name of the listing publisher. - publisher.primary_contact: |- + The organization for the resource + partner: |- - (Optional) - Email or URL of the listing publisher. - restricted_export_config.enabled: |- + Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN + partner_permissions: |- - (Optional) - If true, enable restricted export. - restricted_export_config.restrict_query_result: |- + Optional. Permissions granted to the AW Partner SA account for the customer workload + partner_permissions.assured_workloads_monitoring: |- - (Optional) - If true, restrict export of query result derived from restricted linked dataset table. - update: '- Default is 20 minutes.' - importStatements: [] - google_bigquery_analytics_hub_listing_iam_policy: - subCategory: Bigquery Analytics Hub - description: Collection of resources to manage IAM policy for Bigquery Analytics Hub Listing - name: google_bigquery_analytics_hub_listing_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "data_exchange_id": "${google_bigquery_analytics_hub_listing.listing.data_exchange_id}", - "listing_id": "${google_bigquery_analytics_hub_listing.listing.listing_id}", - "location": "${google_bigquery_analytics_hub_listing.listing.location}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_bigquery_analytics_hub_listing.listing.project}" - } - references: - data_exchange_id: google_bigquery_analytics_hub_listing.listing.data_exchange_id - listing_id: google_bigquery_analytics_hub_listing.listing.listing_id - location: google_bigquery_analytics_hub_listing.listing.location - policy_data: data.google_iam_policy.admin.policy_data - project: google_bigquery_analytics_hub_listing.listing.project - argumentDocs: - data_exchange_id: '- (Required) The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' - etag: '- (Computed) The etag of the IAM policy.' - google_bigquery_analytics_hub_listing_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.' - google_bigquery_analytics_hub_listing_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.' - google_bigquery_analytics_hub_listing_iam_policy: ': Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.' - listing_id: '- (Required) The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' - location: |- - - (Required) The name of the location this data exchange listing. - Used to find the parent resource to bind the IAM policy to - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_bigquery_analytics_hub_listing_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_bigquery_analytics_hub_listing_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_bigquery_bi_reservation: - subCategory: BigQuery Reservation - description: Represents a BI Reservation. - name: google_bigquery_bi_reservation - title: "" - examples: - - name: reservation - manifest: |- - { - "location": "us-west2", - "size": "3000000000" - } - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/biReservation' - location: |- + Optional. Allow partner to view violation alerts. + partner_permissions.data_logs_viewer: |- - - (Required) - LOCATION_DESCRIPTION - name: |- + (Optional) + Allow the partner to view inspectability logs and monitoring violations. + partner_permissions.service_access_approver: |- - - The resource name of the singleton BI reservation. Reservation names have the form projects/{projectId}/locations/{locationId}/biReservation. - preferred_tables: |- + (Optional) + Optional. Allow partner to view access approval logs. + provisioned_resources_parent: |- - (Optional) - Preferred tables to use BI capacity for. - Structure is documented below. - preferred_tables.dataset_id: |- + Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id} + resource_settings: |- - (Optional) - The ID of the dataset in the above project. - preferred_tables.project_id: |- + Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional. + resource_settings.display_name: |- - (Optional) - The assigned project ID of the project. - preferred_tables.table_id: |- + User-assigned resource display name. If not empty it will be used to create a resource with the specified name. + resource_settings.resource_id: |- - (Optional) - The ID of the table in the above dataset. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - size: |- + Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google. + resource_settings.resource_type: |- - (Optional) - Size of a reservation, in bytes. + Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER + resources: |- + - + Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only. + saa_enrollment_response: |- + - + Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page. + terraform_labels: |- + - + The combination of labels configured directly on the resource and default labels configured on the provider. update: '- Default is 20 minutes.' - update_time: |- + violation_notifications_enabled: |- - - The last update timestamp of a reservation. - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + (Optional) + Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload. importStatements: [] - google_bigquery_capacity_commitment: - subCategory: BigQuery Reservation - description: Capacity commitment is a way to purchase compute capacity for BigQuery jobs (in the form of slots) with some committed period of usage. - name: google_bigquery_capacity_commitment + google_backup_dr_management_server: + subCategory: Backup and DR + description: A Backup and DR Management Server (Also referred as Management Console) + name: google_backup_dr_management_server title: "" examples: - - name: example + - name: ms-console manifest: |- { - "capacity_commitment_id": "example-commitment", - "edition": "ENTERPRISE", - "location": "us-west2", - "plan": "FLEX_FLAT_RATE", - "slot_count": 100 + "depends_on": [ + "${google_service_networking_connection.default}" + ], + "location": "us-central1", + "name": "ms-console", + "networks": [ + { + "network": "${google_compute_network.default.id}", + "peering_mode": "PRIVATE_SERVICE_ACCESS" + } + ], + "provider": "${google-beta}", + "type": "BACKUP_RESTORE" } + references: + networks.network: google_compute_network.default.id + provider: google-beta + dependencies: + google_compute_global_address.private_ip_address: |- + { + "address_type": "INTERNAL", + "name": "vpc-network", + "network": "${google_compute_network.default.id}", + "prefix_length": 20, + "provider": "${google-beta}", + "purpose": "VPC_PEERING" + } + google_compute_network.default: |- + { + "name": "vpc-network", + "provider": "${google-beta}" + } + google_service_networking_connection.default: |- + { + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_address.name}" + ], + "service": "servicenetworking.googleapis.com" + } argumentDocs: - capacity_commitment_id: |- - - - (Optional) - The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is - empty. This field must only contain lower case alphanumeric characters or dashes. The first and last character - cannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split - or merged. - commitment_end_time: |- - - - The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. - commitment_start_time: |- + create: '- Default is 40 minutes.' + delete: '- Default is 40 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/managementServers/{{name}}' + location: |- - - The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - edition: |- + (Required) + The location for the management server (management console) + management_uri: |- - - (Optional) - The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS - enforce_single_admin_project_per_org: |- + The management console URI + Structure is documented below. + management_uri.api: |- - - (Optional) - If true, fail the request if another project in the organization has a capacity commitment. - id: '- an identifier for the resource with format {{name}}' - location: |- + (Output) + The management console api endpoint. + management_uri.web_ui: |- - - (Optional) - The geographic location where the transfer config should reside. - Examples: US, EU, asia-northeast1. The default value is US. + (Output) + The management console webUi. name: |- - - The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123 - plan: |- + (Required) + The name of management server (management console) + networks: |- - (Required) - Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan - project: |- + Network details to create management server (management console). + Structure is documented below. + networks.network: |- + - + (Required) + Network with format projects/{{project_id}}/global/networks/{{network_id}} + networks.peering_mode: |- + - + (Optional) + Type of Network peeringMode + Default value is PRIVATE_SERVICE_ACCESS. + Possible values are: PRIVATE_SERVICE_ACCESS. + networks.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - renewal_plan: |- + networks.type: |- - (Optional) - The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans. - slot_count: |- - - - (Required) - Number of slots in this commitment. - state: |- + The type of management server (management console). + Default value is BACKUP_RESTORE. + Possible values are: BACKUP_RESTORE. + oauth2_client_id: |- - - State of the commitment - update: '- Default is 20 minutes.' + The oauth2ClientId of management console. importStatements: [] - google_bigquery_connection: - subCategory: BigQuery Connection - description: A connection allows BigQuery connections to external data sources. - name: google_bigquery_connection + google_beyondcorp_app_connection: + subCategory: BeyondCorp + description: A BeyondCorp AppConnection resource represents a BeyondCorp protected AppConnection to a remote application. + name: google_beyondcorp_app_connection title: "" examples: - - name: connection - manifest: "{\n \"cloud_resource\": [\n {}\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" - - name: connection - manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" - references: - cloud_sql.credential.password: google_sql_user.user.password - cloud_sql.credential.username: google_sql_user.user.name - cloud_sql.database: google_sql_database.db.name - cloud_sql.instance_id: google_sql_database_instance.instance.connection_name - dependencies: - google_sql_database.db: |- + - name: app_connection + manifest: |- + { + "application_endpoint": [ { - "instance": "${google_sql_database_instance.instance.name}", - "name": "db" + "host": "foo-host", + "port": 8080 } - google_sql_database_instance.instance: |- + ], + "connectors": [ + "${google_beyondcorp_app_connector.app_connector.id}" + ], + "name": "my-app-connection", + "type": "TCP_PROXY" + } + dependencies: + google_beyondcorp_app_connector.app_connector: |- { - "database_version": "POSTGRES_11", - "deletion_protection": "true", - "name": "my-database-instance", - "region": "us-central1", - "settings": [ + "name": "my-app-connector", + "principal_info": [ { - "tier": "db-f1-micro" + "service_account": [ + { + "email": "${google_service_account.service_account.email}" + } + ] } ] } - google_sql_user.user: |- - { - "instance": "${google_sql_database_instance.instance.name}", - "name": "user", - "password": "${random_password.pwd.result}" - } - random_password.pwd: |- - { - "length": 16, - "special": false - } - - name: connection - manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" - references: - cloud_sql.credential.password: google_sql_user.user.password - cloud_sql.credential.username: google_sql_user.user.name - cloud_sql.database: google_sql_database.db.name - cloud_sql.instance_id: google_sql_database_instance.instance.connection_name - dependencies: - google_sql_database.db: |- - { - "instance": "${google_sql_database_instance.instance.name}", - "name": "db" - } - google_sql_database_instance.instance: |- + google_service_account.service_account: |- { - "database_version": "POSTGRES_11", - "deletion_protection": "true", - "name": "my-database-instance", - "region": "us-central1", - "settings": [ - { - "tier": "db-f1-micro" - } - ] + "account_id": "my-account", + "display_name": "Test Service Account" } - google_sql_user.user: |- + - name: app_connection + manifest: |- + { + "application_endpoint": [ { - "instance": "${google_sql_database_instance.instance.name}", - "name": "user", - "password": "${random_password.pwd.result}" + "host": "foo-host", + "port": 8080 } - random_password.pwd: |- + ], + "connectors": [ + "${google_beyondcorp_app_connector.app_connector.id}" + ], + "display_name": "some display name", + "gateway": [ { - "length": 16, - "special": false + "app_gateway": "${google_beyondcorp_app_gateway.app_gateway.id}" } - - name: connection - manifest: "{\n \"aws\": [\n {\n \"access_role\": [\n {\n \"iam_role_id\": \"arn:aws:iam::999999999999:role/omnirole\"\n }\n ]\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"aws-us-east-1\"\n}" - - name: connection - manifest: "{\n \"azure\": [\n {\n \"customer_tenant_id\": \"customer-tenant-id\",\n \"federated_application_client_id\": \"b43eeeee-eeee-eeee-eeee-a480155501ce\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"azure-eastus2\"\n}" - - name: connection - manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"database_role\": \"database_role\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" - - name: connection - manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"max_parallelism\": 100,\n \"use_data_boost\": true,\n \"use_parallelism\": true\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" - - name: connection - manifest: "{\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\",\n \"spark\": [\n {\n \"spark_history_server_config\": [\n {\n \"dataproc_cluster\": \"${google_dataproc_cluster.basic.id}\"\n }\n ]\n }\n ]\n}" + ], + "labels": { + "bar": "baz", + "foo": "bar" + }, + "name": "my-app-connection", + "type": "TCP_PROXY" + } references: - spark.spark_history_server_config.dataproc_cluster: google_dataproc_cluster.basic.id + gateway.app_gateway: google_beyondcorp_app_gateway.app_gateway.id dependencies: - google_dataproc_cluster.basic: |- + google_beyondcorp_app_connector.app_connector: |- { - "cluster_config": [ + "name": "my-app-connector", + "principal_info": [ { - "master_config": [ - { - "disk_config": [ - { - "boot_disk_size_gb": 35 - } - ], - "machine_type": "e2-standard-2", - "num_instances": 1 - } - ], - "software_config": [ + "service_account": [ { - "override_properties": { - "dataproc:dataproc.allow.zero.workers": "true" - } + "email": "${google_service_account.service_account.email}" } ] } - ], - "name": "my-connection", - "region": "us-central1" + ] + } + google_beyondcorp_app_gateway.app_gateway: |- + { + "host_type": "GCP_REGIONAL_MIG", + "name": "my-app-gateway", + "type": "TCP_PROXY" + } + google_service_account.service_account: |- + { + "account_id": "my-account", + "display_name": "Test Service Account" } argumentDocs: - aws: |- - - - (Optional) - Connection properties specific to Amazon Web Services. - Structure is documented below. - aws.access_role: |- + application_endpoint: |- - (Required) - Authentication using Google owned service account to assume into customer's AWS IAM Role. + Address of the remote application endpoint for the BeyondCorp AppConnection. Structure is documented below. - aws.access_role.iam_role_id: |- + application_endpoint.connectors: |- - - (Required) - The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection. - aws.access_role.identity: |- + (Optional) + List of AppConnectors that are authorised to be associated with this AppConnection + application_endpoint.display_name: |- - - (Output) - A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role. - azure: |- + (Optional) + An arbitrary user-provided name for the AppConnection. + application_endpoint.effective_labels: for all of the labels present on the resource. + application_endpoint.gateway: |- - (Optional) - Container for connection properties specific to Azure. + Gateway used by the AppConnection. Structure is documented below. - azure.application: |- + application_endpoint.host: |- - - (Output) - The name of the Azure Active Directory Application. - azure.client_id: |- + (Required) + Hostname or IP address of the remote application endpoint. + application_endpoint.labels: |- - - (Output) - The client id of the Azure Active Directory Application. - azure.customer_tenant_id: |- + (Optional) + Resource labels to represent user provided metadata. + application_endpoint.port: |- - (Required) - The id of customer's directory that host the data. - azure.federated_application_client_id: |- + Port of the remote application endpoint. + application_endpoint.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + application_endpoint.region: |- - (Optional) - The Azure Application (client) ID where the federated credentials will be hosted. - azure.identity: |- + The region of the AppConnection. + application_endpoint.type: |- - - (Output) - A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application. - azure.object_id: |- + (Optional) + The type of network connectivity used by the AppConnection. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type + for a list of possible values. + create: '- Default is 30 minutes.' + delete: '- Default is 30 minutes.' + effective_labels: |- - - (Output) - The object id of the Azure Active Directory Application. - azure.redirect_uri: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + gateway.app_gateway: |- + - + (Required) + AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}. + gateway.ingress_port: |- - (Output) - The URL user will be redirected to after granting consent during connection setup. - cloud_resource: |- + Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443. + gateway.type: |- - (Optional) - Container for connection properties for delegation of access to GCP resources. - Structure is documented below. - cloud_resource.service_account_id: |- + The type of hosting used by the gateway. Refer to + https://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1 + for a list of possible values. + gateway.uri: |- - (Output) - The account ID of the service created for the purpose of this connection. - cloud_spanner: |- - - - (Optional) - Connection properties specific to Cloud Spanner - Structure is documented below. - cloud_spanner.database: |- + Server-defined URI for this resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnections/{{name}}' + name: |- - (Required) - Cloud Spanner database in the form `project/instance/database'. - cloud_spanner.database_role: |- - - - (Optional) - Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. - cloud_spanner.max_parallelism: |- - - - (Optional) - Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. - cloud_spanner.use_data_boost: |- + ID of the AppConnection. + terraform_labels: |- - - (Optional) - If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. - cloud_spanner.use_parallelism: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + importStatements: [] + google_beyondcorp_app_connector: + subCategory: BeyondCorp + description: A BeyondCorp AppConnector resource represents an application facing component deployed proximal to and with direct access to the application instances. + name: google_beyondcorp_app_connector + title: "" + examples: + - name: app_connector + manifest: |- + { + "name": "my-app-connector", + "principal_info": [ + { + "service_account": [ + { + "email": "${google_service_account.service_account.email}" + } + ] + } + ] + } + references: + principal_info.service_account.email: google_service_account.service_account.email + dependencies: + google_service_account.service_account: |- + { + "account_id": "my-account", + "display_name": "Test Service Account" + } + - name: app_connector + manifest: |- + { + "display_name": "some display name", + "labels": { + "bar": "baz", + "foo": "bar" + }, + "name": "my-app-connector", + "principal_info": [ + { + "service_account": [ + { + "email": "${google_service_account.service_account.email}" + } + ] + } + ], + "region": "us-central1" + } + references: + principal_info.service_account.email: google_service_account.service_account.email + dependencies: + google_service_account.service_account: |- + { + "account_id": "my-account", + "display_name": "Test Service Account" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + effective_labels: |- - - (Optional) - If parallelism should be used when reading from Cloud Spanner. - cloud_spanner.use_serverless_analytics: |- + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appConnectors/{{name}}' + name: |- - - (Optional, Deprecated) - If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. - cloud_spanner.useServerlessAnalytics: is deprecated and will be removed in a future major release. Use useDataBoost instead. - cloud_sql: |- + (Required) + ID of the AppConnector. + principal_info: |- - - (Optional) - Connection properties specific to the Cloud SQL. + (Required) + Principal information about the Identity of the AppConnector. Structure is documented below. - cloud_sql.credential: |- + principal_info.service_account: |- - (Required) - Cloud SQL properties. + ServiceAccount represents a GCP service account. Structure is documented below. - cloud_sql.database: |- + principal_info.service_account.display_name: |- - - (Required) - Database name. - cloud_sql.instance_id: |- + (Optional) + An arbitrary user-provided name for the AppConnector. + principal_info.service_account.effective_labels: for all of the labels present on the resource. + principal_info.service_account.email: |- - (Required) - Cloud SQL instance ID in the form project:location:instance. - cloud_sql.service_account_id: |- - - - (Output) - When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection. - cloud_sql.type: |- + Email address of the service account. + principal_info.service_account.labels: |- - - (Required) - Type of the Cloud SQL database. - Possible values are: DATABASE_TYPE_UNSPECIFIED, POSTGRES, MYSQL. - connection_id: |- + (Optional) + Resource labels to represent user provided metadata. + principal_info.service_account.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + principal_info.service_account.region: |- - (Optional) - Optional connection id that should be assigned to the created connection. - create: '- Default is 20 minutes.' - credential.password: |- + The region of the AppConnector. + state: |- - - (Required) - Password for database. - Note: This property is sensitive and will not be displayed in the plan. - credential.username: |- + Represents the different states of a AppConnector. + terraform_labels: |- - - (Required) - Username for database. - delete: '- Default is 20 minutes.' - description: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + importStatements: [] + google_beyondcorp_app_gateway: + subCategory: BeyondCorp + description: A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway to a remote application. + name: google_beyondcorp_app_gateway + title: "" + examples: + - name: app_gateway + manifest: |- + { + "host_type": "GCP_REGIONAL_MIG", + "name": "my-app-gateway", + "region": "us-central1", + "type": "TCP_PROXY" + } + - name: app_gateway + manifest: |- + { + "display_name": "some display name", + "host_type": "GCP_REGIONAL_MIG", + "labels": { + "bar": "baz", + "foo": "bar" + }, + "name": "my-app-gateway", + "region": "us-central1", + "type": "TCP_PROXY" + } + argumentDocs: + allocated_connections: |- + - + A list of connections allocated for the Gateway. + Structure is documented below. + allocated_connections.ingress_port: |- - (Optional) - A descriptive description for the connection - friendly_name: |- + The ingress port of an allocated connection. + allocated_connections.psc_uri: |- - (Optional) - A descriptive name for the connection - has_credential: |- + The PSC uri of an allocated connection. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + display_name: |- - - True if the connection has credential assigned. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' - location: |- + (Optional) + An arbitrary user-provided name for the AppGateway. + effective_labels: for all of the labels present on the resource. + host_type: |- - (Optional) - The geographic location where the connection should reside. - Cloud SQL instance must be in the same location as the connection - with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. - Examples: US, EU, asia-northeast1, us-central1, europe-west1. - Spanner Connections same as spanner region - AWS allowed regions are aws-us-east-1 - Azure allowed regions are azure-eastus2 - metastore_service_config.metastore_service: |- + The type of hosting used by the AppGateway. + Default value is HOST_TYPE_UNSPECIFIED. + Possible values are: HOST_TYPE_UNSPECIFIED, GCP_REGIONAL_MIG. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/appGateways/{{name}}' + labels: |- - (Optional) - Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + Resource labels to represent user provided metadata. name: |- - - The resource name of the connection in the form of: - "projects/{project_id}/locations/{location_id}/connections/{connectionId}" + (Required) + ID of the AppGateway. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - spark: |- - - - (Optional) - Container for connection properties to execute stored procedures for Apache Spark. resources. - Structure is documented below. - spark.metastore_service_config: |- + region: |- - (Optional) - Dataproc Metastore Service configuration for the connection. - Structure is documented below. - spark.service_account_id: |- + The region of the AppGateway. + state: |- - - (Output) - The account ID of the service created for the purpose of this connection. - spark.spark_history_server_config: |- + Represents the different states of a AppGateway. + terraform_labels: |- - - (Optional) - Spark History Server configuration for the connection. - Structure is documented below. - spark_history_server_config.dataproc_cluster: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: |- - (Optional) - Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + The type of network connectivity used by the AppGateway. + Default value is TYPE_UNSPECIFIED. + Possible values are: TYPE_UNSPECIFIED, TCP_PROXY. update: '- Default is 20 minutes.' + uri: |- + - + Server-defined URI for this resource. importStatements: [] - google_bigquery_connection_iam_policy: - subCategory: BigQuery Connection - description: Collection of resources to manage IAM policy for BigQuery Connection Connection - name: google_bigquery_connection_iam_policy + google_biglake_catalog: + subCategory: Biglake + description: Catalogs are top-level containers for Databases and Tables. + name: google_biglake_catalog title: "" examples: - - name: policy + - name: default manifest: |- { - "connection_id": "${google_bigquery_connection.connection.connection_id}", - "location": "${google_bigquery_connection.connection.location}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_bigquery_connection.connection.project}" + "location": "US", + "name": "my_catalog" } - references: - connection_id: google_bigquery_connection.connection.connection_id - location: google_bigquery_connection.connection.location - policy_data: data.google_iam_policy.admin.policy_data - project: google_bigquery_connection.connection.project argumentDocs: - connection_id: |- - - (Required) Optional connection id that should be assigned to the created connection. - Used to find the parent resource to bind the IAM policy to - etag: '- (Computed) The etag of the IAM policy.' - google_bigquery_connection_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.' - google_bigquery_connection_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.' - google_bigquery_connection_iam_policy: ': Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.' + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The creation time of the catalog. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. The deletion time of the catalog. Only set after the catalog + is deleted. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + expire_time: |- + - + Output only. The time when this catalog is considered expired. Only set + after the catalog is deleted. Only set after the catalog is deleted. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/catalogs/{{name}}' location: |- - - (Required) The geographic location where the connection should reside. - Cloud SQL instance must be in the same location as the connection - with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. - Examples: US, EU, asia-northeast1, us-central1, europe-west1. - Spanner Connections same as spanner region - AWS allowed regions are aws-us-east-1 - Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_bigquery_connection_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- + - + (Required) + The geographic location where the Catalog should reside. + name: |- + - + (Required) + The name of the Catalog. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId} + project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_bigquery_connection_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. + If it is not provided, the provider project is used. + update_time: |- + - + Output only. The last modification time of the catalog. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. importStatements: [] - google_bigquery_data_transfer_config: - subCategory: BigQuery Data Transfer - description: Represents a data transfer configuration. - name: google_bigquery_data_transfer_config + google_biglake_database: + subCategory: Biglake + description: Databases are containers of tables. + name: google_biglake_database title: "" examples: - - name: query_config + - name: database manifest: |- { - "data_source_id": "scheduled_query", - "depends_on": [ - "${google_project_iam_member.permissions}" + "catalog": "${google_biglake_catalog.catalog.id}", + "hive_options": [ + { + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", + "parameters": { + "owner": "John Doe" + } + } ], - "destination_dataset_id": "${google_bigquery_dataset.my_dataset.dataset_id}", - "display_name": "my-query", - "location": "asia-northeast1", - "params": { - "destination_table_name_template": "my_table", - "query": "SELECT name FROM tabl WHERE x = 'y'", - "write_disposition": "WRITE_APPEND" - }, - "schedule": "first sunday of quarter 00:00" + "name": "my_database", + "type": "HIVE" } references: - destination_dataset_id: google_bigquery_dataset.my_dataset.dataset_id + catalog: google_biglake_catalog.catalog.id dependencies: - google_bigquery_dataset.my_dataset: |- + google_biglake_catalog.catalog: |- { - "dataset_id": "my_dataset", - "depends_on": [ - "${google_project_iam_member.permissions}" - ], - "description": "bar", - "friendly_name": "foo", - "location": "asia-northeast1" + "location": "US", + "name": "my_catalog" } - google_project_iam_member.permissions: |- + google_storage_bucket.bucket: |- { - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/iam.serviceAccountTokenCreator" + "force_destroy": true, + "location": "US", + "name": "my_bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.metadata_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "metadata/" } argumentDocs: + catalog: |- + - + (Required) + The parent catalog. create: '- Default is 20 minutes.' - data_refresh_window_days: |- + create_time: |- - - (Optional) - The number of days to look back to automatically refresh the data. - For example, if dataRefreshWindowDays = 10, then every day BigQuery - reingests data for [today-10, today-1], rather than ingesting data for - just [today-1]. Only valid if the data source supports the feature. - Set the value to 0 to use the default value. - data_source_id: |- + Output only. The creation time of the database. A timestamp in RFC3339 + UTC "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + delete_time: |- + - + Output only. The deletion time of the database. Only set after the + database is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + expire_time: |- + - + Output only. The time when this database is considered expired. Only set + after the database is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + hive_options: |- - (Required) - The data source id. Cannot be changed once the transfer config is created. - delete: '- Default is 20 minutes.' - destination_dataset_id: |- + Options of a Hive database. + Structure is documented below. + hive_options.location_uri: |- - (Optional) - The BigQuery target dataset id. - disabled: |- + Cloud Storage folder URI where the database data is stored, starting with "gs://". + hive_options.parameters: |- - (Optional) - When set to true, no runs are scheduled for a given transfer. - display_name: |- + Stores user supplied Hive database parameters. An object containing a + list of"key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + id: '- an identifier for the resource with format {{catalog}}/databases/{{name}}' + name: |- - (Required) - The user specified display name for the transfer config. - email_preferences: |- - - - (Optional) - Email notifications will be sent according to these preferences to the - email address of the user who owns this transfer config. - Structure is documented below. - email_preferences.enable_failure_email: |- + The name of the database. + type: |- - (Required) - If true, email notifications will be sent on transfer run failures. - id: '- an identifier for the resource with format {{name}}' - location: |- + The database type. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - The geographic location where the transfer config should reside. - Examples: US, EU, asia-northeast1. The default value is US. - name: |- + Output only. The last modification time of the database. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_biglake_table: + subCategory: Biglake + description: Represents a table. + name: google_biglake_table + title: "" + examples: + - name: table + manifest: |- + { + "database": "${google_biglake_database.database.id}", + "hive_options": [ + { + "parameters": { + "owner": "John Doe", + "provider": "iceberg", + "spark.sql.create.version": "3.1.3", + "spark.sql.partitionProvider": "catalog", + "spark.sql.sources.provider": "iceberg", + "spark.sql.sources.schema.numParts": "1", + "spark.sql.sources.schema.part.0": "{\"type\":\"struct\",\"fields\":[{\"name\":\"id\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}},{\"name\":\"name\",\"type\":\"string\",\"nullable\":true,\"metadata\":{}},{\"name\":\"age\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}}]}", + "transient_lastDdlTime": "1680894197" + }, + "storage_descriptor": [ + { + "input_format": "org.apache.hadoop.mapred.SequenceFileInputFormat", + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.data_folder.name}", + "output_format": "org.apache.hadoop.hive.ql.io.HiveSequenceFileOutputFormat" + } + ], + "table_type": "MANAGED_TABLE" + } + ], + "name": "my_table", + "type": "HIVE" + } + references: + database: google_biglake_database.database.id + dependencies: + google_biglake_catalog.catalog: |- + { + "location": "US", + "name": "my_catalog" + } + google_biglake_database.database: |- + { + "catalog": "${google_biglake_catalog.catalog.id}", + "hive_options": [ + { + "location_uri": "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.metadata_folder.name}", + "parameters": { + "owner": "Alex" + } + } + ], + "name": "my_database", + "type": "HIVE" + } + google_storage_bucket.bucket: |- + { + "force_destroy": true, + "location": "US", + "name": "my_bucket", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.data_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "data/" + } + google_storage_bucket_object.metadata_folder: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": " ", + "name": "metadata/" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- - - The resource name of the transfer config. Transfer config names have the - form projects/{projectId}/locations/{location}/transferConfigs/{configId} - or projects/{projectId}/transferConfigs/{configId}, - where configId is usually a uuid, but this is not required. - The name is ignored when creating a transfer config. - notification_pubsub_topic: |- + Output only. The creation time of the table. A timestamp in RFC3339 UTC + "Zulu" format, with nanosecond resolution and up to nine fractional + digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". + database: |- - (Optional) - Pub/Sub topic where notifications will be sent after transfer runs - associated with this transfer config finish. - params: |- + The id of the parent database. + delete: '- Default is 20 minutes.' + delete_time: |- - - (Required) - Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer' - section for each data source. For example the parameters for Cloud Storage transfers are listed here: - https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq - NOTE : If you are attempting to update a parameter that cannot be updated (due to api limitations) please force recreation of the resource. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - schedule: |- + Output only. The deletion time of the table. Only set after the + table is deleted. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + etag: |- - - (Optional) - Data transfer schedule. If the data source does not support a custom - schedule, this should be empty. If it is empty, the default value for - the data source will be used. The specified times are in UTC. Examples - of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, - jun 13:15, and first sunday of quarter 00:00. See more explanation - about the format here: - https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format - NOTE: the granularity should be at least 8 hours, or less frequent. - schedule_options: |- + The checksum of a table object computed by the server based on the value + of other fields. It may be sent on update requests to ensure the client + has an up-to-date value before proceeding. It is only checked for update + table operations. + expire_time: |- + - + Output only. The time when this table is considered expired. Only set + after the table is deleted. A timestamp in RFC3339 UTC "Zulu" format, + with nanosecond resolution and up to nine fractional digits. Examples: + "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + hive_options: |- - (Optional) - Options customizing the data transfer schedule. + Options of a Hive table. Structure is documented below. - schedule_options.disable_auto_scheduling: |- + hive_options.parameters: |- - (Optional) - If true, automatic scheduling of data transfer runs for this - configuration will be disabled. The runs can be started on ad-hoc - basis using transferConfigs.startManualRuns API. When automatic - scheduling is disabled, the TransferConfig.schedule field will - be ignored. - schedule_options.end_time: |- + Stores user supplied Hive table parameters. An object containing a + list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + hive_options.storage_descriptor: |- - (Optional) - Defines time to stop scheduling transfer runs. A transfer run cannot be - scheduled at or after the end time. The end time can be changed at any - moment. The time when a data transfer can be triggered manually is not - limited by this option. - schedule_options.start_time: |- + Stores physical storage information on the data. + Structure is documented below. + hive_options.table_type: |- - (Optional) - Specifies time to start scheduling transfer runs. The first run will be - scheduled at or after the start time according to a recurrence pattern - defined in the schedule string. The start time can be changed at any - moment. The time when a data transfer can be triggered manually is not - limited by this option. - sensitive_params: |- + Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE. + id: '- an identifier for the resource with format {{database}}/tables/{{name}}' + name: |- + - + (Required) + Output only. The name of the Table. Format: + projects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId} + storage_descriptor.input_format: |- - (Optional) - Different parameters are configured primarily using the the params field on this - resource. This block contains the parameters which contain secrets or passwords so that they can be marked - sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key - in the params map in the api request. - Credentials may not be specified in both locations and will cause an error. Changing from one location - to a different credential configuration in the config will require an apply to update state. - Structure is documented below. - sensitive_params.secret_access_key: |- + The fully qualified Java class name of the input format. + storage_descriptor.location_uri: |- - - (Required) - The Secret Access Key of the AWS account transferring data from. - Note: This property is sensitive and will not be displayed in the plan. - service_account_name: |- + (Optional) + Cloud Storage folder URI where the table data is stored, starting with "gs://". + storage_descriptor.output_format: |- - (Optional) - Service account email. If this field is set, transfer config will - be created with this service account credentials. It requires that - requesting user calling this API has permissions to act as this service account. + The fully qualified Java class name of the output format. + type: |- + - + (Optional) + The database type. + Possible values are: HIVE. update: '- Default is 20 minutes.' + update_time: |- + - + Output only. The last modification time of the table. A timestamp in + RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". importStatements: [] - google_bigquery_datapolicy_data_policy: - subCategory: BigQuery Data Policy - description: A BigQuery Data Policy - name: google_bigquery_datapolicy_data_policy + google_bigquery_analytics_hub_data_exchange: + subCategory: Bigquery Analytics Hub + description: A Bigquery Analytics Hub data exchange + name: google_bigquery_analytics_hub_data_exchange title: "" examples: - - name: data_policy + - name: data_exchange manifest: |- { - "data_policy_id": "data_policy", - "data_policy_type": "COLUMN_LEVEL_SECURITY_POLICY", - "location": "us-central1", - "policy_tag": "${google_data_catalog_policy_tag.policy_tag.name}" + "data_exchange_id": "my_data_exchange", + "description": "example data exchange", + "display_name": "my_data_exchange", + "location": "US" } - references: - policy_tag: google_data_catalog_policy_tag.policy_tag.name - dependencies: - google_data_catalog_policy_tag.policy_tag: |- - { - "description": "A policy tag normally associated with low security items", - "display_name": "Low security", - "taxonomy": "${google_data_catalog_taxonomy.taxonomy.id}" - } - google_data_catalog_taxonomy.taxonomy: |- - { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "taxonomy", - "region": "us-central1" - } argumentDocs: create: '- Default is 20 minutes.' - data_masking_policy: |- + data_exchange_id: |- + - + (Required) + The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + delete: '- Default is 20 minutes.' + description: |- - (Optional) - The data masking policy that specifies the data masking rule to use. - Structure is documented below. - data_masking_policy.predefined_expression: |- + Description of the data exchange. + display_name: |- - (Required) - The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. - Possible values are: SHA256, ALWAYS_NULL, DEFAULT_MASKING_VALUE, LAST_FOUR_CHARACTERS, FIRST_FOUR_CHARACTERS, EMAIL_MASK, DATE_YEAR_MASK. - data_policy_id: |- + Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces. + documentation: |- - - (Required) - User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. - data_policy_type: |- + (Optional) + Documentation describing the data exchange. + icon: |- - - (Required) - The enrollment level of the service. - Possible values are: COLUMN_LEVEL_SECURITY_POLICY, DATA_MASKING_POLICY. - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' + (Optional) + Base64 encoded image representing the data exchange. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}' + listing_count: |- + - + Number of listings contained in the data exchange. location: |- - (Required) - The name of the location of the data policy. + The name of the location this data exchange. name: |- - - Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. - policy_tag: |- + The resource name of the data exchange, for example: + "projects/myproject/locations/US/dataExchanges/123" + primary_contact: |- - - (Required) - Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + (Optional) + Email or URL of the primary point of contact of the data exchange. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. update: '- Default is 20 minutes.' importStatements: [] - google_bigquery_datapolicy_data_policy_iam_policy: - subCategory: BigQuery Data Policy - description: Collection of resources to manage IAM policy for BigQuery Data Policy DataPolicy - name: google_bigquery_datapolicy_data_policy_iam_policy + google_bigquery_analytics_hub_data_exchange_iam_policy: + subCategory: Bigquery Analytics Hub + description: Collection of resources to manage IAM policy for Bigquery Analytics Hub DataExchange + name: google_bigquery_analytics_hub_data_exchange_iam_policy title: "" examples: - name: policy manifest: |- { - "data_policy_id": "${google_bigquery_datapolicy_data_policy.data_policy.data_policy_id}", - "location": "${google_bigquery_datapolicy_data_policy.data_policy.location}", + "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.data_exchange.data_exchange_id}", + "location": "${google_bigquery_analytics_hub_data_exchange.data_exchange.location}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_bigquery_datapolicy_data_policy.data_policy.project}" + "project": "${google_bigquery_analytics_hub_data_exchange.data_exchange.project}" } references: - data_policy_id: google_bigquery_datapolicy_data_policy.data_policy.data_policy_id - location: google_bigquery_datapolicy_data_policy.data_policy.location + data_exchange_id: google_bigquery_analytics_hub_data_exchange.data_exchange.data_exchange_id + location: google_bigquery_analytics_hub_data_exchange.data_exchange.location policy_data: data.google_iam_policy.admin.policy_data - project: google_bigquery_datapolicy_data_policy.data_policy.project + project: google_bigquery_analytics_hub_data_exchange.data_exchange.project argumentDocs: + data_exchange_id: '- (Required) The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' etag: '- (Computed) The etag of the IAM policy.' - google_bigquery_datapolicy_data_policy_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.' - google_bigquery_datapolicy_data_policy_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.' - google_bigquery_datapolicy_data_policy_iam_policy: ': Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.' + google_bigquery_analytics_hub_data_exchange_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.' + google_bigquery_analytics_hub_data_exchange_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.' + google_bigquery_analytics_hub_data_exchange_iam_policy: ': Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.' location: |- - - (Required) The name of the location of the data policy. + - (Required) The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_bigquery_datapolicy_data_policy_iam_policy) The policy data generated by + - (Required only by google_bigquery_analytics_hub_data_exchange_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. role: |- - (Required) The role that should be applied. Only one - google_bigquery_datapolicy_data_policy_iam_binding can be used per role. Note that custom roles must be of the format + google_bigquery_analytics_hub_data_exchange_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_bigquery_dataset: - subCategory: BigQuery - description: Datasets allow you to organize and control access to your tables. - name: google_bigquery_dataset + google_bigquery_analytics_hub_listing: + subCategory: Bigquery Analytics Hub + description: A Bigquery Analytics Hub data exchange listing + name: google_bigquery_analytics_hub_listing title: "" examples: - - name: dataset + - name: listing manifest: |- { - "access": [ - { - "role": "OWNER", - "user_by_email": "${google_service_account.bqowner.email}" - }, + "bigquery_dataset": [ { - "domain": "hashicorp.com", - "role": "READER" + "dataset": "${google_bigquery_dataset.listing.id}" } ], - "dataset_id": "example_dataset", - "default_table_expiration_ms": 3600000, - "description": "This is a test description", - "friendly_name": "test", - "labels": { - "env": "default" - }, - "location": "EU" + "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", + "description": "example data exchange", + "display_name": "my_listing", + "listing_id": "my_listing", + "location": "US" } references: - access.user_by_email: google_service_account.bqowner.email + bigquery_dataset.dataset: google_bigquery_dataset.listing.id + data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id dependencies: - google_service_account.bqowner: |- + google_bigquery_analytics_hub_data_exchange.listing: |- { - "account_id": "bqowner" + "data_exchange_id": "my_data_exchange", + "description": "example data exchange", + "display_name": "my_data_exchange", + "location": "US" } - - name: dataset - manifest: |- - { - "dataset_id": "example_dataset", - "default_encryption_configuration": [ - { - "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" - } - ], - "default_table_expiration_ms": 3600000, - "description": "This is a test description", - "friendly_name": "test", - "location": "US" - } - references: - default_encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id - dependencies: - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "example-key" - } - google_kms_key_ring.key_ring: |- - { - "location": "us", - "name": "example-keyring" - } - - name: public - manifest: |- - { - "access": [ - { - "role": "OWNER", - "user_by_email": "${google_service_account.bqowner.email}" - }, - { - "domain": "hashicorp.com", - "role": "READER" - } - ], - "dataset_id": "public", - "default_table_expiration_ms": 3600000, - "description": "This dataset is public", - "friendly_name": "test", - "labels": { - "env": "default" - }, - "location": "EU" - } - references: - access.user_by_email: google_service_account.bqowner.email - dependencies: - google_service_account.bqowner: |- + google_bigquery_dataset.listing: |- { - "account_id": "bqowner" + "dataset_id": "my_listing", + "description": "example data exchange", + "friendly_name": "my_listing", + "location": "US" } - - name: dataset + - name: listing manifest: |- { - "access": [ - { - "role": "OWNER", - "user_by_email": "${google_service_account.bqowner.email}" - }, - { - "domain": "hashicorp.com", - "role": "READER" - }, + "bigquery_dataset": [ { - "dataset": [ - { - "dataset": [ - { - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "project_id": "${google_bigquery_dataset.public.project}" - } - ], - "target_types": [ - "VIEWS" - ] - } - ] + "dataset": "${google_bigquery_dataset.listing.id}" } ], - "dataset_id": "private", - "default_table_expiration_ms": 3600000, - "description": "This dataset is private", - "friendly_name": "test", - "labels": { - "env": "default" - }, - "location": "EU" - } - references: - access.dataset.dataset.dataset_id: google_bigquery_dataset.public.dataset_id - access.dataset.dataset.project_id: google_bigquery_dataset.public.project - access.user_by_email: google_service_account.bqowner.email - dependencies: - google_service_account.bqowner: |- - { - "account_id": "bqowner" - } - - name: public - manifest: |- - { - "dataset_id": "public_dataset", - "description": "This dataset is public" - } - dependencies: - google_bigquery_routine.public: |- - { - "arguments": [ - { - "argument_kind": "FIXED_TYPE", - "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", - "name": "value" - } - ], - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "definition_body": "SELECT 1 + value AS value\n", - "language": "SQL", - "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", - "routine_id": "public_routine", - "routine_type": "TABLE_VALUED_FUNCTION" - } - - name: private - manifest: |- - { - "access": [ - { - "role": "OWNER", - "user_by_email": "my@service-account.com" - }, + "data_exchange_id": "${google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id}", + "description": "example data exchange", + "display_name": "my_listing", + "listing_id": "my_listing", + "location": "US", + "restricted_export_config": [ { - "routine": [ - { - "dataset_id": "${google_bigquery_routine.public.dataset_id}", - "project_id": "${google_bigquery_routine.public.project}", - "routine_id": "${google_bigquery_routine.public.routine_id}" - } - ] + "enabled": true, + "restrict_query_result": true } - ], - "dataset_id": "private_dataset", - "description": "This dataset is private" + ] } references: - access.routine.dataset_id: google_bigquery_routine.public.dataset_id - access.routine.project_id: google_bigquery_routine.public.project - access.routine.routine_id: google_bigquery_routine.public.routine_id + bigquery_dataset.dataset: google_bigquery_dataset.listing.id + data_exchange_id: google_bigquery_analytics_hub_data_exchange.listing.data_exchange_id dependencies: - google_bigquery_routine.public: |- + google_bigquery_analytics_hub_data_exchange.listing: |- { - "arguments": [ - { - "argument_kind": "FIXED_TYPE", - "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", - "name": "value" - } - ], - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "definition_body": "SELECT 1 + value AS value\n", - "language": "SQL", - "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", - "routine_id": "public_routine", - "routine_type": "TABLE_VALUED_FUNCTION" + "data_exchange_id": "my_data_exchange", + "description": "example data exchange", + "display_name": "my_data_exchange", + "location": "US" } - - name: dataset - manifest: |- - { - "dataset_id": "example_dataset", - "description": "This is a test description", - "external_dataset_reference": [ + google_bigquery_dataset.listing: |- { - "connection": "projects/project/locations/aws-us-east-1/connections/connection", - "external_source": "aws-glue://arn:aws:glue:us-east-1:999999999999:database/database" + "dataset_id": "my_listing", + "description": "example data exchange", + "friendly_name": "my_listing", + "location": "US" } - ], - "friendly_name": "test", - "location": "aws-us-east-1", - "provider": "${google-beta}" - } - references: - provider: google-beta argumentDocs: - US: |- - . - Changing this forces a new resource to be created. - access: |- + bigquery_dataset: |- - - (Optional) - An array of objects that define dataset access for one or more entities. + (Required) + Shared dataset i.e. BigQuery dataset source. Structure is documented below. - access.dataset: |- + bigquery_dataset.categories: |- - (Optional) - Grants all resources of particular types in a particular dataset read access to the current dataset. - Structure is documented below. - access.domain: |- + Categories of the listing. Up to two categories are allowed. + bigquery_dataset.data_provider: |- - (Optional) - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access - access.group_by_email: |- + Details of the data provider who owns the source data. + Structure is documented below. + bigquery_dataset.dataset: |- + - + (Required) + Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123 + bigquery_dataset.description: |- - (Optional) - An email address of a Google Group to grant access to. - access.iam_member: |- + Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF). + bigquery_dataset.documentation: |- - (Optional) - Some other type of member that appears in the IAM Policy but isn't a user, - group, domain, or special group. For example: allUsers - access.role: |- + Documentation describing the listing. + bigquery_dataset.icon: |- - (Optional) - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles - are supported. Predefined roles that have equivalent basic roles - are swapped by the API to their basic counterparts. See - official docs. - access.routine: |- + Base64 encoded image representing the listing. + bigquery_dataset.primary_contact: |- - (Optional) - A routine from a different dataset to grant access to. Queries - executed against that routine will have read access to tables in - this dataset. The role field is not required when this field is - set. If that routine is updated by any user, access to the routine - needs to be granted again via an update operation. - Structure is documented below. - access.special_group: |- + Email or URL of the primary point of contact of the listing. + bigquery_dataset.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + bigquery_dataset.publisher: |- - (Optional) - A special group to grant access to. Possible values include: - access.user_by_email: |- + Details of the publisher who owns the listing and who can share the source data. + Structure is documented below. + bigquery_dataset.request_access: |- - (Optional) - An email address of a user to grant access to. For example: - fred@example.com - access.view: |- + Email or URL of the request access of the listing. Subscribers can use this reference to request access. + bigquery_dataset.restricted_export_config: |- - (Optional) - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + If set, restricted export configuration will be propagated and enforced on the linked dataset. Structure is documented below. - allAuthenticatedUsers: ': All authenticated BigQuery users.' create: '- Default is 20 minutes.' - creation_time: |- - - - The time when this dataset was created, in milliseconds since the - epoch. - dataset.dataset: |- + data_exchange_id: |- - (Required) - The dataset this entry applies to - Structure is documented below. - dataset.dataset_id: |- + The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + data_provider.name: |- - (Required) - The ID of the dataset containing this table. - dataset.project_id: |- + Name of the data provider. + data_provider.primary_contact: |- - - (Required) - The ID of the project containing this table. - dataset.target_types: |- + (Optional) + Email or URL of the data provider. + delete: '- Default is 20 minutes.' + display_name: |- - (Required) - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS - dataset_id: |- + Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (&) and can't start or end with spaces. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}' + listing_id: |- - (Required) - A unique ID for this dataset, without the project name. The ID - must contain only letters (a-z, A-Z), numbers (0-9), or - underscores (_). The maximum length is 1,024 characters. - default_collation: |- + The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. + location: |- - - (Optional) - Defines the default collation specification of future tables created - in the dataset. If a table is created in this dataset without table-level - default collation, then the table inherits the dataset default collation, - which is applied to the string fields that do not have explicit collation - specified. A change to this field affects only tables created afterwards, - and does not alter the existing tables. - The following values are supported: - default_encryption_configuration: |- + (Required) + The name of the location this data exchange listing. + name: |- - - (Optional) - The default encryption key for all tables in the dataset. Once this property is set, - all newly-created partitioned tables in the dataset will have encryption key set to - this value, unless table creation request (or query) overrides the key. - Structure is documented below. - default_encryption_configuration.kms_key_name: |- + The resource name of the listing. e.g. "projects/myproject/locations/US/dataExchanges/123/listings/456" + publisher.name: |- - (Required) - Describes the Cloud KMS encryption key that will be used to protect destination - BigQuery table. The BigQuery Service Account associated with your project requires - access to this encryption key. - default_partition_expiration_ms: |- + Name of the listing publisher. + publisher.primary_contact: |- - (Optional) - The default partition expiration for all partitioned tables in - the dataset, in milliseconds. - default_table_expiration_ms: |- + Email or URL of the listing publisher. + restricted_export_config.enabled: |- - (Optional) - The default lifetime of all tables in the dataset, in milliseconds. - The minimum value is 3600000 milliseconds (one hour). - delete: '- Default is 20 minutes.' - delete_contents_on_destroy: |- - - (Optional) If set to true, delete all the tables in the - dataset when destroying the resource; otherwise, - destroying the resource will fail if tables are present. - description: |- + If true, enable restricted export. + restricted_export_config.restrict_query_result: |- - (Optional) - A user-friendly description of the dataset - effective_labels: for all of the labels present on the resource. - etag: |- - - - A hash of the resource. - expirationMs: |- - property in the timePartitioning - settings set to this value, and changing the value will only - affect new tables, not existing ones. The storage in a partition will - have an expiration time of its partition time plus this value. - Setting this property overrides the use of defaultTableExpirationMs - for partitioned tables: only one of defaultTableExpirationMs and - defaultPartitionExpirationMs will be used for any new partitioned - table. If you provide an explicit timePartitioning.expirationMs when - creating or updating a partitioned table, that value takes precedence - over the default partition expiration time indicated by this property. - expirationTime: |- - property set to the creation time plus - the value in this property, and changing the value will only affect - new tables, not existing ones. When the expirationTime for a given - table is reached, that table will be deleted automatically. - If a table's expirationTime is modified or removed before the - table expires, or if you provide an explicit expirationTime when - creating a table, that value takes precedence over the default - expiration time indicated by this property. - external_dataset_reference: |- - - - (Optional, Beta) - Information about the external metadata storage where the dataset is defined. - Structure is documented below. - external_dataset_reference.connection: |- - - - (Required) - The connection id that is used to access the externalSource. - Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} - external_dataset_reference.external_source: |- + If true, restrict export of query result derived from restricted linked dataset table. + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_analytics_hub_listing_iam_policy: + subCategory: Bigquery Analytics Hub + description: Collection of resources to manage IAM policy for Bigquery Analytics Hub Listing + name: google_bigquery_analytics_hub_listing_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "data_exchange_id": "${google_bigquery_analytics_hub_listing.listing.data_exchange_id}", + "listing_id": "${google_bigquery_analytics_hub_listing.listing.listing_id}", + "location": "${google_bigquery_analytics_hub_listing.listing.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_bigquery_analytics_hub_listing.listing.project}" + } + references: + data_exchange_id: google_bigquery_analytics_hub_listing.listing.data_exchange_id + listing_id: google_bigquery_analytics_hub_listing.listing.listing_id + location: google_bigquery_analytics_hub_listing.listing.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_bigquery_analytics_hub_listing.listing.project + argumentDocs: + data_exchange_id: '- (Required) The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' + etag: '- (Computed) The etag of the IAM policy.' + google_bigquery_analytics_hub_listing_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.' + google_bigquery_analytics_hub_listing_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.' + google_bigquery_analytics_hub_listing_iam_policy: ': Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.' + listing_id: '- (Required) The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to' + location: |- + - (Required) The name of the location this data exchange listing. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_bigquery_analytics_hub_listing_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_bigquery_analytics_hub_listing_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_bigquery_bi_reservation: + subCategory: BigQuery Reservation + description: Represents a BI Reservation. + name: google_bigquery_bi_reservation + title: "" + examples: + - name: reservation + manifest: |- + { + "location": "us-west2", + "size": "3000000000" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/biReservation' + location: |- - (Required) - External source that backs this dataset. - friendly_name: |- + LOCATION_DESCRIPTION + name: |- - - (Optional) - A descriptive name for the dataset - id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}' - is_case_insensitive: |- + The resource name of the singleton BI reservation. Reservation names have the form projects/{projectId}/locations/{locationId}/biReservation. + preferred_tables: |- - (Optional) - TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. - By default, this is FALSE, which means the dataset and its table names are - case-sensitive. This field does not affect routine references. - labels: |- + Preferred tables to use BI capacity for. + Structure is documented below. + preferred_tables.dataset_id: |- - (Optional) - The labels associated with this dataset. You can use these to - organize and group your datasets. - last_modified_time: |- - - - The date when this dataset or any of its tables was last modified, in - milliseconds since the epoch. - location: |- + The ID of the dataset in the above project. + preferred_tables.project_id: |- - (Optional) - The geographic location where the dataset should reside. - See official docs. - max_time_travel_hours: |- + The assigned project ID of the project. + preferred_tables.table_id: |- - (Optional) - Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days). + The ID of the table in the above dataset. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. - projectOwners: ': Owners of the enclosing project.' - projectReaders: ': Readers of the enclosing project.' - projectWriters: ': Writers of the enclosing project.' - routine.dataset_id: |- - - - (Required) - The ID of the dataset containing this table. - routine.project_id: |- - - - (Required) - The ID of the project containing this table. - routine.routine_id: |- - - - (Required) - The ID of the routine. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 256 characters. - self_link: '- The URI of the created resource.' - storage_billing_model: |- + size: |- - (Optional) - Specifies the storage billing model for the dataset. - Set this flag value to LOGICAL to use logical bytes for storage billing, - or to PHYSICAL to use physical bytes instead. - LOGICAL is the default if this flag isn't specified. - terraform_labels: |- - - - The combination of labels configured directly on the resource - and default labels configured on the provider. + Size of a reservation, in bytes. update: '- Default is 20 minutes.' - view.dataset_id: |- - - - (Required) - The ID of the dataset containing this table. - view.project_id: |- - - - (Required) - The ID of the project containing this table. - view.table_id: |- + update_time: |- - - (Required) - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + The last update timestamp of a reservation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". importStatements: [] - google_bigquery_dataset_access: - subCategory: BigQuery - description: Gives dataset access for a single entity. - name: google_bigquery_dataset_access + google_bigquery_capacity_commitment: + subCategory: BigQuery Reservation + description: Capacity commitment is a way to purchase compute capacity for BigQuery jobs (in the form of slots) with some committed period of usage. + name: google_bigquery_capacity_commitment title: "" examples: - - name: access + - name: example manifest: |- { - "dataset_id": "${google_bigquery_dataset.dataset.dataset_id}", - "role": "OWNER", - "user_by_email": "${google_service_account.bqowner.email}" + "capacity_commitment_id": "example-commitment", + "edition": "ENTERPRISE", + "location": "us-west2", + "plan": "FLEX_FLAT_RATE", + "slot_count": 100 } + argumentDocs: + capacity_commitment_id: |- + - + (Optional) + The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is + empty. This field must only contain lower case alphanumeric characters or dashes. The first and last character + cannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split + or merged. + commitment_end_time: |- + - + The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. + commitment_start_time: |- + - + The start of the current commitment period. It is applicable only for ACTIVE capacity commitments. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + edition: |- + - + (Optional) + The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS + enforce_single_admin_project_per_org: |- + - + (Optional) + If true, fail the request if another project in the organization has a capacity commitment. + id: '- an identifier for the resource with format {{name}}' + location: |- + - + (Optional) + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + name: |- + - + The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123 + plan: |- + - + (Required) + Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + renewal_plan: |- + - + (Optional) + The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans. + slot_count: |- + - + (Required) + Number of slots in this commitment. + state: |- + - + State of the commitment + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_connection: + subCategory: BigQuery Connection + description: A connection allows BigQuery connections to external data sources. + name: google_bigquery_connection + title: "" + examples: + - name: connection + manifest: "{\n \"cloud_resource\": [\n {}\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + - name: connection + manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" references: - dataset_id: google_bigquery_dataset.dataset.dataset_id - user_by_email: google_service_account.bqowner.email + cloud_sql.credential.password: google_sql_user.user.password + cloud_sql.credential.username: google_sql_user.user.name + cloud_sql.database: google_sql_database.db.name + cloud_sql.instance_id: google_sql_database_instance.instance.connection_name dependencies: - google_bigquery_dataset.dataset: |- - { - "dataset_id": "example_dataset" - } - google_service_account.bqowner: |- + google_sql_database.db: |- { - "account_id": "bqowner" + "instance": "${google_sql_database_instance.instance.name}", + "name": "db" } - - name: access - manifest: |- - { - "dataset_id": "${google_bigquery_dataset.private.dataset_id}", - "view": [ + google_sql_database_instance.instance: |- { - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "project_id": "${google_bigquery_table.public.project}", - "table_id": "${google_bigquery_table.public.table_id}" + "database_version": "POSTGRES_11", + "deletion_protection": "true", + "name": "my-database-instance", + "region": "us-central1", + "settings": [ + { + "tier": "db-f1-micro" + } + ] } - ] - } - references: - dataset_id: google_bigquery_dataset.private.dataset_id - view.dataset_id: google_bigquery_dataset.public.dataset_id - view.project_id: google_bigquery_table.public.project - view.table_id: google_bigquery_table.public.table_id - dependencies: - google_bigquery_dataset.private: |- + google_sql_user.user: |- { - "dataset_id": "example_dataset" + "instance": "${google_sql_database_instance.instance.name}", + "name": "user", + "password": "${random_password.pwd.result}" } - google_bigquery_dataset.public: |- + random_password.pwd: |- { - "dataset_id": "example_dataset2" + "length": 16, + "special": false } - google_bigquery_table.public: |- + - name: connection + manifest: "{\n \"cloud_sql\": [\n {\n \"credential\": [\n {\n \"password\": \"${google_sql_user.user.password}\",\n \"username\": \"${google_sql_user.user.name}\"\n }\n ],\n \"database\": \"${google_sql_database.db.name}\",\n \"instance_id\": \"${google_sql_database_instance.instance.connection_name}\",\n \"type\": \"POSTGRES\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + references: + cloud_sql.credential.password: google_sql_user.user.password + cloud_sql.credential.username: google_sql_user.user.name + cloud_sql.database: google_sql_database.db.name + cloud_sql.instance_id: google_sql_database_instance.instance.connection_name + dependencies: + google_sql_database.db: |- { - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "deletion_protection": false, - "table_id": "example_table", - "view": [ - { - "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", - "use_legacy_sql": false - } - ] + "instance": "${google_sql_database_instance.instance.name}", + "name": "db" } - - name: access - manifest: |- - { - "dataset": [ + google_sql_database_instance.instance: |- { - "dataset": [ + "database_version": "POSTGRES_11", + "deletion_protection": "true", + "name": "my-database-instance", + "region": "us-central1", + "settings": [ { - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "project_id": "${google_bigquery_dataset.public.project}" + "tier": "db-f1-micro" } - ], - "target_types": [ - "VIEWS" ] } - ], - "dataset_id": "${google_bigquery_dataset.private.dataset_id}" - } - references: - dataset.dataset.dataset_id: google_bigquery_dataset.public.dataset_id - dataset.dataset.project_id: google_bigquery_dataset.public.project - dataset_id: google_bigquery_dataset.private.dataset_id - dependencies: - google_bigquery_dataset.private: |- - { - "dataset_id": "private" - } - google_bigquery_dataset.public: |- + google_sql_user.user: |- { - "dataset_id": "public" + "instance": "${google_sql_database_instance.instance.name}", + "name": "user", + "password": "${random_password.pwd.result}" } - - name: authorized_routine - manifest: |- - { - "dataset_id": "${google_bigquery_dataset.private.dataset_id}", - "routine": [ + random_password.pwd: |- { - "dataset_id": "${google_bigquery_routine.public.dataset_id}", - "project_id": "${google_bigquery_routine.public.project}", - "routine_id": "${google_bigquery_routine.public.routine_id}" + "length": 16, + "special": false } - ] - } + - name: connection + manifest: "{\n \"aws\": [\n {\n \"access_role\": [\n {\n \"iam_role_id\": \"arn:aws:iam::999999999999:role/omnirole\"\n }\n ]\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"aws-us-east-1\"\n}" + - name: connection + manifest: "{\n \"azure\": [\n {\n \"customer_tenant_id\": \"customer-tenant-id\",\n \"federated_application_client_id\": \"b43eeeee-eeee-eeee-eeee-a480155501ce\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"azure-eastus2\"\n}" + - name: connection + manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"database_role\": \"database_role\"\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + - name: connection + manifest: "{\n \"cloud_spanner\": [\n {\n \"database\": \"projects/project/instances/instance/databases/database\",\n \"max_parallelism\": 100,\n \"use_data_boost\": true,\n \"use_parallelism\": true\n }\n ],\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\"\n}" + - name: connection + manifest: "{\n \"connection_id\": \"my-connection\",\n \"description\": \"a riveting description\",\n \"friendly_name\": \"\U0001F44B\",\n \"location\": \"US\",\n \"spark\": [\n {\n \"spark_history_server_config\": [\n {\n \"dataproc_cluster\": \"${google_dataproc_cluster.basic.id}\"\n }\n ]\n }\n ]\n}" references: - dataset_id: google_bigquery_dataset.private.dataset_id - routine.dataset_id: google_bigquery_routine.public.dataset_id - routine.project_id: google_bigquery_routine.public.project - routine.routine_id: google_bigquery_routine.public.routine_id + spark.spark_history_server_config.dataproc_cluster: google_dataproc_cluster.basic.id dependencies: - google_bigquery_dataset.private: |- - { - "dataset_id": "private_dataset", - "description": "This dataset is private" - } - google_bigquery_dataset.public: |- - { - "dataset_id": "public_dataset", - "description": "This dataset is public" - } - google_bigquery_routine.public: |- + google_dataproc_cluster.basic: |- { - "arguments": [ + "cluster_config": [ { - "argument_kind": "FIXED_TYPE", - "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", - "name": "value" + "master_config": [ + { + "disk_config": [ + { + "boot_disk_size_gb": 35 + } + ], + "machine_type": "e2-standard-2", + "num_instances": 1 + } + ], + "software_config": [ + { + "override_properties": { + "dataproc:dataproc.allow.zero.workers": "true" + } + } + ] } ], - "dataset_id": "${google_bigquery_dataset.public.dataset_id}", - "definition_body": "SELECT 1 + value AS value\n", - "language": "SQL", - "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", - "routine_id": "public_routine", - "routine_type": "TABLE_VALUED_FUNCTION" + "name": "my-connection", + "region": "us-central1" } argumentDocs: - allAuthenticatedUsers: ': All authenticated BigQuery users.' - create: '- Default is 20 minutes.' - dataset: |- + aws: |- - (Optional) - Grants all resources of particular types in a particular dataset read access to the current dataset. + Connection properties specific to Amazon Web Services. Structure is documented below. - dataset.dataset: |- + aws.access_role: |- - (Required) - The dataset this entry applies to + Authentication using Google owned service account to assume into customer's AWS IAM Role. Structure is documented below. - dataset.dataset_id: |- + aws.access_role.iam_role_id: |- - (Required) - The ID of the dataset containing this table. - dataset.project_id: |- + The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection. + aws.access_role.identity: |- - - (Required) - The ID of the project containing this table. - dataset.target_types: |- + (Output) + A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role. + azure: |- + - + (Optional) + Container for connection properties specific to Azure. + Structure is documented below. + azure.application: |- + - + (Output) + The name of the Azure Active Directory Application. + azure.client_id: |- + - + (Output) + The client id of the Azure Active Directory Application. + azure.customer_tenant_id: |- - (Required) - Which resources in the dataset this entry applies to. Currently, only views are supported, - but additional target types may be added in the future. Possible values: VIEWS - dataset_id: |- + The id of customer's directory that host the data. + azure.federated_application_client_id: |- + - + (Optional) + The Azure Application (client) ID where the federated credentials will be hosted. + azure.identity: |- + - + (Output) + A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application. + azure.object_id: |- + - + (Output) + The object id of the Azure Active Directory Application. + azure.redirect_uri: |- + - + (Output) + The URL user will be redirected to after granting consent during connection setup. + cloud_resource: |- + - + (Optional) + Container for connection properties for delegation of access to GCP resources. + Structure is documented below. + cloud_resource.service_account_id: |- + - + (Output) + The account ID of the service created for the purpose of this connection. + cloud_spanner: |- + - + (Optional) + Connection properties specific to Cloud Spanner + Structure is documented below. + cloud_spanner.database: |- - (Required) - A unique ID for this dataset, without the project name. The ID - must contain only letters (a-z, A-Z), numbers (0-9), or - underscores (_). The maximum length is 1,024 characters. - delete: '- Default is 20 minutes.' - domain: |- + Cloud Spanner database in the form `project/instance/database'. + cloud_spanner.database_role: |- - (Optional) - A domain to grant access to. Any users signed in with the - domain specified will be granted the specified access - group_by_email: |- + Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as SELECT and INSERT. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about. + cloud_spanner.max_parallelism: |- - (Optional) - An email address of a Google Group to grant access to. - iam_member: |- + Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. useParallelism and useDataBoost must be set when setting max parallelism. + cloud_spanner.use_data_boost: |- - (Optional) - Some other type of member that appears in the IAM Policy but isn't a user, - group, domain, or special group. For example: allUsers - id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}' - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - projectOwners: ': Owners of the enclosing project.' - projectReaders: ': Readers of the enclosing project.' - projectWriters: ': Writers of the enclosing project.' - role: |- + If set, the request will be executed via Spanner independent compute resources. use_parallelism must be set when using data boost. + cloud_spanner.use_parallelism: |- - (Optional) - Describes the rights granted to the user specified by the other - member of the access object. Basic, predefined, and custom roles are - supported. Predefined roles that have equivalent basic roles are - swapped by the API to their basic counterparts, and will show a diff - post-create. See - official docs. - routine: |- + If parallelism should be used when reading from Cloud Spanner. + cloud_spanner.use_serverless_analytics: |- + - + (Optional, Deprecated) + If the serverless analytics service should be used to read data from Cloud Spanner. useParallelism must be set when using serverless analytics. + cloud_spanner.useServerlessAnalytics: is deprecated and will be removed in a future major release. Use useDataBoost instead. + cloud_sql: |- - (Optional) - A routine from a different dataset to grant access to. Queries - executed against that routine will have read access to tables in - this dataset. The role field is not required when this field is - set. If that routine is updated by any user, access to the routine - needs to be granted again via an update operation. + Connection properties specific to the Cloud SQL. Structure is documented below. - routine.dataset_id: |- + cloud_sql.credential: |- - (Required) - The ID of the dataset containing this table. - routine.project_id: |- + Cloud SQL properties. + Structure is documented below. + cloud_sql.database: |- - (Required) - The ID of the project containing this table. - routine.routine_id: |- + Database name. + cloud_sql.instance_id: |- - (Required) - The ID of the routine. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 256 characters. - special_group: |- + Cloud SQL instance ID in the form project:location:instance. + cloud_sql.service_account_id: |- + - + (Output) + When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection. + cloud_sql.type: |- + - + (Required) + Type of the Cloud SQL database. + Possible values are: DATABASE_TYPE_UNSPECIFIED, POSTGRES, MYSQL. + connection_id: |- - (Optional) - A special group to grant access to. Possible values include: - user_by_email: |- + Optional connection id that should be assigned to the created connection. + create: '- Default is 20 minutes.' + credential.password: |- + - + (Required) + Password for database. + Note: This property is sensitive and will not be displayed in the plan. + credential.username: |- + - + (Required) + Username for database. + delete: '- Default is 20 minutes.' + description: |- - (Optional) - An email address of a user to grant access to. For example: - fred@example.com - view: |- + A descriptive description for the connection + friendly_name: |- - (Optional) - A view from a different dataset to grant access to. Queries - executed against that view will have read access to tables in - this dataset. The role field is not required when this field is - set. If that view is updated by any user, access to the view - needs to be granted again via an update operation. + A descriptive name for the connection + has_credential: |- + - + True if the connection has credential assigned. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connections/{{connection_id}}' + location: |- + - + (Optional) + The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2 + metastore_service_config.metastore_service: |- + - + (Optional) + Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId]. + name: |- + - + The resource name of the connection in the form of: + "projects/{project_id}/locations/{location_id}/connections/{connectionId}" + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + spark: |- + - + (Optional) + Container for connection properties to execute stored procedures for Apache Spark. resources. Structure is documented below. - view.dataset_id: |- + spark.metastore_service_config: |- - - (Required) - The ID of the dataset containing this table. - view.project_id: |- + (Optional) + Dataproc Metastore Service configuration for the connection. + Structure is documented below. + spark.service_account_id: |- - - (Required) - The ID of the project containing this table. - view.table_id: |- + (Output) + The account ID of the service created for the purpose of this connection. + spark.spark_history_server_config: |- - - (Required) - The ID of the table. The ID must contain only letters (a-z, - A-Z), numbers (0-9), or underscores (_). The maximum length - is 1,024 characters. + (Optional) + Spark History Server configuration for the connection. + Structure is documented below. + spark_history_server_config.dataproc_cluster: |- + - + (Optional) + Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name]. + update: '- Default is 20 minutes.' importStatements: [] - google_bigquery_dataset_iam_policy: - subCategory: BigQuery - description: Collection of resources to manage IAM policy for a BigQuery dataset. - name: google_bigquery_dataset_iam_policy + google_bigquery_connection_iam_policy: + subCategory: BigQuery Connection + description: Collection of resources to manage IAM policy for BigQuery Connection Connection + name: google_bigquery_connection_iam_policy title: "" examples: - - name: dataset + - name: policy manifest: |- { - "dataset_id": "${google_bigquery_dataset.dataset.dataset_id}", - "policy_data": "${data.google_iam_policy.owner.policy_data}" + "connection_id": "${google_bigquery_connection.connection.connection_id}", + "location": "${google_bigquery_connection.connection.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_bigquery_connection.connection.project}" } references: - dataset_id: google_bigquery_dataset.dataset.dataset_id - policy_data: data.google_iam_policy.owner.policy_data - dependencies: - google_bigquery_dataset.dataset: |- - { - "dataset_id": "example_dataset" - } + connection_id: google_bigquery_connection.connection.connection_id + location: google_bigquery_connection.connection.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_bigquery_connection.connection.project argumentDocs: - dataset_id: '- (Required) The dataset ID.' - etag: '- (Computed) The etag of the dataset''s IAM policy.' - google_bigquery_dataset_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.' - google_bigquery_dataset_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.' - google_bigquery_dataset_iam_policy: ': Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.' + connection_id: |- + - (Required) Optional connection id that should be assigned to the created connection. + Used to find the parent resource to bind the IAM policy to + etag: '- (Computed) The etag of the IAM policy.' + google_bigquery_connection_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.' + google_bigquery_connection_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.' + google_bigquery_connection_iam_policy: ': Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.' + location: |- + - (Required) The geographic location where the connection should reside. + Cloud SQL instance must be in the same location as the connection + with following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU. + Examples: US, EU, asia-northeast1, us-central1, europe-west1. + Spanner Connections same as spanner region + AWS allowed regions are aws-us-east-1 + Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_bigquery_dataset_iam_policy) The policy data generated by + - (Required only by google_bigquery_connection_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. role: |- - (Required) The role that should be applied. Only one - google_bigquery_dataset_iam_binding can be used per role. Note that custom roles must be of the format + google_bigquery_connection_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_bigquery_job: - subCategory: BigQuery - description: Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data. - name: google_bigquery_job + google_bigquery_data_transfer_config: + subCategory: BigQuery Data Transfer + description: Represents a data transfer configuration. + name: google_bigquery_data_transfer_config title: "" examples: - - name: job + - name: query_config manifest: |- { - "job_id": "job_query", - "labels": { - "example-label": "example-value" + "data_source_id": "scheduled_query", + "depends_on": [ + "${google_project_iam_member.permissions}" + ], + "destination_dataset_id": "${google_bigquery_dataset.my_dataset.dataset_id}", + "display_name": "my-query", + "location": "asia-northeast1", + "params": { + "destination_table_name_template": "my_table", + "query": "SELECT name FROM tabl WHERE x = 'y'", + "write_disposition": "WRITE_APPEND" }, - "query": [ + "schedule": "first sunday of quarter 00:00" + } + references: + destination_dataset_id: google_bigquery_dataset.my_dataset.dataset_id + dependencies: + google_bigquery_dataset.my_dataset: |- { - "allow_large_results": true, - "destination_table": [ - { - "dataset_id": "${google_bigquery_table.foo.dataset_id}", - "project_id": "${google_bigquery_table.foo.project}", - "table_id": "${google_bigquery_table.foo.table_id}" - } + "dataset_id": "my_dataset", + "depends_on": [ + "${google_project_iam_member.permissions}" ], - "flatten_results": true, - "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", - "script_options": [ - { - "key_result_statement": "LAST" - } - ] + "description": "bar", + "friendly_name": "foo", + "location": "asia-northeast1" } - ] + google_project_iam_member.permissions: |- + { + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-bigquerydatatransfer.iam.gserviceaccount.com", + "project": "${data.google_project.project.project_id}", + "role": "roles/iam.serviceAccountTokenCreator" + } + argumentDocs: + create: '- Default is 20 minutes.' + data_refresh_window_days: |- + - + (Optional) + The number of days to look back to automatically refresh the data. + For example, if dataRefreshWindowDays = 10, then every day BigQuery + reingests data for [today-10, today-1], rather than ingesting data for + just [today-1]. Only valid if the data source supports the feature. + Set the value to 0 to use the default value. + data_source_id: |- + - + (Required) + The data source id. Cannot be changed once the transfer config is created. + delete: '- Default is 20 minutes.' + destination_dataset_id: |- + - + (Optional) + The BigQuery target dataset id. + disabled: |- + - + (Optional) + When set to true, no runs are scheduled for a given transfer. + display_name: |- + - + (Required) + The user specified display name for the transfer config. + email_preferences: |- + - + (Optional) + Email notifications will be sent according to these preferences to the + email address of the user who owns this transfer config. + Structure is documented below. + email_preferences.enable_failure_email: |- + - + (Required) + If true, email notifications will be sent on transfer run failures. + id: '- an identifier for the resource with format {{name}}' + location: |- + - + (Optional) + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + name: |- + - + The resource name of the transfer config. Transfer config names have the + form projects/{projectId}/locations/{location}/transferConfigs/{configId} + or projects/{projectId}/transferConfigs/{configId}, + where configId is usually a uuid, but this is not required. + The name is ignored when creating a transfer config. + notification_pubsub_topic: |- + - + (Optional) + Pub/Sub topic where notifications will be sent after transfer runs + associated with this transfer config finish. + params: |- + - + (Required) + Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer' + section for each data source. For example the parameters for Cloud Storage transfers are listed here: + https://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq + NOTE : If you are attempting to update a parameter that cannot be updated (due to api limitations) please force recreation of the resource. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + schedule: |- + - + (Optional) + Data transfer schedule. If the data source does not support a custom + schedule, this should be empty. If it is empty, the default value for + the data source will be used. The specified times are in UTC. Examples + of valid format: 1st,3rd monday of month 15:30, every wed,fri of jan, + jun 13:15, and first sunday of quarter 00:00. See more explanation + about the format here: + https://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format + NOTE: the granularity should be at least 8 hours, or less frequent. + schedule_options: |- + - + (Optional) + Options customizing the data transfer schedule. + Structure is documented below. + schedule_options.disable_auto_scheduling: |- + - + (Optional) + If true, automatic scheduling of data transfer runs for this + configuration will be disabled. The runs can be started on ad-hoc + basis using transferConfigs.startManualRuns API. When automatic + scheduling is disabled, the TransferConfig.schedule field will + be ignored. + schedule_options.end_time: |- + - + (Optional) + Defines time to stop scheduling transfer runs. A transfer run cannot be + scheduled at or after the end time. The end time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + schedule_options.start_time: |- + - + (Optional) + Specifies time to start scheduling transfer runs. The first run will be + scheduled at or after the start time according to a recurrence pattern + defined in the schedule string. The start time can be changed at any + moment. The time when a data transfer can be triggered manually is not + limited by this option. + sensitive_params: |- + - + (Optional) + Different parameters are configured primarily using the the params field on this + resource. This block contains the parameters which contain secrets or passwords so that they can be marked + sensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key + in the params map in the api request. + Credentials may not be specified in both locations and will cause an error. Changing from one location + to a different credential configuration in the config will require an apply to update state. + Structure is documented below. + sensitive_params.secret_access_key: |- + - + (Required) + The Secret Access Key of the AWS account transferring data from. + Note: This property is sensitive and will not be displayed in the plan. + service_account_name: |- + - + (Optional) + Service account email. If this field is set, transfer config will + be created with this service account credentials. It requires that + requesting user calling this API has permissions to act as this service account. + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_datapolicy_data_policy: + subCategory: BigQuery Data Policy + description: A BigQuery Data Policy + name: google_bigquery_datapolicy_data_policy + title: "" + examples: + - name: data_policy + manifest: |- + { + "data_policy_id": "data_policy", + "data_policy_type": "COLUMN_LEVEL_SECURITY_POLICY", + "location": "us-central1", + "policy_tag": "${google_data_catalog_policy_tag.policy_tag.name}" } references: - query.destination_table.dataset_id: google_bigquery_table.foo.dataset_id - query.destination_table.project_id: google_bigquery_table.foo.project - query.destination_table.table_id: google_bigquery_table.foo.table_id + policy_tag: google_data_catalog_policy_tag.policy_tag.name dependencies: - google_bigquery_dataset.bar: |- + google_data_catalog_policy_tag.policy_tag: |- { - "dataset_id": "job_query_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" + "description": "A policy tag normally associated with low security items", + "display_name": "Low security", + "taxonomy": "${google_data_catalog_taxonomy.taxonomy.id}" } - google_bigquery_table.foo: |- + google_data_catalog_taxonomy.taxonomy: |- { - "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", - "deletion_protection": false, - "table_id": "job_query_table" + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy", + "region": "us-central1" } - - name: job + - name: data_policy manifest: |- { - "job_id": "job_query", - "labels": { - "example-label": "example-value" - }, - "query": [ + "data_masking_policy": [ { - "allow_large_results": true, - "default_dataset": [ - { - "dataset_id": "${google_bigquery_dataset.bar.id}" - } - ], - "destination_table": [ - { - "table_id": "${google_bigquery_table.foo.id}" - } - ], - "flatten_results": true, - "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", - "script_options": [ - { - "key_result_statement": "LAST" - } - ] + "routine": "${google_bigquery_routine.custom_masking_routine.id}" } - ] + ], + "data_policy_id": "data_policy", + "data_policy_type": "DATA_MASKING_POLICY", + "location": "us-central1", + "policy_tag": "${google_data_catalog_policy_tag.policy_tag.name}" } references: - query.default_dataset.dataset_id: google_bigquery_dataset.bar.id - query.destination_table.table_id: google_bigquery_table.foo.id + data_masking_policy.routine: google_bigquery_routine.custom_masking_routine.id + policy_tag: google_data_catalog_policy_tag.policy_tag.name dependencies: - google_bigquery_dataset.bar: |- - { - "dataset_id": "job_query_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" - } - google_bigquery_table.foo: |- + google_bigquery_dataset.test: |- { - "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", - "deletion_protection": false, - "table_id": "job_query_table" + "dataset_id": "dataset_id", + "location": "us-central1" } - - name: job - manifest: |- - { - "job_id": "job_load", - "labels": { - "my_job": "load" - }, - "load": [ + google_bigquery_routine.custom_masking_routine: |- { - "autodetect": true, - "destination_table": [ + "arguments": [ { - "dataset_id": "${google_bigquery_table.foo.dataset_id}", - "project_id": "${google_bigquery_table.foo.project}", - "table_id": "${google_bigquery_table.foo.table_id}" + "data_type": "{\"typeKind\" : \"STRING\"}", + "name": "ssn" } ], - "schema_update_options": [ - "ALLOW_FIELD_RELAXATION", - "ALLOW_FIELD_ADDITION" - ], - "skip_leading_rows": 1, - "source_uris": [ - "gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv" - ], - "write_disposition": "WRITE_APPEND" + "data_governance_type": "DATA_MASKING", + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')", + "language": "SQL", + "return_type": "{\"typeKind\" : \"STRING\"}", + "routine_id": "custom_masking_routine", + "routine_type": "SCALAR_FUNCTION" } - ] - } - references: - load.destination_table.dataset_id: google_bigquery_table.foo.dataset_id - load.destination_table.project_id: google_bigquery_table.foo.project - load.destination_table.table_id: google_bigquery_table.foo.table_id - dependencies: - google_bigquery_dataset.bar: |- + google_data_catalog_policy_tag.policy_tag: |- { - "dataset_id": "job_load_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" + "description": "A policy tag normally associated with low security items", + "display_name": "Low security", + "taxonomy": "${google_data_catalog_taxonomy.taxonomy.id}" } - google_bigquery_table.foo: |- + google_data_catalog_taxonomy.taxonomy: |- { - "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", - "deletion_protection": false, - "table_id": "job_load_table" + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy", + "region": "us-central1" } - - name: job + argumentDocs: + create: '- Default is 20 minutes.' + data_masking_policy: |- + - + (Optional) + The data masking policy that specifies the data masking rule to use. + Structure is documented below. + data_masking_policy.predefined_expression: |- + - + (Optional) + The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. + Possible values are: SHA256, ALWAYS_NULL, DEFAULT_MASKING_VALUE, LAST_FOUR_CHARACTERS, FIRST_FOUR_CHARACTERS, EMAIL_MASK, DATE_YEAR_MASK. + data_masking_policy.routine: |- + - + (Optional) + The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}. + data_policy_id: |- + - + (Required) + User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name. + data_policy_type: |- + - + (Required) + The enrollment level of the service. + Possible values are: COLUMN_LEVEL_SECURITY_POLICY, DATA_MASKING_POLICY. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}' + location: |- + - + (Required) + The name of the location of the data policy. + name: |- + - + Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}. + policy_tag: |- + - + (Required) + Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_datapolicy_data_policy_iam_policy: + subCategory: BigQuery Data Policy + description: Collection of resources to manage IAM policy for BigQuery Data Policy DataPolicy + name: google_bigquery_datapolicy_data_policy_iam_policy + title: "" + examples: + - name: policy manifest: |- { - "depends_on": [ - "google_storage_bucket_object.object" + "data_policy_id": "${google_bigquery_datapolicy_data_policy.data_policy.data_policy_id}", + "location": "${google_bigquery_datapolicy_data_policy.data_policy.location}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_bigquery_datapolicy_data_policy.data_policy.project}" + } + references: + data_policy_id: google_bigquery_datapolicy_data_policy.data_policy.data_policy_id + location: google_bigquery_datapolicy_data_policy.data_policy.location + policy_data: data.google_iam_policy.admin.policy_data + project: google_bigquery_datapolicy_data_policy.data_policy.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_bigquery_datapolicy_data_policy_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.' + google_bigquery_datapolicy_data_policy_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.' + google_bigquery_datapolicy_data_policy_iam_policy: ': Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.' + location: |- + - (Required) The name of the location of the data policy. + Used to find the parent resource to bind the IAM policy to + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_bigquery_datapolicy_data_policy_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_bigquery_datapolicy_data_policy_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_bigquery_dataset: + subCategory: BigQuery + description: Datasets allow you to organize and control access to your tables. + name: google_bigquery_dataset + title: "" + examples: + - name: dataset + manifest: |- + { + "access": [ + { + "role": "OWNER", + "user_by_email": "${google_service_account.bqowner.email}" + }, + { + "domain": "hashicorp.com", + "role": "READER" + } ], - "job_id": "job_load", + "dataset_id": "example_dataset", + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", "labels": { - "my_job": "load" + "env": "default" }, - "load": [ - { - "autodetect": true, - "destination_table": [ - { - "dataset_id": "${google_bigquery_table.foo.dataset_id}", - "project_id": "${google_bigquery_table.foo.project}", - "table_id": "${google_bigquery_table.foo.table_id}" - } - ], - "json_extension": "GEOJSON", - "source_format": "NEWLINE_DELIMITED_JSON", - "source_uris": [ - "gs://${google_storage_bucket_object.object.bucket}/${google_storage_bucket_object.object.name}" - ], - "write_disposition": "WRITE_TRUNCATE" - } - ] + "location": "EU" } references: - load.destination_table.dataset_id: google_bigquery_table.foo.dataset_id - load.destination_table.project_id: google_bigquery_table.foo.project - load.destination_table.table_id: google_bigquery_table.foo.table_id + access.user_by_email: google_service_account.bqowner.email dependencies: - google_bigquery_dataset.bar: |- + google_service_account.bqowner: |- { - "dataset_id": "job_load_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" + "account_id": "bqowner" } - google_bigquery_table.foo: |- + - name: dataset + manifest: |- + { + "dataset_id": "example_dataset", + "default_encryption_configuration": [ { - "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", - "deletion_protection": false, - "table_id": "job_load_table" + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" } - google_storage_bucket.bucket: |- + ], + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + references: + default_encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id + dependencies: + google_kms_crypto_key.crypto_key: |- { - "location": "US", - "name": "${local.project}-bq-geojson", - "uniform_bucket_level_access": true + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "example-key" } - google_storage_bucket_object.object: |- + google_kms_key_ring.key_ring: |- { - "bucket": "${google_storage_bucket.bucket.name}", - "content": "{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n", - "name": "geojson-data.jsonl" + "location": "us", + "name": "example-keyring" } - - name: job + - name: public manifest: |- { - "job_id": "job_load", - "labels": { - "my_job": "load" - }, - "load": [ + "access": [ { - "autodetect": true, - "destination_table": [ - { - "dataset_id": "${google_bigquery_table.test.dataset_id}", - "project_id": "${google_bigquery_table.test.project}", - "table_id": "${google_bigquery_table.test.table_id}" - } - ], - "parquet_options": [ - { - "enable_list_inference": true, - "enum_as_string": true - } - ], - "schema_update_options": [ - "ALLOW_FIELD_RELAXATION", - "ALLOW_FIELD_ADDITION" - ], - "source_format": "PARQUET", - "source_uris": [ - "gs://${google_storage_bucket_object.test.bucket}/${google_storage_bucket_object.test.name}" - ], - "write_disposition": "WRITE_APPEND" + "role": "OWNER", + "user_by_email": "${google_service_account.bqowner.email}" + }, + { + "domain": "hashicorp.com", + "role": "READER" } - ] + ], + "dataset_id": "public", + "default_table_expiration_ms": 3600000, + "description": "This dataset is public", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "location": "EU" } references: - load.destination_table.dataset_id: google_bigquery_table.test.dataset_id - load.destination_table.project_id: google_bigquery_table.test.project - load.destination_table.table_id: google_bigquery_table.test.table_id + access.user_by_email: google_service_account.bqowner.email dependencies: - google_bigquery_dataset.test: |- - { - "dataset_id": "job_load_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" - } - google_bigquery_table.test: |- - { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "deletion_protection": false, - "table_id": "job_load_table" - } - google_storage_bucket.test: |- - { - "location": "US", - "name": "job_load_bucket", - "uniform_bucket_level_access": true - } - google_storage_bucket_object.test: |- + google_service_account.bqowner: |- { - "bucket": "${google_storage_bucket.test.name}", - "name": "job_load_bucket_object", - "source": "./test-fixtures/test.parquet.gzip" + "account_id": "bqowner" } - - name: job + - name: dataset manifest: |- { - "copy": [ + "access": [ { - "destination_encryption_configuration": [ - { - "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" - } - ], - "destination_table": [ - { - "dataset_id": "${google_bigquery_table.dest.dataset_id}", - "project_id": "${google_bigquery_table.dest.project}", - "table_id": "${google_bigquery_table.dest.table_id}" - } - ], - "source_tables": [ - { - "dataset_id": "${google_bigquery_table.source.0.dataset_id}", - "project_id": "${google_bigquery_table.source.0.project}", - "table_id": "${google_bigquery_table.source.0.table_id}" - }, + "role": "OWNER", + "user_by_email": "${google_service_account.bqowner.email}" + }, + { + "domain": "hashicorp.com", + "role": "READER" + }, + { + "dataset": [ { - "dataset_id": "${google_bigquery_table.source.1.dataset_id}", - "project_id": "${google_bigquery_table.source.1.project}", - "table_id": "${google_bigquery_table.source.1.table_id}" + "dataset": [ + { + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "project_id": "${google_bigquery_dataset.public.project}" + } + ], + "target_types": [ + "VIEWS" + ] } ] } ], - "depends_on": [ - "google_project_iam_member.encrypt_role" - ], - "job_id": "job_copy" + "dataset_id": "private", + "default_table_expiration_ms": 3600000, + "description": "This dataset is private", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "location": "EU" } references: - copy.destination_encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id - copy.destination_table.dataset_id: google_bigquery_table.dest.dataset_id - copy.destination_table.project_id: google_bigquery_table.dest.project - copy.destination_table.table_id: google_bigquery_table.dest.table_id - copy.source_tables.dataset_id: google_bigquery_table.source.1.dataset_id - copy.source_tables.project_id: google_bigquery_table.source.1.project - copy.source_tables.table_id: google_bigquery_table.source.1.table_id + access.dataset.dataset.dataset_id: google_bigquery_dataset.public.dataset_id + access.dataset.dataset.project_id: google_bigquery_dataset.public.project + access.user_by_email: google_service_account.bqowner.email dependencies: - google_bigquery_dataset.dest: |- - { - "dataset_id": "job_copy_dest_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" - } - google_bigquery_dataset.source: |- + google_service_account.bqowner: |- { - "count": 2, - "dataset_id": "job_copy_${count.index}_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" + "account_id": "bqowner" } - google_bigquery_table.dest: |- + - name: public + manifest: |- + { + "dataset_id": "public_dataset", + "description": "This dataset is public" + } + dependencies: + google_bigquery_routine.public: |- { - "dataset_id": "${google_bigquery_dataset.dest.dataset_id}", - "deletion_protection": false, - "depends_on": [ - "google_project_iam_member.encrypt_role" - ], - "encryption_configuration": [ + "arguments": [ { - "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + "argument_kind": "FIXED_TYPE", + "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", + "name": "value" } ], - "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", - "table_id": "job_copy_dest_table" - } - google_bigquery_table.source: |- - { - "count": "${length(google_bigquery_dataset.source)}", - "dataset_id": "${google_bigquery_dataset.source[count.index].dataset_id}", - "deletion_protection": false, - "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", - "table_id": "job_copy_${count.index}_table" - } - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "example-key" - } - google_kms_key_ring.key_ring: |- - { - "location": "global", - "name": "example-keyring" - } - google_project_iam_member.encrypt_role: |- - { - "member": "serviceAccount:bq-${data.google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com", - "project": "${data.google_project.project.project_id}", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "definition_body": "SELECT 1 + value AS value\n", + "language": "SQL", + "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", + "routine_id": "public_routine", + "routine_type": "TABLE_VALUED_FUNCTION" } - - name: job + - name: private manifest: |- { - "extract": [ + "access": [ { - "compression": "GZIP", - "destination_format": "NEWLINE_DELIMITED_JSON", - "destination_uris": [ - "${google_storage_bucket.dest.url}/extract" - ], - "source_table": [ + "role": "OWNER", + "user_by_email": "my@service-account.com" + }, + { + "routine": [ { - "dataset_id": "${google_bigquery_table.source-one.dataset_id}", - "project_id": "${google_bigquery_table.source-one.project}", - "table_id": "${google_bigquery_table.source-one.table_id}" + "dataset_id": "${google_bigquery_routine.public.dataset_id}", + "project_id": "${google_bigquery_routine.public.project}", + "routine_id": "${google_bigquery_routine.public.routine_id}" } ] } ], - "job_id": "job_extract" + "dataset_id": "private_dataset", + "description": "This dataset is private" } references: - extract.source_table.dataset_id: google_bigquery_table.source-one.dataset_id - extract.source_table.project_id: google_bigquery_table.source-one.project - extract.source_table.table_id: google_bigquery_table.source-one.table_id + access.routine.dataset_id: google_bigquery_routine.public.dataset_id + access.routine.project_id: google_bigquery_routine.public.project + access.routine.routine_id: google_bigquery_routine.public.routine_id dependencies: - google_bigquery_dataset.source-one: |- - { - "dataset_id": "job_extract_dataset", - "description": "This is a test description", - "friendly_name": "test", - "location": "US" - } - google_bigquery_table.source-one: |- + google_bigquery_routine.public: |- { - "dataset_id": "${google_bigquery_dataset.source-one.dataset_id}", - "deletion_protection": false, - "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", - "table_id": "job_extract_table" + "arguments": [ + { + "argument_kind": "FIXED_TYPE", + "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", + "name": "value" + } + ], + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "definition_body": "SELECT 1 + value AS value\n", + "language": "SQL", + "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", + "routine_id": "public_routine", + "routine_type": "TABLE_VALUED_FUNCTION" } - google_storage_bucket.dest: |- + - name: dataset + manifest: |- + { + "dataset_id": "example_dataset", + "description": "This is a test description", + "external_dataset_reference": [ { - "force_destroy": true, - "location": "US", - "name": "job_extract_bucket" + "connection": "projects/project/locations/aws-us-east-1/connections/connection", + "external_source": "aws-glue://arn:aws:glue:us-east-1:999999999999:database/database" } + ], + "friendly_name": "test", + "location": "aws-us-east-1" + } argumentDocs: - copy.create_disposition: |- + US: |- + . + Changing this forces a new resource to be created. + access: |- - (Optional) - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion - Default value is CREATE_IF_NEEDED. - Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. - copy.destination_encryption_configuration: |- + An array of objects that define dataset access for one or more entities. + Structure is documented below. + access.dataset: |- - (Optional) - Custom encryption configuration (e.g., Cloud KMS keys) + Grants all resources of particular types in a particular dataset read access to the current dataset. Structure is documented below. - copy.destination_table: |- + access.domain: |- - (Optional) - The destination table. - Structure is documented below. - copy.source_tables: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access + access.group_by_email: |- - - (Required) - Source tables to copy. - Structure is documented below. - copy.write_disposition: |- + (Optional) + An email address of a Google Group to grant access to. + access.iam_member: |- - (Optional) - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. - Default value is WRITE_EMPTY. - Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. - create: '- Default is 20 minutes.' - default_dataset.dataset_id: |- + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers + access.role: |- - - (Required) - The dataset. Can be specified {{dataset_id}} if project_id is also set, - or of the form projects/{{project}}/datasets/{{dataset_id}} if not. - default_dataset.project_id: |- + (Optional) + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles + are supported. Predefined roles that have equivalent basic roles + are swapped by the API to their basic counterparts. See + official docs. + access.routine: |- - (Optional) - The ID of the project containing this table. - delete: '- Default is 20 minutes.' - destination_encryption_configuration.kms_key_name: |- + A routine from a different dataset to grant access to. Queries + executed against that routine will have read access to tables in + this dataset. The role field is not required when this field is + set. If that routine is updated by any user, access to the routine + needs to be granted again via an update operation. + Structure is documented below. + access.special_group: |- - - (Required) - Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. - The BigQuery Service Account associated with your project requires access to this encryption key. - destination_encryption_configuration.kms_key_version: |- + (Optional) + A special group to grant access to. Possible values include: + access.user_by_email: |- - - (Output) - Describes the Cloud KMS encryption key version used to protect destination BigQuery table. - destination_table.dataset_id: |- + (Optional) + An email address of a user to grant access to. For example: + fred@example.com + access.view: |- - (Optional) + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. + Structure is documented below. + allAuthenticatedUsers: ': All authenticated BigQuery users.' + create: '- Default is 20 minutes.' + creation_time: |- + - + The time when this dataset was created, in milliseconds since the + epoch. + dataset.dataset: |- + - + (Required) + The dataset this entry applies to + Structure is documented below. + dataset.dataset_id: |- + - + (Required) The ID of the dataset containing this table. - destination_table.project_id: |- + dataset.project_id: |- - - (Optional) + (Required) The ID of the project containing this table. - destination_table.table_id: |- + dataset.target_types: |- - (Required) - The table. Can be specified {{table_id}} if project_id and dataset_id are also set, - or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. - effective_labels: |- + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS + dataset_id: |- - - (Output) - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. - error_result.location: |- + (Required) + A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + default_collation: |- - (Optional) - Specifies where the error occurred, if present. - error_result.message: |- + Defines the default collation specification of future tables created + in the dataset. If a table is created in this dataset without table-level + default collation, then the table inherits the dataset default collation, + which is applied to the string fields that do not have explicit collation + specified. A change to this field affects only tables created afterwards, + and does not alter the existing tables. + The following values are supported: + default_encryption_configuration: |- - (Optional) - A human-readable description of the error. - error_result.reason: |- + The default encryption key for all tables in the dataset. Once this property is set, + all newly-created partitioned tables in the dataset will have encryption key set to + this value, unless table creation request (or query) overrides the key. + Structure is documented below. + default_encryption_configuration.kms_key_name: |- - - (Optional) - A short error code that summarizes the error. - errors.location: |- + (Required) + Describes the Cloud KMS encryption key that will be used to protect destination + BigQuery table. The BigQuery Service Account associated with your project requires + access to this encryption key. + default_partition_expiration_ms: |- - (Optional) - Specifies where the error occurred, if present. - errors.message: |- + The default partition expiration for all partitioned tables in + the dataset, in milliseconds. + default_table_expiration_ms: |- - (Optional) - A human-readable description of the error. - errors.reason: |- + The default lifetime of all tables in the dataset, in milliseconds. + The minimum value is 3600000 milliseconds (one hour). + delete: '- Default is 20 minutes.' + delete_contents_on_destroy: |- + - (Optional) If set to true, delete all the tables in the + dataset when destroying the resource; otherwise, + destroying the resource will fail if tables are present. + description: |- - (Optional) - A short error code that summarizes the error. - extract.compression: |- + A user-friendly description of the dataset + effective_labels: for all of the labels present on the resource. + etag: |- - - (Optional) - The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. - The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. - extract.destination_format: |- + A hash of the resource. + expirationMs: |- + property in the timePartitioning + settings set to this value, and changing the value will only + affect new tables, not existing ones. The storage in a partition will + have an expiration time of its partition time plus this value. + Setting this property overrides the use of defaultTableExpirationMs + for partitioned tables: only one of defaultTableExpirationMs and + defaultPartitionExpirationMs will be used for any new partitioned + table. If you provide an explicit timePartitioning.expirationMs when + creating or updating a partitioned table, that value takes precedence + over the default partition expiration time indicated by this property. + expirationTime: |- + property set to the creation time plus + the value in this property, and changing the value will only affect + new tables, not existing ones. When the expirationTime for a given + table is reached, that table will be deleted automatically. + If a table's expirationTime is modified or removed before the + table expires, or if you provide an explicit expirationTime when + creating a table, that value takes precedence over the default + expiration time indicated by this property. + external_dataset_reference: |- - (Optional) - The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. - The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. - The default value for models is SAVED_MODEL. - extract.destination_uris: |- + Information about the external metadata storage where the dataset is defined. + Structure is documented below. + external_dataset_reference.connection: |- - (Required) - A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written. - extract.field_delimiter: |- + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + external_dataset_reference.external_source: |- - - (Optional) - When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. - Default is ',' - extract.print_header: |- + (Required) + External source that backs this dataset. + friendly_name: |- - (Optional) - Whether to print out a header row in the results. Default is true. - extract.source_model: |- + A descriptive name for the dataset + id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}' + is_case_insensitive: |- - (Optional) - A reference to the model being exported. - Structure is documented below. - extract.source_table: |- + TRUE if the dataset and its table names are case-insensitive, otherwise FALSE. + By default, this is FALSE, which means the dataset and its table names are + case-sensitive. This field does not affect routine references. + labels: |- - (Optional) - A reference to the table being exported. - Structure is documented below. - extract.use_avro_logical_types: |- - - - (Optional) - Whether to use logical types when extracting to AVRO format. - id: '- an identifier for the resource with format projects/{{project}}/jobs/{{job_id}}' - job_id: |- - - - (Required) - The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters. - job_type: |- - - - (Output) - The type of the job. - load.allow_jagged_rows: |- - - - (Optional) - Accept rows that are missing trailing optional columns. The missing values are treated as nulls. - If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, - an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. - load.allow_quoted_newlines: |- + The labels associated with this dataset. You can use these to + organize and group your datasets. + last_modified_time: |- - - (Optional) - Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. - The default value is false. - load.autodetect: |- + The date when this dataset or any of its tables was last modified, in + milliseconds since the epoch. + location: |- - (Optional) - Indicates if we should automatically infer the options and schema for CSV and JSON sources. - load.create_disposition: |- + The geographic location where the dataset should reside. + See official docs. + max_time_travel_hours: |- - (Optional) - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion - Default value is CREATE_IF_NEEDED. - Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. - load.destination_encryption_configuration: |- + Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days). + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + projectOwners: ': Owners of the enclosing project.' + projectReaders: ': Readers of the enclosing project.' + projectWriters: ': Writers of the enclosing project.' + routine.dataset_id: |- - - (Optional) - Custom encryption configuration (e.g., Cloud KMS keys) - Structure is documented below. - load.destination_table: |- + (Required) + The ID of the dataset containing this table. + routine.project_id: |- - (Required) - The destination table to load the data into. - Structure is documented below. - load.encoding: |- + The ID of the project containing this table. + routine.routine_id: |- - - (Optional) - The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. - The default value is UTF-8. BigQuery decodes the data after the raw, binary data - has been split using the values of the quote and fieldDelimiter properties. - load.field_delimiter: |- + (Required) + The ID of the routine. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 256 characters. + self_link: '- The URI of the created resource.' + storage_billing_model: |- - (Optional) - The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. - To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts - the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the - data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. - The default value is a comma (','). - load.ignore_unknown_values: |- + Specifies the storage billing model for the dataset. + Set this flag value to LOGICAL to use logical bytes for storage billing, + or to PHYSICAL to use physical bytes instead. + LOGICAL is the default if this flag isn't specified. + terraform_labels: |- - - (Optional) - Indicates if BigQuery should allow extra values that are not represented in the table schema. - If true, the extra values are ignored. If false, records with extra columns are treated as bad records, - and if there are too many bad records, an invalid error is returned in the job result. - The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: - CSV: Trailing columns - JSON: Named values that don't match any column names - load.json_extension: |- + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + view.dataset_id: |- - - (Optional) - If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. - For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited - GeoJSON: set to GEOJSON. - load.max_bad_records: |- + (Required) + The ID of the dataset containing this table. + view.project_id: |- - - (Optional) - The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, - an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. - load.null_marker: |- + (Required) + The ID of the project containing this table. + view.table_id: |- - - (Optional) - Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value - when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an - empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as - an empty value. - load.parquet_options: |- + (Required) + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. + importStatements: [] + google_bigquery_dataset_access: + subCategory: BigQuery + description: Gives dataset access for a single entity. + name: google_bigquery_dataset_access + title: "" + examples: + - name: access + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.dataset.dataset_id}", + "role": "OWNER", + "user_by_email": "${google_service_account.bqowner.email}" + } + references: + dataset_id: google_bigquery_dataset.dataset.dataset_id + user_by_email: google_service_account.bqowner.email + dependencies: + google_bigquery_dataset.dataset: |- + { + "dataset_id": "example_dataset" + } + google_service_account.bqowner: |- + { + "account_id": "bqowner" + } + - name: access + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.private.dataset_id}", + "view": [ + { + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "project_id": "${google_bigquery_table.public.project}", + "table_id": "${google_bigquery_table.public.table_id}" + } + ] + } + references: + dataset_id: google_bigquery_dataset.private.dataset_id + view.dataset_id: google_bigquery_dataset.public.dataset_id + view.project_id: google_bigquery_table.public.project + view.table_id: google_bigquery_table.public.table_id + dependencies: + google_bigquery_dataset.private: |- + { + "dataset_id": "example_dataset" + } + google_bigquery_dataset.public: |- + { + "dataset_id": "example_dataset2" + } + google_bigquery_table.public: |- + { + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "deletion_protection": false, + "table_id": "example_table", + "view": [ + { + "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", + "use_legacy_sql": false + } + ] + } + - name: access + manifest: |- + { + "dataset": [ + { + "dataset": [ + { + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "project_id": "${google_bigquery_dataset.public.project}" + } + ], + "target_types": [ + "VIEWS" + ] + } + ], + "dataset_id": "${google_bigquery_dataset.private.dataset_id}" + } + references: + dataset.dataset.dataset_id: google_bigquery_dataset.public.dataset_id + dataset.dataset.project_id: google_bigquery_dataset.public.project + dataset_id: google_bigquery_dataset.private.dataset_id + dependencies: + google_bigquery_dataset.private: |- + { + "dataset_id": "private" + } + google_bigquery_dataset.public: |- + { + "dataset_id": "public" + } + - name: authorized_routine + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.private.dataset_id}", + "routine": [ + { + "dataset_id": "${google_bigquery_routine.public.dataset_id}", + "project_id": "${google_bigquery_routine.public.project}", + "routine_id": "${google_bigquery_routine.public.routine_id}" + } + ] + } + references: + dataset_id: google_bigquery_dataset.private.dataset_id + routine.dataset_id: google_bigquery_routine.public.dataset_id + routine.project_id: google_bigquery_routine.public.project + routine.routine_id: google_bigquery_routine.public.routine_id + dependencies: + google_bigquery_dataset.private: |- + { + "dataset_id": "private_dataset", + "description": "This dataset is private" + } + google_bigquery_dataset.public: |- + { + "dataset_id": "public_dataset", + "description": "This dataset is public" + } + google_bigquery_routine.public: |- + { + "arguments": [ + { + "argument_kind": "FIXED_TYPE", + "data_type": "${jsonencode({ \"typeKind\" = \"INT64\" })}", + "name": "value" + } + ], + "dataset_id": "${google_bigquery_dataset.public.dataset_id}", + "definition_body": "SELECT 1 + value AS value\n", + "language": "SQL", + "return_table_type": "${jsonencode({ \"columns\" = [\n { \"name\" = \"value\", \"type\" = { \"typeKind\" = \"INT64\" } },\n ] })}", + "routine_id": "public_routine", + "routine_type": "TABLE_VALUED_FUNCTION" + } + argumentDocs: + allAuthenticatedUsers: ': All authenticated BigQuery users.' + create: '- Default is 20 minutes.' + dataset: |- - (Optional) - Parquet Options for load and make external tables. + Grants all resources of particular types in a particular dataset read access to the current dataset. Structure is documented below. - load.projection_fields: |- - - - (Optional) - If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. - Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. - If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. - load.quote: |- - - - (Optional) - The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, - and then uses the first byte of the encoded string to split the data in its raw, binary state. - The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. - If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. - load.schema_update_options: |- - - - (Optional) - Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or - supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. - For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - load.skip_leading_rows: |- - - - (Optional) - The number of rows at the top of a CSV file that BigQuery will skip when loading the data. - The default value is 0. This property is useful if you have header rows in the file that should be skipped. - When autodetect is on, the behavior is the following: - skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, - the row is read as data. Otherwise data is read starting from the second row. - skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. - skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, - row N is just skipped. Otherwise row N is used to extract column names for the detected schema. - load.source_format: |- - - - (Optional) - The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". - For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". - For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". - The default value is CSV. - load.source_uris: |- + dataset.dataset: |- - (Required) - The fully-qualified URIs that point to your data in Google Cloud. - For Google Cloud Storage URIs: Each URI can contain one '*' wildcard character - and it must come after the 'bucket' name. Size limits related to load jobs apply - to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be - specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. - For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '*' wildcard character is not allowed. - load.time_partitioning: |- - - - (Optional) - Time-based partitioning specification for the destination table. + The dataset this entry applies to Structure is documented below. - load.write_disposition: |- - - - (Optional) - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. - Default value is WRITE_EMPTY. - Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. - parquet_options.enable_list_inference: |- - - - (Optional) - If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type. - parquet_options.enum_as_string: |- - - - (Optional) - If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. - query.allow_large_results: |- - - - (Optional) - If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. - Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. - However, you must still set destinationTable when result size exceeds the allowed maximum response size. - query.create_disposition: |- + dataset.dataset_id: |- - - (Optional) - Specifies whether the job is allowed to create new tables. The following values are supported: - CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. - CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. - Creation, truncation and append actions occur as one atomic update upon job completion - Default value is CREATE_IF_NEEDED. - Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. - query.default_dataset: |- + (Required) + The ID of the dataset containing this table. + dataset.project_id: |- - - (Optional) - Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names. - Structure is documented below. - query.destination_encryption_configuration: |- + (Required) + The ID of the project containing this table. + dataset.target_types: |- - - (Optional) - Custom encryption configuration (e.g., Cloud KMS keys) - Structure is documented below. - query.destination_table: |- + (Required) + Which resources in the dataset this entry applies to. Currently, only views are supported, + but additional target types may be added in the future. Possible values: VIEWS + dataset_id: |- - - (Optional) - Describes the table where the query results should be stored. - This property must be set for large results that exceed the maximum response size. - For queries that produce anonymous (cached) results, this field will be populated by BigQuery. - Structure is documented below. - query.flatten_results: |- + (Required) + A unique ID for this dataset, without the project name. The ID + must contain only letters (a-z, A-Z), numbers (0-9), or + underscores (_). The maximum length is 1,024 characters. + delete: '- Default is 20 minutes.' + domain: |- - (Optional) - If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. - allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. - query.maximum_billing_tier: |- + A domain to grant access to. Any users signed in with the + domain specified will be granted the specified access + group_by_email: |- - (Optional) - Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). - If unspecified, this will be set to your project default. - query.maximum_bytes_billed: |- + An email address of a Google Group to grant access to. + iam_member: |- - (Optional) - Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). - If unspecified, this will be set to your project default. - query.parameter_mode: |- + Some other type of member that appears in the IAM Policy but isn't a user, + group, domain, or special group. For example: allUsers + id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}' + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + projectOwners: ': Owners of the enclosing project.' + projectReaders: ': Readers of the enclosing project.' + projectWriters: ': Writers of the enclosing project.' + role: |- - (Optional) - Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query. - query.priority: |- + Describes the rights granted to the user specified by the other + member of the access object. Basic, predefined, and custom roles are + supported. Predefined roles that have equivalent basic roles are + swapped by the API to their basic counterparts, and will show a diff + post-create. See + official docs. + routine: |- - (Optional) - Specifies a priority for the query. - Default value is INTERACTIVE. - Possible values are: INTERACTIVE, BATCH. - query.query: |- + A routine from a different dataset to grant access to. Queries + executed against that routine will have read access to tables in + this dataset. The role field is not required when this field is + set. If that routine is updated by any user, access to the routine + needs to be granted again via an update operation. + Structure is documented below. + routine.dataset_id: |- - (Required) - SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. - NOTE: queries containing DML language - (DELETE, UPDATE, MERGE, INSERT) must specify create_disposition = "" and write_disposition = "". - query.schema_update_options: |- + The ID of the dataset containing this table. + routine.project_id: |- - - (Optional) - Allows the schema of the destination table to be updated as a side effect of the query job. - Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; - when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, - specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. - One or more of the following values are specified: - ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. - ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. - query.script_options: |- + (Required) + The ID of the project containing this table. + routine.routine_id: |- - - (Optional) - Options controlling the execution of scripts. - Structure is documented below. - query.use_legacy_sql: |- + (Required) + The ID of the routine. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 256 characters. + special_group: |- - (Optional) - Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. - If set to false, the query will use BigQuery's standard SQL. - query.use_query_cache: |- + A special group to grant access to. Possible values include: + user_by_email: |- - (Optional) - Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever - tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. - The default value is true. - query.user_defined_function_resources: |- + An email address of a user to grant access to. For example: + fred@example.com + view: |- - (Optional) - Describes user-defined function resources used in the query. + A view from a different dataset to grant access to. Queries + executed against that view will have read access to tables in + this dataset. The role field is not required when this field is + set. If that view is updated by any user, access to the view + needs to be granted again via an update operation. Structure is documented below. - query.write_disposition: |- - - - (Optional) - Specifies the action that occurs if the destination table already exists. The following values are supported: - WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. - WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. - WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. - Each action is atomic and only occurs if BigQuery is able to complete the job successfully. - Creation, truncation and append actions occur as one atomic update upon job completion. - Default value is WRITE_EMPTY. - Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. - script_options.key_result_statement: |- - - - (Optional) - Determines which statement in the script represents the "key result", - used to populate the schema and query results of the script job. - Possible values are: LAST, FIRST_SELECT. - script_options.statement_byte_budget: |- - - - (Optional) - Limit on the number of bytes billed per statement. Exceeding this budget results in an error. - script_options.statement_timeout_ms: |- + view.dataset_id: |- - - (Optional) - Timeout period for each statement in a script. - source_model.copy: |- + (Required) + The ID of the dataset containing this table. + view.project_id: |- - - (Optional) - Copies a table. - Structure is documented below. - source_model.dataset_id: |- + (Required) + The ID of the project containing this table. + view.table_id: |- - (Required) - The ID of the dataset containing this model. - source_model.effective_labels: for all of the labels present on the resource. - source_model.extract: |- - - - (Optional) - Configures an extract job. - Structure is documented below. - source_model.job_timeout_ms: |- - - - (Optional) - Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job. - source_model.labels: |- - - - (Optional) - The labels associated with this job. You can use these to organize and group your jobs. - source_model.load: |- - - - (Optional) - Configures a load job. - Structure is documented below. - source_model.location: |- - - - (Optional) - The geographic location of the job. The default value is US. - source_model.model_id: |- - - - (Required) - The ID of the model. - source_model.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - source_model.project_id: |- - - - (Required) - The ID of the project containing this model. - source_model.query: |- - - - (Optional) - Configures a query job. - Structure is documented below. - source_table.dataset_id: |- - - - (Optional) - The ID of the dataset containing this table. - source_table.project_id: |- - - - (Optional) - The ID of the project containing this table. - source_table.table_id: |- - - - (Required) - The table. Can be specified {{table_id}} if project_id and dataset_id are also set, - or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. - source_tables.dataset_id: |- - - - (Optional) - The ID of the dataset containing this table. - source_tables.project_id: |- - - - (Optional) - The ID of the project containing this table. - source_tables.table_id: |- - - - (Required) - The table. Can be specified {{table_id}} if project_id and dataset_id are also set, - or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. - status: |- - - - The status of this job. Examine this value when polling an asynchronous job to see if the job is complete. - Structure is documented below. - status.error_result: |- - - - (Output) - Final error result of the job. If present, indicates that the job has completed and was unsuccessful. - Structure is documented below. - status.errors: |- - - - (Output) - The first errors encountered during the running of the job. The final message - includes the number of errors that caused the process to stop. Errors here do - not necessarily mean that the job has not completed or was unsuccessful. - Structure is documented below. - status.state: |- - - - (Output) - Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'. - terraform_labels: |- - - - (Output) - The combination of labels configured directly on the resource - and default labels configured on the provider. - time_partitioning.expiration_ms: |- - - - (Optional) - Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value. - time_partitioning.field: |- - - - (Optional) - If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. - The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. - A wrapper is used here because an empty string is an invalid value. - time_partitioning.type: |- - - - (Required) - The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, - but in OnePlatform the field will be treated as unset. - update: '- Default is 20 minutes.' - user_defined_function_resources.inline_code: |- - - - (Optional) - An inline resource that contains code for a user-defined function (UDF). - Providing a inline code resource is equivalent to providing a URI for a file containing the same code. - user_defined_function_resources.resource_uri: |- - - - (Optional) - A code resource to load from a Google Cloud Storage URI (gs://bucket/path). - user_email: |- - - - Email address of the user who ran the job. - importStatements: [] - google_bigquery_reservation: - subCategory: BigQuery Reservation - description: A reservation is a mechanism used to guarantee BigQuery slots to users. - name: google_bigquery_reservation - title: "" - examples: - - name: reservation - manifest: |- - { - "autoscale": [ - { - "max_slots": 100 - } - ], - "concurrency": 0, - "edition": "STANDARD", - "ignore_idle_slots": true, - "location": "us-west2", - "name": "my-reservation", - "slot_capacity": 0 - } - argumentDocs: - autoscale: |- - - - (Optional) - The configuration parameters for the auto scaling feature. - Structure is documented below. - autoscale.current_slots: |- - - - (Output) - The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots]. - autoscale.max_slots: |- - - - (Optional) - Number of slots to be scaled when needed. - concurrency: |- - - - (Optional) - Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - edition: |- - - - (Optional) - The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/reservations/{{name}}' - ignore_idle_slots: |- - - - (Optional) - If false, any query using this reservation will use idle slots from other reservations within - the same admin project. If true, a query using this reservation will execute with the slot - capacity specified above at most. - location: |- - - - (Optional) - The geographic location where the transfer config should reside. - Examples: US, EU, asia-northeast1. The default value is US. - multi_region_auxiliary: |- - - - (Optional) - Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). - If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. - name: |- - - - (Required) - The name of the reservation. This field must only contain alphanumeric characters or dash. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - slot_capacity: |- - - - (Required) - Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the - unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. - update: '- Default is 20 minutes.' + The ID of the table. The ID must contain only letters (a-z, + A-Z), numbers (0-9), or underscores (_). The maximum length + is 1,024 characters. importStatements: [] - google_bigquery_reservation_assignment: - subCategory: BigQuery Reservation - description: The BigqueryReservation Assignment resource - name: google_bigquery_reservation_assignment + google_bigquery_dataset_iam_policy: + subCategory: BigQuery + description: Collection of resources to manage IAM policy for a BigQuery dataset. + name: google_bigquery_dataset_iam_policy title: "" examples: - - name: primary + - name: dataset manifest: |- { - "assignee": "projects/my-project-name", - "job_type": "PIPELINE", - "reservation": "${google_bigquery_reservation.basic.id}" + "dataset_id": "${google_bigquery_dataset.dataset.dataset_id}", + "policy_data": "${data.google_iam_policy.owner.policy_data}" } references: - reservation: google_bigquery_reservation.basic.id + dataset_id: google_bigquery_dataset.dataset.dataset_id + policy_data: data.google_iam_policy.owner.policy_data dependencies: - google_bigquery_reservation.basic: |- + google_bigquery_dataset.dataset: |- { - "ignore_idle_slots": false, - "location": "us-central1", - "name": "tf-test-my-reservation", - "project": "my-project-name", - "slot_capacity": 0 + "dataset_id": "example_dataset" } argumentDocs: - assignee: |- - - - (Required) - The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' - job_type: |- - - - (Required) - Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY - location: |- - - - (Optional) - The location for the resource - name: |- - - - Output only. The resource name of the assignment. + dataset_id: '- (Required) The dataset ID.' + etag: '- (Computed) The etag of the dataset''s IAM policy.' + google_bigquery_dataset_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.' + google_bigquery_dataset_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.' + google_bigquery_dataset_iam_policy: ': Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_bigquery_dataset_iam_policy) The policy data generated by + a google_iam_policy data source. project: |- - - - (Optional) - The project for the resource - reservation: |- - - - (Required) - The reservation for the resource - state: |- - - - Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_bigquery_dataset_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_bigquery_routine: + google_bigquery_job: subCategory: BigQuery - description: A user-defined function or a stored procedure that belongs to a Dataset - name: google_bigquery_routine + description: Jobs are actions that BigQuery runs on your behalf to load data, export data, query data, or copy data. + name: google_bigquery_job title: "" examples: - - name: sproc - manifest: |- - { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);", - "language": "SQL", - "routine_id": "routine_id", - "routine_type": "PROCEDURE" - } - references: - dataset_id: google_bigquery_dataset.test.dataset_id - dependencies: - google_bigquery_dataset.test: |- - { - "dataset_id": "dataset_id" - } - - name: sproc + - name: job manifest: |- { - "arguments": [ - { - "data_type": "{\"typeKind\" : \"FLOAT64\"}", - "name": "x" - }, + "job_id": "job_query", + "labels": { + "example-label": "example-value" + }, + "query": [ { - "data_type": "{\"typeKind\" : \"FLOAT64\"}", - "name": "y" + "allow_large_results": true, + "destination_table": [ + { + "dataset_id": "${google_bigquery_table.foo.dataset_id}", + "project_id": "${google_bigquery_table.foo.project}", + "table_id": "${google_bigquery_table.foo.table_id}" + } + ], + "flatten_results": true, + "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", + "script_options": [ + { + "key_result_statement": "LAST" + } + ] } - ], - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "CREATE FUNCTION multiplyInputs return x*y;", - "language": "JAVASCRIPT", - "return_type": "{\"typeKind\" : \"FLOAT64\"}", - "routine_id": "routine_id", - "routine_type": "SCALAR_FUNCTION" + ] } references: - dataset_id: google_bigquery_dataset.test.dataset_id + query.destination_table.dataset_id: google_bigquery_table.foo.dataset_id + query.destination_table.project_id: google_bigquery_table.foo.project + query.destination_table.table_id: google_bigquery_table.foo.table_id dependencies: - google_bigquery_dataset.test: |- + google_bigquery_dataset.bar: |- { - "dataset_id": "dataset_id" + "dataset_id": "job_query_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" } - - name: sproc + google_bigquery_table.foo: |- + { + "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", + "deletion_protection": false, + "table_id": "job_query_table" + } + - name: job manifest: |- { - "arguments": [ + "job_id": "job_query", + "labels": { + "example-label": "example-value" + }, + "query": [ { - "argument_kind": "FIXED_TYPE", - "data_type": "${jsonencode({ \"typeKind\" : \"INT64\" })}", - "name": "value" + "allow_large_results": true, + "default_dataset": [ + { + "dataset_id": "${google_bigquery_dataset.bar.id}" + } + ], + "destination_table": [ + { + "table_id": "${google_bigquery_table.foo.id}" + } + ], + "flatten_results": true, + "query": "SELECT state FROM [lookerdata:cdc.project_tycho_reports]", + "script_options": [ + { + "key_result_statement": "LAST" + } + ] } - ], - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "SELECT 1 + value AS value\n", - "language": "SQL", - "return_table_type": "${jsonencode({\"columns\" : [\n { \"name\" : \"value\", \"type\" : { \"typeKind\" : \"INT64\" } },\n ] })}", - "routine_id": "routine_id", - "routine_type": "TABLE_VALUED_FUNCTION" + ] } references: - dataset_id: google_bigquery_dataset.test.dataset_id + query.default_dataset.dataset_id: google_bigquery_dataset.bar.id + query.destination_table.table_id: google_bigquery_table.foo.id dependencies: - google_bigquery_dataset.test: |- + google_bigquery_dataset.bar: |- { - "dataset_id": "dataset_id" + "dataset_id": "job_query_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" } - - name: pyspark + google_bigquery_table.foo: |- + { + "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", + "deletion_protection": false, + "table_id": "job_query_table" + } + - name: job manifest: |- { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n", - "language": "PYTHON", - "routine_id": "routine_id", - "routine_type": "PROCEDURE", - "spark_options": [ + "job_id": "job_load", + "labels": { + "my_job": "load" + }, + "load": [ { - "connection": "${google_bigquery_connection.test.name}", - "runtime_version": "2.1" + "autodetect": true, + "destination_table": [ + { + "dataset_id": "${google_bigquery_table.foo.dataset_id}", + "project_id": "${google_bigquery_table.foo.project}", + "table_id": "${google_bigquery_table.foo.table_id}" + } + ], + "schema_update_options": [ + "ALLOW_FIELD_RELAXATION", + "ALLOW_FIELD_ADDITION" + ], + "skip_leading_rows": 1, + "source_uris": [ + "gs://cloud-samples-data/bigquery/us-states/us-states-by-date.csv" + ], + "write_disposition": "WRITE_APPEND" } ] } references: - dataset_id: google_bigquery_dataset.test.dataset_id - spark_options.connection: google_bigquery_connection.test.name + load.destination_table.dataset_id: google_bigquery_table.foo.dataset_id + load.destination_table.project_id: google_bigquery_table.foo.project + load.destination_table.table_id: google_bigquery_table.foo.table_id dependencies: - google_bigquery_connection.test: |- + google_bigquery_dataset.bar: |- { - "connection_id": "connection_id", - "location": "US", - "spark": [ - {} - ] + "dataset_id": "job_load_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" } - google_bigquery_dataset.test: |- + google_bigquery_table.foo: |- { - "dataset_id": "dataset_id" + "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", + "deletion_protection": false, + "table_id": "job_load_table" } - - name: pyspark_mainfile + - name: job manifest: |- { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "", - "language": "PYTHON", - "routine_id": "routine_id", - "routine_type": "PROCEDURE", - "spark_options": [ + "depends_on": [ + "google_storage_bucket_object.object" + ], + "job_id": "job_load", + "labels": { + "my_job": "load" + }, + "load": [ { - "archive_uris": [ - "gs://test-bucket/distribute_in_executor.tar.gz" - ], - "connection": "${google_bigquery_connection.test.name}", - "file_uris": [ - "gs://test-bucket/distribute_in_executor.json" + "autodetect": true, + "destination_table": [ + { + "dataset_id": "${google_bigquery_table.foo.dataset_id}", + "project_id": "${google_bigquery_table.foo.project}", + "table_id": "${google_bigquery_table.foo.table_id}" + } ], - "main_file_uri": "gs://test-bucket/main.py", - "py_file_uris": [ - "gs://test-bucket/lib.py" + "json_extension": "GEOJSON", + "source_format": "NEWLINE_DELIMITED_JSON", + "source_uris": [ + "gs://${google_storage_bucket_object.object.bucket}/${google_storage_bucket_object.object.name}" ], - "runtime_version": "2.1" + "write_disposition": "WRITE_TRUNCATE" } ] } references: - dataset_id: google_bigquery_dataset.test.dataset_id - spark_options.connection: google_bigquery_connection.test.name + load.destination_table.dataset_id: google_bigquery_table.foo.dataset_id + load.destination_table.project_id: google_bigquery_table.foo.project + load.destination_table.table_id: google_bigquery_table.foo.table_id dependencies: - google_bigquery_connection.test: |- + google_bigquery_dataset.bar: |- { - "connection_id": "connection_id", - "location": "US", - "spark": [ - {} - ] + "dataset_id": "job_load_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" } - google_bigquery_dataset.test: |- + google_bigquery_table.foo: |- { - "dataset_id": "dataset_id" + "dataset_id": "${google_bigquery_dataset.bar.dataset_id}", + "deletion_protection": false, + "table_id": "job_load_table" } - - name: spark_jar + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "${local.project}-bq-geojson", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "content": "{\"type\":\"Feature\",\"properties\":{\"continent\":\"Europe\",\"region\":\"Scandinavia\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-30.94,53.33],[33.05,53.33],[33.05,71.86],[-30.94,71.86],[-30.94,53.33]]]}}\n{\"type\":\"Feature\",\"properties\":{\"continent\":\"Africa\",\"region\":\"West Africa\"},\"geometry\":{\"type\":\"Polygon\",\"coordinates\":[[[-23.91,0],[11.95,0],[11.95,18.98],[-23.91,18.98],[-23.91,0]]]}}\n", + "name": "geojson-data.jsonl" + } + - name: job manifest: |- { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "", - "language": "SCALA", - "routine_id": "routine_id", - "routine_type": "PROCEDURE", - "spark_options": [ + "job_id": "job_load", + "labels": { + "my_job": "load" + }, + "load": [ { - "connection": "${google_bigquery_connection.test.name}", - "container_image": "gcr.io/my-project-id/my-spark-image:latest", - "jar_uris": [ - "gs://test-bucket/uberjar_spark_spark3.jar" + "autodetect": true, + "destination_table": [ + { + "dataset_id": "${google_bigquery_table.test.dataset_id}", + "project_id": "${google_bigquery_table.test.project}", + "table_id": "${google_bigquery_table.test.table_id}" + } ], - "main_class": "com.google.test.jar.MainClass", - "properties": { - "spark.dataproc.scaling.version": "2", - "spark.reducer.fetchMigratedShuffle.enabled": "true" - }, - "runtime_version": "2.1" + "parquet_options": [ + { + "enable_list_inference": true, + "enum_as_string": true + } + ], + "schema_update_options": [ + "ALLOW_FIELD_RELAXATION", + "ALLOW_FIELD_ADDITION" + ], + "source_format": "PARQUET", + "source_uris": [ + "gs://${google_storage_bucket_object.test.bucket}/${google_storage_bucket_object.test.name}" + ], + "write_disposition": "WRITE_APPEND" } ] } references: - dataset_id: google_bigquery_dataset.test.dataset_id - spark_options.connection: google_bigquery_connection.test.name + load.destination_table.dataset_id: google_bigquery_table.test.dataset_id + load.destination_table.project_id: google_bigquery_table.test.project + load.destination_table.table_id: google_bigquery_table.test.table_id dependencies: - google_bigquery_connection.test: |- + google_bigquery_dataset.test: |- + { + "dataset_id": "job_load_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.test: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "deletion_protection": false, + "table_id": "job_load_table" + } + google_storage_bucket.test: |- { - "connection_id": "connection_id", "location": "US", - "spark": [ - {} - ] + "name": "job_load_bucket", + "uniform_bucket_level_access": true } - google_bigquery_dataset.test: |- + google_storage_bucket_object.test: |- { - "dataset_id": "dataset_id" + "bucket": "${google_storage_bucket.test.name}", + "name": "job_load_bucket_object", + "source": "./test-fixtures/test.parquet.gzip" } - - name: remote_function + - name: job manifest: |- { - "dataset_id": "${google_bigquery_dataset.test.dataset_id}", - "definition_body": "", - "remote_function_options": [ + "copy": [ { - "connection": "${google_bigquery_connection.test.name}", - "endpoint": "https://us-east1-my_gcf_project.cloudfunctions.net/remote_add", - "max_batching_rows": "10", - "user_defined_context": { - "z": "1.5" - } + "destination_encryption_configuration": [ + { + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "destination_table": [ + { + "dataset_id": "${google_bigquery_table.dest.dataset_id}", + "project_id": "${google_bigquery_table.dest.project}", + "table_id": "${google_bigquery_table.dest.table_id}" + } + ], + "source_tables": [ + { + "dataset_id": "${google_bigquery_table.source.0.dataset_id}", + "project_id": "${google_bigquery_table.source.0.project}", + "table_id": "${google_bigquery_table.source.0.table_id}" + }, + { + "dataset_id": "${google_bigquery_table.source.1.dataset_id}", + "project_id": "${google_bigquery_table.source.1.project}", + "table_id": "${google_bigquery_table.source.1.table_id}" + } + ] } ], - "return_type": "{\"typeKind\" : \"STRING\"}", - "routine_id": "routine_id", - "routine_type": "SCALAR_FUNCTION" + "depends_on": [ + "google_project_iam_member.encrypt_role" + ], + "job_id": "job_copy" } references: - dataset_id: google_bigquery_dataset.test.dataset_id - remote_function_options.connection: google_bigquery_connection.test.name + copy.destination_encryption_configuration.kms_key_name: google_kms_crypto_key.crypto_key.id + copy.destination_table.dataset_id: google_bigquery_table.dest.dataset_id + copy.destination_table.project_id: google_bigquery_table.dest.project + copy.destination_table.table_id: google_bigquery_table.dest.table_id + copy.source_tables.dataset_id: google_bigquery_table.source.1.dataset_id + copy.source_tables.project_id: google_bigquery_table.source.1.project + copy.source_tables.table_id: google_bigquery_table.source.1.table_id dependencies: - google_bigquery_connection.test: |- + google_bigquery_dataset.dest: |- { - "cloud_resource": [ - {} + "dataset_id": "job_copy_dest_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_dataset.source: |- + { + "count": "${local.count}", + "dataset_id": "job_copy_${count.index}_dataset", + "description": "This is a test description", + "friendly_name": "test", + "location": "US" + } + google_bigquery_table.dest: |- + { + "dataset_id": "${google_bigquery_dataset.dest.dataset_id}", + "deletion_protection": false, + "depends_on": [ + "google_project_iam_member.encrypt_role" ], - "connection_id": "connection_id", + "encryption_configuration": [ + { + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "job_copy_dest_table" + } + google_bigquery_table.source: |- + { + "count": "${local.count}", + "dataset_id": "${google_bigquery_dataset.source[count.index].dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "job_copy_${count.index}_table" + } + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "example-key" + } + google_kms_key_ring.key_ring: |- + { + "location": "global", + "name": "example-keyring" + } + google_project_iam_member.encrypt_role: |- + { + "member": "serviceAccount:bq-${data.google_project.project.number}@bigquery-encryption.iam.gserviceaccount.com", + "project": "${data.google_project.project.project_id}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + - name: job + manifest: |- + { + "extract": [ + { + "compression": "GZIP", + "destination_format": "NEWLINE_DELIMITED_JSON", + "destination_uris": [ + "${google_storage_bucket.dest.url}/extract" + ], + "source_table": [ + { + "dataset_id": "${google_bigquery_table.source-one.dataset_id}", + "project_id": "${google_bigquery_table.source-one.project}", + "table_id": "${google_bigquery_table.source-one.table_id}" + } + ] + } + ], + "job_id": "job_extract" + } + references: + extract.source_table.dataset_id: google_bigquery_table.source-one.dataset_id + extract.source_table.project_id: google_bigquery_table.source-one.project + extract.source_table.table_id: google_bigquery_table.source-one.table_id + dependencies: + google_bigquery_dataset.source-one: |- + { + "dataset_id": "job_extract_dataset", + "description": "This is a test description", + "friendly_name": "test", "location": "US" } - google_bigquery_dataset.test: |- + google_bigquery_table.source-one: |- { - "dataset_id": "dataset_id" + "dataset_id": "${google_bigquery_dataset.source-one.dataset_id}", + "deletion_protection": false, + "schema": "[\n {\n \"name\": \"name\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"post_abbr\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\"\n },\n {\n \"name\": \"date\",\n \"type\": \"DATE\",\n \"mode\": \"NULLABLE\"\n }\n]\n", + "table_id": "job_extract_table" + } + google_storage_bucket.dest: |- + { + "force_destroy": true, + "location": "US", + "name": "job_extract_bucket" } argumentDocs: - arguments: |- + copy.create_disposition: |- - (Optional) - Input/output argument of a function or a stored procedure. - Structure is documented below. - arguments.argument_kind: |- + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + Default value is CREATE_IF_NEEDED. + Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. + copy.destination_encryption_configuration: |- - (Optional) - Defaults to FIXED_TYPE. - Default value is FIXED_TYPE. - Possible values are: FIXED_TYPE, ANY_TYPE. - arguments.data_type: |- + Custom encryption configuration (e.g., Cloud KMS keys) + Structure is documented below. + copy.destination_table: |- - (Optional) - A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. - ~>NOTE: Because this field expects a JSON string, any changes to the string - will create a diff, even if the JSON itself hasn't changed. If the API returns - a different value for the same schema, e.g. it switched the order of values - or replaced STRUCT field type with RECORD field type, we currently cannot - suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - arguments.mode: |- + The destination table. + Structure is documented below. + copy.source_tables: |- - - (Optional) - Specifies whether the argument is input or output. Can be set for procedures only. - Possible values are: IN, OUT, INOUT. - arguments.name: |- + (Required) + Source tables to copy. + Structure is documented below. + copy.write_disposition: |- - (Optional) - The name of this argument. Can be absent for function return argument. + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + Default value is WRITE_EMPTY. + Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. create: '- Default is 20 minutes.' - creation_time: |- + default_dataset.dataset_id: |- - - The time when this routine was created, in milliseconds since the - epoch. - dataset_id: |- + (Required) + The dataset. Can be specified {{dataset_id}} if project_id is also set, + or of the form projects/{{project}}/datasets/{{dataset_id}} if not. + default_dataset.project_id: |- + - + (Optional) + The ID of the project containing this table. + delete: '- Default is 20 minutes.' + destination_encryption_configuration.kms_key_name: |- - (Required) - The ID of the dataset containing this routine - definition_body: |- + Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table. + The BigQuery Service Account associated with your project requires access to this encryption key. + destination_encryption_configuration.kms_key_version: |- + - + (Output) + Describes the Cloud KMS encryption key version used to protect destination BigQuery table. + destination_table.dataset_id: |- + - + (Optional) + The ID of the dataset containing this table. + destination_table.project_id: |- + - + (Optional) + The ID of the project containing this table. + destination_table.table_id: |- - (Required) - The body of the routine. For functions, this is the expression in the AS clause. - If language=SQL, it is the substring inside (but excluding) the parentheses. - delete: '- Default is 20 minutes.' - description: |- + The table. Can be specified {{table_id}} if project_id and dataset_id are also set, + or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. + effective_labels: |- + - + (Output) + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + error_result.location: |- - (Optional) - The description of the routine if defined. - determinism_level: |- + Specifies where the error occurred, if present. + error_result.message: |- - (Optional) - The determinism level of the JavaScript UDF if defined. - Possible values are: DETERMINISM_LEVEL_UNSPECIFIED, DETERMINISTIC, NOT_DETERMINISTIC. - id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}' - imported_libraries: |- + A human-readable description of the error. + error_result.reason: |- - (Optional) - Optional. If language = "JAVASCRIPT", this field stores the path of the - imported JAVASCRIPT libraries. - language: |- + A short error code that summarizes the error. + errors.location: |- - (Optional) - The language of the routine. - Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. - last_modified_time: |- + Specifies where the error occurred, if present. + errors.message: |- - - The time when this routine was modified, in milliseconds since the - epoch. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - remote_function_options: |- + (Optional) + A human-readable description of the error. + errors.reason: |- - (Optional) - Remote function specific options. - Structure is documented below. - remote_function_options.connection: |- + A short error code that summarizes the error. + extract.compression: |- - (Optional) - Fully qualified name of the user-provided connection object which holds - the authentication information to send requests to the remote service. - Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" - remote_function_options.endpoint: |- + The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE. + The default value is NONE. DEFLATE and SNAPPY are only supported for Avro. + extract.destination_format: |- - (Optional) - Endpoint of the user-provided remote service, e.g. - https://us-east1-my_gcf_project.cloudfunctions.net/remote_add - remote_function_options.max_batching_rows: |- + The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models. + The default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV. + The default value for models is SAVED_MODEL. + extract.destination_uris: |- + - + (Required) + A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written. + extract.field_delimiter: |- - (Optional) - Max number of rows in each batch sent to the remote service. If absent or if 0, - BigQuery dynamically decides the number of rows in a batch. - remote_function_options.user_defined_context: |- + When extracting data in CSV format, this defines the delimiter to use between fields in the exported data. + Default is ',' + extract.print_header: |- - (Optional) - User-defined context as a set of key/value pairs, which will be sent as function - invocation context together with batched arguments in the requests to the remote - service. The total number of bytes of keys and values must be less than 8KB. - An object containing a list of "key": value pairs. Example: - { "name": "wrench", "mass": "1.3kg", "count": "3" }. - return_table_type: |- + Whether to print out a header row in the results. Default is true. + extract.source_model: |- - (Optional) - Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". - If absent, the return table type is inferred from definitionBody at query time in each query - that references this routine. If present, then the columns in the evaluated table result will - be cast to match the column types specificed in return table type, at query time. - return_type: |- + A reference to the model being exported. + Structure is documented below. + extract.source_table: |- - (Optional) - A JSON schema for the return type. Optional if language = "SQL"; required otherwise. - If absent, the return type is inferred from definitionBody at query time in each query - that references this routine. If present, then the evaluated result will be cast to - the specified returned type at query time. ~>NOTE: Because this field expects a JSON - string, any changes to the string will create a diff, even if the JSON itself hasn't - changed. If the API returns a different value for the same schema, e.g. it switche - d the order of values or replaced STRUCT field type with RECORD field type, we currently - cannot suppress the recurring diff this causes. As a workaround, we recommend using - the schema as returned by the API. - routine_id: |- + A reference to the table being exported. + Structure is documented below. + extract.use_avro_logical_types: |- - - (Required) - The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters. - routine_type: |- + (Optional) + Whether to use logical types when extracting to AVRO format. + id: '- an identifier for the resource with format projects/{{project}}/jobs/{{job_id}}' + job_id: |- - (Required) - The type of routine. - Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. - spark_options: |- + The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters. + job_type: |- + - + (Output) + The type of the job. + load.allow_jagged_rows: |- - (Optional) - Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. - Structure is documented below. - spark_options.archive_uris: |- + Accept rows that are missing trailing optional columns. The missing values are treated as nulls. + If false, records with missing trailing columns are treated as bad records, and if there are too many bad records, + an invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats. + load.allow_quoted_newlines: |- - (Optional) - Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. - spark_options.connection: |- + Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. + The default value is false. + load.autodetect: |- - (Optional) - Fully qualified name of the user-provided Spark connection object. - Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" - spark_options.container_image: |- + Indicates if we should automatically infer the options and schema for CSV and JSON sources. + load.create_disposition: |- - (Optional) - Custom container image for the runtime environment. - spark_options.file_uris: |- + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + Default value is CREATE_IF_NEEDED. + Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. + load.destination_encryption_configuration: |- - (Optional) - Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. - spark_options.jar_uris: |- + Custom encryption configuration (e.g., Cloud KMS keys) + Structure is documented below. + load.destination_table: |- + - + (Required) + The destination table to load the data into. + Structure is documented below. + load.encoding: |- - (Optional) - JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. - spark_options.main_class: |- + The character encoding of the data. The supported values are UTF-8 or ISO-8859-1. + The default value is UTF-8. BigQuery decodes the data after the raw, binary data + has been split using the values of the quote and fieldDelimiter properties. + load.field_delimiter: |- - (Optional) - The fully qualified name of a class in jarUris, for example, com.example.wordcount. - Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. - spark_options.main_file_uri: |- + The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character. + To use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts + the string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the + data in its raw, binary state. BigQuery also supports the escape sequence "\t" to specify a tab separator. + The default value is a comma (','). + load.ignore_unknown_values: |- - (Optional) - The main file/jar URI of the Spark application. - Exactly one of the definitionBody field and the mainFileUri field must be set for Python. - Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. - spark_options.properties: |- + Indicates if BigQuery should allow extra values that are not represented in the table schema. + If true, the extra values are ignored. If false, records with extra columns are treated as bad records, + and if there are too many bad records, an invalid error is returned in the job result. + The default value is false. The sourceFormat property determines what BigQuery treats as an extra value: + CSV: Trailing columns + JSON: Named values that don't match any column names + load.json_extension: |- - (Optional) - Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. - For more information, see Apache Spark and the procedure option list. - An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. - spark_options.py_file_uris: |- + If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON. + For a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited + GeoJSON: set to GEOJSON. + load.max_bad_records: |- - (Optional) - Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. - spark_options.runtime_version: |- + The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value, + an invalid error is returned in the job result. The default value is 0, which requires that all records are valid. + load.null_marker: |- - (Optional) - Runtime version. If not specified, the default runtime version is used. - update: '- Default is 20 minutes.' - importStatements: [] - google_bigquery_table: - subCategory: BigQuery - description: Creates a table resource in a dataset for Google BigQuery. - name: google_bigquery_table + Specifies a string that represents a null value in a CSV file. For example, if you specify "\N", BigQuery interprets "\N" as a null value + when loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an + empty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as + an empty value. + load.parquet_options: |- + - + (Optional) + Parquet Options for load and make external tables. + Structure is documented below. + load.projection_fields: |- + - + (Optional) + If sourceFormat is set to "DATASTORE_BACKUP", indicates which entity properties to load into BigQuery from a Cloud Datastore backup. + Property names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties. + If any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result. + load.quote: |- + - + (Optional) + The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding, + and then uses the first byte of the encoded string to split the data in its raw, binary state. + The default value is a double-quote ('"'). If your data does not contain quoted sections, set the property value to an empty string. + If your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true. + load.schema_update_options: |- + - + (Optional) + Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or + supplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators. + For normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + load.skip_leading_rows: |- + - + (Optional) + The number of rows at the top of a CSV file that BigQuery will skip when loading the data. + The default value is 0. This property is useful if you have header rows in the file that should be skipped. + When autodetect is on, the behavior is the following: + skipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected, + the row is read as data. Otherwise data is read starting from the second row. + skipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row. + skipLeadingRows = N > 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected, + row N is just skipped. Otherwise row N is used to extract column names for the detected schema. + load.source_format: |- + - + (Optional) + The format of the data files. For CSV files, specify "CSV". For datastore backups, specify "DATASTORE_BACKUP". + For newline-delimited JSON, specify "NEWLINE_DELIMITED_JSON". For Avro, specify "AVRO". For parquet, specify "PARQUET". + For orc, specify "ORC". [Beta] For Bigtable, specify "BIGTABLE". + The default value is CSV. + load.source_uris: |- + - + (Required) + The fully-qualified URIs that point to your data in Google Cloud. + For Google Cloud Storage URIs: Each URI can contain one '*' wildcard character + and it must come after the 'bucket' name. Size limits related to load jobs apply + to external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be + specified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table. + For Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '*' wildcard character is not allowed. + load.time_partitioning: |- + - + (Optional) + Time-based partitioning specification for the destination table. + Structure is documented below. + load.write_disposition: |- + - + (Optional) + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + Default value is WRITE_EMPTY. + Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. + parquet_options.enable_list_inference: |- + - + (Optional) + If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type. + parquet_options.enum_as_string: |- + - + (Optional) + If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default. + query.allow_large_results: |- + - + (Optional) + If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance. + Requires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed. + However, you must still set destinationTable when result size exceeds the allowed maximum response size. + query.create_disposition: |- + - + (Optional) + Specifies whether the job is allowed to create new tables. The following values are supported: + CREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table. + CREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result. + Creation, truncation and append actions occur as one atomic update upon job completion + Default value is CREATE_IF_NEEDED. + Possible values are: CREATE_IF_NEEDED, CREATE_NEVER. + query.default_dataset: |- + - + (Optional) + Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names. + Structure is documented below. + query.destination_encryption_configuration: |- + - + (Optional) + Custom encryption configuration (e.g., Cloud KMS keys) + Structure is documented below. + query.destination_table: |- + - + (Optional) + Describes the table where the query results should be stored. + This property must be set for large results that exceed the maximum response size. + For queries that produce anonymous (cached) results, this field will be populated by BigQuery. + Structure is documented below. + query.flatten_results: |- + - + (Optional) + If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results. + allowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened. + query.maximum_billing_tier: |- + - + (Optional) + Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge). + If unspecified, this will be set to your project default. + query.maximum_bytes_billed: |- + - + (Optional) + Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge). + If unspecified, this will be set to your project default. + query.parameter_mode: |- + - + (Optional) + Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query. + query.priority: |- + - + (Optional) + Specifies a priority for the query. + Default value is INTERACTIVE. + Possible values are: INTERACTIVE, BATCH. + query.query: |- + - + (Required) + SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL. + NOTE: queries containing DML language + (DELETE, UPDATE, MERGE, INSERT) must specify create_disposition = "" and write_disposition = "". + query.schema_update_options: |- + - + (Optional) + Allows the schema of the destination table to be updated as a side effect of the query job. + Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND; + when writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, + specified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema. + One or more of the following values are specified: + ALLOW_FIELD_ADDITION: allow adding a nullable field to the schema. + ALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable. + query.script_options: |- + - + (Optional) + Options controlling the execution of scripts. + Structure is documented below. + query.use_legacy_sql: |- + - + (Optional) + Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true. + If set to false, the query will use BigQuery's standard SQL. + query.use_query_cache: |- + - + (Optional) + Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever + tables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified. + The default value is true. + query.user_defined_function_resources: |- + - + (Optional) + Describes user-defined function resources used in the query. + Structure is documented below. + query.write_disposition: |- + - + (Optional) + Specifies the action that occurs if the destination table already exists. The following values are supported: + WRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result. + WRITE_APPEND: If the table already exists, BigQuery appends the data to the table. + WRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result. + Each action is atomic and only occurs if BigQuery is able to complete the job successfully. + Creation, truncation and append actions occur as one atomic update upon job completion. + Default value is WRITE_EMPTY. + Possible values are: WRITE_TRUNCATE, WRITE_APPEND, WRITE_EMPTY. + script_options.key_result_statement: |- + - + (Optional) + Determines which statement in the script represents the "key result", + used to populate the schema and query results of the script job. + Possible values are: LAST, FIRST_SELECT. + script_options.statement_byte_budget: |- + - + (Optional) + Limit on the number of bytes billed per statement. Exceeding this budget results in an error. + script_options.statement_timeout_ms: |- + - + (Optional) + Timeout period for each statement in a script. + source_model.copy: |- + - + (Optional) + Copies a table. + Structure is documented below. + source_model.dataset_id: |- + - + (Required) + The ID of the dataset containing this model. + source_model.effective_labels: for all of the labels present on the resource. + source_model.extract: |- + - + (Optional) + Configures an extract job. + Structure is documented below. + source_model.job_timeout_ms: |- + - + (Optional) + Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job. + source_model.labels: |- + - + (Optional) + The labels associated with this job. You can use these to organize and group your jobs. + source_model.load: |- + - + (Optional) + Configures a load job. + Structure is documented below. + source_model.location: |- + - + (Optional) + The geographic location of the job. The default value is US. + source_model.model_id: |- + - + (Required) + The ID of the model. + source_model.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + source_model.project_id: |- + - + (Required) + The ID of the project containing this model. + source_model.query: |- + - + (Optional) + Configures a query job. + Structure is documented below. + source_table.dataset_id: |- + - + (Optional) + The ID of the dataset containing this table. + source_table.project_id: |- + - + (Optional) + The ID of the project containing this table. + source_table.table_id: |- + - + (Required) + The table. Can be specified {{table_id}} if project_id and dataset_id are also set, + or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. + source_tables.dataset_id: |- + - + (Optional) + The ID of the dataset containing this table. + source_tables.project_id: |- + - + (Optional) + The ID of the project containing this table. + source_tables.table_id: |- + - + (Required) + The table. Can be specified {{table_id}} if project_id and dataset_id are also set, + or of the form projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} if not. + status: |- + - + The status of this job. Examine this value when polling an asynchronous job to see if the job is complete. + Structure is documented below. + status.error_result: |- + - + (Output) + Final error result of the job. If present, indicates that the job has completed and was unsuccessful. + Structure is documented below. + status.errors: |- + - + (Output) + The first errors encountered during the running of the job. The final message + includes the number of errors that caused the process to stop. Errors here do + not necessarily mean that the job has not completed or was unsuccessful. + Structure is documented below. + status.state: |- + - + (Output) + Running state of the job. Valid states include 'PENDING', 'RUNNING', and 'DONE'. + terraform_labels: |- + - + (Output) + The combination of labels configured directly on the resource + and default labels configured on the provider. + time_partitioning.expiration_ms: |- + - + (Optional) + Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value. + time_partitioning.field: |- + - + (Optional) + If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field. + The field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED. + A wrapper is used here because an empty string is an invalid value. + time_partitioning.type: |- + - + (Required) + The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error, + but in OnePlatform the field will be treated as unset. + update: '- Default is 20 minutes.' + user_defined_function_resources.inline_code: |- + - + (Optional) + An inline resource that contains code for a user-defined function (UDF). + Providing a inline code resource is equivalent to providing a URI for a file containing the same code. + user_defined_function_resources.resource_uri: |- + - + (Optional) + A code resource to load from a Google Cloud Storage URI (gs://bucket/path). + user_email: |- + - + Email address of the user who ran the job. + importStatements: [] + google_bigquery_reservation: + subCategory: BigQuery Reservation + description: A reservation is a mechanism used to guarantee BigQuery slots to users. + name: google_bigquery_reservation title: "" examples: - - name: default + - name: reservation manifest: |- { - "dataset_id": "${google_bigquery_dataset.default.dataset_id}", - "labels": { - "env": "default" - }, - "schema": "[\n {\n \"name\": \"permalink\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The Permalink\"\n },\n {\n \"name\": \"state\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"State where the head office is located\"\n }\n]\n", - "table_id": "bar", - "time_partitioning": [ + "autoscale": [ { - "type": "DAY" + "max_slots": 100 } - ] + ], + "concurrency": 0, + "edition": "STANDARD", + "ignore_idle_slots": true, + "location": "us-west2", + "name": "my-reservation", + "slot_capacity": 0 + } + argumentDocs: + autoscale: |- + - + (Optional) + The configuration parameters for the auto scaling feature. + Structure is documented below. + autoscale.current_slots: |- + - + (Output) + The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots]. + autoscale.max_slots: |- + - + (Optional) + Number of slots to be scaled when needed. + concurrency: |- + - + (Optional) + Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + edition: |- + - + (Optional) + The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/reservations/{{name}}' + ignore_idle_slots: |- + - + (Optional) + If false, any query using this reservation will use idle slots from other reservations within + the same admin project. If true, a query using this reservation will execute with the slot + capacity specified above at most. + location: |- + - + (Optional) + The geographic location where the transfer config should reside. + Examples: US, EU, asia-northeast1. The default value is US. + multi_region_auxiliary: |- + - + (Optional) + Applicable only for reservations located within one of the BigQuery multi-regions (US or EU). + If set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region. + name: |- + - + (Required) + The name of the reservation. This field must only contain alphanumeric characters or dash. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + slot_capacity: |- + - + (Required) + Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the + unit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false. + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_reservation_assignment: + subCategory: BigQuery Reservation + description: The BigqueryReservation Assignment resource + name: google_bigquery_reservation_assignment + title: "" + examples: + - name: primary + manifest: |- + { + "assignee": "projects/my-project-name", + "job_type": "PIPELINE", + "reservation": "${google_bigquery_reservation.basic.id}" } references: - dataset_id: google_bigquery_dataset.default.dataset_id + reservation: google_bigquery_reservation.basic.id dependencies: - google_bigquery_dataset.default: |- + google_bigquery_reservation.basic: |- { - "dataset_id": "foo", - "default_table_expiration_ms": 3600000, - "description": "This is a test description", - "friendly_name": "test", - "labels": { - "env": "default" - }, - "location": "EU" + "ignore_idle_slots": false, + "location": "us-central1", + "name": "tf-test-my-reservation", + "project": "my-project-name", + "slot_capacity": 0 } - - name: sheet + argumentDocs: + assignee: |- + - + (Required) + The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/reservations/{{reservation}}/assignments/{{name}}' + job_type: |- + - + (Required) + Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY + location: |- + - + (Optional) + The location for the resource + name: |- + - + Output only. The resource name of the assignment. + project: |- + - + (Optional) + The project for the resource + reservation: |- + - + (Required) + The reservation for the resource + state: |- + - + Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE + importStatements: [] + google_bigquery_routine: + subCategory: BigQuery + description: A user-defined function or a stored procedure that belongs to a Dataset + name: google_bigquery_routine + title: "" + examples: + - name: sproc manifest: |- { - "dataset_id": "${google_bigquery_dataset.default.dataset_id}", - "external_data_configuration": [ - { - "autodetect": true, - "google_sheets_options": [ - { - "skip_leading_rows": 1 - } - ], - "source_format": "GOOGLE_SHEETS", - "source_uris": [ - "https://docs.google.com/spreadsheets/d/123456789012345" - ] - } - ], - "table_id": "sheet" + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "CREATE FUNCTION Add(x FLOAT64, y FLOAT64) RETURNS FLOAT64 AS (x + y);", + "language": "SQL", + "routine_id": "routine_id", + "routine_type": "PROCEDURE" } references: - dataset_id: google_bigquery_dataset.default.dataset_id + dataset_id: google_bigquery_dataset.test.dataset_id dependencies: - google_bigquery_dataset.default: |- + google_bigquery_dataset.test: |- { - "dataset_id": "foo", - "default_table_expiration_ms": 3600000, - "description": "This is a test description", - "friendly_name": "test", - "labels": { - "env": "default" - }, - "location": "EU" + "dataset_id": "dataset_id" } - argumentDocs: + - name: sproc + manifest: |- + { + "arguments": [ + { + "data_type": "{\"typeKind\" : \"FLOAT64\"}", + "name": "x" + }, + { + "data_type": "{\"typeKind\" : \"FLOAT64\"}", + "name": "y" + } + ], + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "CREATE FUNCTION multiplyInputs return x*y;", + "language": "JAVASCRIPT", + "return_type": "{\"typeKind\" : \"FLOAT64\"}", + "routine_id": "routine_id", + "routine_type": "SCALAR_FUNCTION" + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + dependencies: + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: sproc + manifest: |- + { + "arguments": [ + { + "argument_kind": "FIXED_TYPE", + "data_type": "${jsonencode({ \"typeKind\" : \"INT64\" })}", + "name": "value" + } + ], + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "SELECT 1 + value AS value\n", + "language": "SQL", + "return_table_type": "${jsonencode({\"columns\" : [\n { \"name\" : \"value\", \"type\" : { \"typeKind\" : \"INT64\" } },\n ] })}", + "routine_id": "routine_id", + "routine_type": "TABLE_VALUED_FUNCTION" + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + dependencies: + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: pyspark + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "from pyspark.sql import SparkSession\n\nspark = SparkSession.builder.appName(\"spark-bigquery-demo\").getOrCreate()\n \n# Load data from BigQuery.\nwords = spark.read.format(\"bigquery\") \\\n .option(\"table\", \"bigquery-public-data:samples.shakespeare\") \\\n .load()\nwords.createOrReplaceTempView(\"words\")\n \n# Perform word count.\nword_count = words.select('word', 'word_count').groupBy('word').sum('word_count').withColumnRenamed(\"sum(word_count)\", \"sum_word_count\")\nword_count.show()\nword_count.printSchema()\n \n# Saving the data to BigQuery\nword_count.write.format(\"bigquery\") \\\n .option(\"writeMethod\", \"direct\") \\\n .save(\"wordcount_dataset.wordcount_output\")\n", + "language": "PYTHON", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: pyspark_mainfile + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "language": "PYTHON", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "archive_uris": [ + "gs://test-bucket/distribute_in_executor.tar.gz" + ], + "connection": "${google_bigquery_connection.test.name}", + "file_uris": [ + "gs://test-bucket/distribute_in_executor.json" + ], + "main_file_uri": "gs://test-bucket/main.py", + "py_file_uris": [ + "gs://test-bucket/lib.py" + ], + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: spark_jar + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "language": "SCALA", + "routine_id": "routine_id", + "routine_type": "PROCEDURE", + "spark_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "container_image": "gcr.io/my-project-id/my-spark-image:latest", + "jar_uris": [ + "gs://test-bucket/uberjar_spark_spark3.jar" + ], + "main_class": "com.google.test.jar.MainClass", + "properties": { + "spark.dataproc.scaling.version": "2", + "spark.reducer.fetchMigratedShuffle.enabled": "true" + }, + "runtime_version": "2.1" + } + ] + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + spark_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "connection_id": "connection_id", + "location": "US", + "spark": [ + {} + ] + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + - name: custom_masking_routine + manifest: |- + { + "arguments": [ + { + "data_type": "{\"typeKind\" : \"STRING\"}", + "name": "ssn" + } + ], + "data_governance_type": "DATA_MASKING", + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "SAFE.REGEXP_REPLACE(ssn, '[0-9]', 'X')", + "language": "SQL", + "return_type": "{\"typeKind\" : \"STRING\"}", + "routine_id": "custom_masking_routine", + "routine_type": "SCALAR_FUNCTION" + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + dependencies: + google_bigquery_dataset.test: |- + { + "dataset_id": "tf_test_dataset_id" + } + - name: remote_function + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.test.dataset_id}", + "definition_body": "", + "remote_function_options": [ + { + "connection": "${google_bigquery_connection.test.name}", + "endpoint": "https://us-east1-my_gcf_project.cloudfunctions.net/remote_add", + "max_batching_rows": "10", + "user_defined_context": { + "z": "1.5" + } + } + ], + "return_type": "{\"typeKind\" : \"STRING\"}", + "routine_id": "routine_id", + "routine_type": "SCALAR_FUNCTION" + } + references: + dataset_id: google_bigquery_dataset.test.dataset_id + remote_function_options.connection: google_bigquery_connection.test.name + dependencies: + google_bigquery_connection.test: |- + { + "cloud_resource": [ + {} + ], + "connection_id": "connection_id", + "location": "US" + } + google_bigquery_dataset.test: |- + { + "dataset_id": "dataset_id" + } + argumentDocs: + arguments: |- + - + (Optional) + Input/output argument of a function or a stored procedure. + Structure is documented below. + arguments.argument_kind: |- + - + (Optional) + Defaults to FIXED_TYPE. + Default value is FIXED_TYPE. + Possible values are: FIXED_TYPE, ANY_TYPE. + arguments.data_type: |- + - + (Optional) + A JSON schema for the data type. Required unless argumentKind = ANY_TYPE. + ~>NOTE: Because this field expects a JSON string, any changes to the string + will create a diff, even if the JSON itself hasn't changed. If the API returns + a different value for the same schema, e.g. it switched the order of values + or replaced STRUCT field type with RECORD field type, we currently cannot + suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + arguments.mode: |- + - + (Optional) + Specifies whether the argument is input or output. Can be set for procedures only. + Possible values are: IN, OUT, INOUT. + arguments.name: |- + - + (Optional) + The name of this argument. Can be absent for function return argument. + create: '- Default is 20 minutes.' + creation_time: |- + - + The time when this routine was created, in milliseconds since the + epoch. + data_governance_type: |- + - + (Optional) + If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + Possible values are: DATA_MASKING. + dataset_id: |- + - + (Required) + The ID of the dataset containing this routine + definition_body: |- + - + (Required) + The body of the routine. For functions, this is the expression in the AS clause. + If language=SQL, it is the substring inside (but excluding) the parentheses. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the routine if defined. + determinism_level: |- + - + (Optional) + The determinism level of the JavaScript UDF if defined. + Possible values are: DETERMINISM_LEVEL_UNSPECIFIED, DETERMINISTIC, NOT_DETERMINISTIC. + id: '- an identifier for the resource with format projects/{{project}}/datasets/{{dataset_id}}/routines/{{routine_id}}' + imported_libraries: |- + - + (Optional) + Optional. If language = "JAVASCRIPT", this field stores the path of the + imported JAVASCRIPT libraries. + language: |- + - + (Optional) + The language of the routine. + Possible values are: SQL, JAVASCRIPT, PYTHON, JAVA, SCALA. + last_modified_time: |- + - + The time when this routine was modified, in milliseconds since the + epoch. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + remote_function_options: |- + - + (Optional) + Remote function specific options. + Structure is documented below. + remote_function_options.connection: |- + - + (Optional) + Fully qualified name of the user-provided connection object which holds + the authentication information to send requests to the remote service. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + remote_function_options.endpoint: |- + - + (Optional) + Endpoint of the user-provided remote service, e.g. + https://us-east1-my_gcf_project.cloudfunctions.net/remote_add + remote_function_options.max_batching_rows: |- + - + (Optional) + Max number of rows in each batch sent to the remote service. If absent or if 0, + BigQuery dynamically decides the number of rows in a batch. + remote_function_options.user_defined_context: |- + - + (Optional) + User-defined context as a set of key/value pairs, which will be sent as function + invocation context together with batched arguments in the requests to the remote + service. The total number of bytes of keys and values must be less than 8KB. + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + return_table_type: |- + - + (Optional) + Optional. Can be set only if routineType = "TABLE_VALUED_FUNCTION". + If absent, the return table type is inferred from definitionBody at query time in each query + that references this routine. If present, then the columns in the evaluated table result will + be cast to match the column types specificed in return table type, at query time. + return_type: |- + - + (Optional) + A JSON schema for the return type. Optional if language = "SQL"; required otherwise. + If absent, the return type is inferred from definitionBody at query time in each query + that references this routine. If present, then the evaluated result will be cast to + the specified returned type at query time. ~>NOTE: Because this field expects a JSON + string, any changes to the string will create a diff, even if the JSON itself hasn't + changed. If the API returns a different value for the same schema, e.g. it switche + d the order of values or replaced STRUCT field type with RECORD field type, we currently + cannot suppress the recurring diff this causes. As a workaround, we recommend using + the schema as returned by the API. + routine_id: |- + - + (Required) + The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters. + routine_type: |- + - + (Required) + The type of routine. + Possible values are: SCALAR_FUNCTION, PROCEDURE, TABLE_VALUED_FUNCTION. + spark_options: |- + - + (Optional) + Optional. If language is one of "PYTHON", "JAVA", "SCALA", this field stores the options for spark stored procedure. + Structure is documented below. + spark_options.archive_uris: |- + - + (Optional) + Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark. + spark_options.connection: |- + - + (Optional) + Fully qualified name of the user-provided Spark connection object. + Format: "projects/{projectId}/locations/{locationId}/connections/{connectionId}" + spark_options.container_image: |- + - + (Optional) + Custom container image for the runtime environment. + spark_options.file_uris: |- + - + (Optional) + Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark. + spark_options.jar_uris: |- + - + (Optional) + JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark. + spark_options.main_class: |- + - + (Optional) + The fully qualified name of a class in jarUris, for example, com.example.wordcount. + Exactly one of mainClass and main_jar_uri field should be set for Java/Scala language type. + spark_options.main_file_uri: |- + - + (Optional) + The main file/jar URI of the Spark application. + Exactly one of the definitionBody field and the mainFileUri field must be set for Python. + Exactly one of mainClass and mainFileUri field should be set for Java/Scala language type. + spark_options.properties: |- + - + (Optional) + Configuration properties as a set of key/value pairs, which will be passed on to the Spark application. + For more information, see Apache Spark and the procedure option list. + An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + spark_options.py_file_uris: |- + - + (Optional) + Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark. + spark_options.runtime_version: |- + - + (Optional) + Runtime version. If not specified, the default runtime version is used. + update: '- Default is 20 minutes.' + importStatements: [] + google_bigquery_table: + subCategory: BigQuery + description: Creates a table resource in a dataset for Google BigQuery. + name: google_bigquery_table + title: "" + examples: + - name: default + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.default.dataset_id}", + "labels": { + "env": "default" + }, + "schema": "[\n {\n \"name\": \"permalink\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"The Permalink\"\n },\n {\n \"name\": \"state\",\n \"type\": \"STRING\",\n \"mode\": \"NULLABLE\",\n \"description\": \"State where the head office is located\"\n }\n]\n", + "table_id": "bar", + "time_partitioning": [ + { + "type": "DAY" + } + ] + } + references: + dataset_id: google_bigquery_dataset.default.dataset_id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "foo", + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "location": "EU" + } + - name: sheet + manifest: |- + { + "dataset_id": "${google_bigquery_dataset.default.dataset_id}", + "external_data_configuration": [ + { + "autodetect": true, + "google_sheets_options": [ + { + "skip_leading_rows": 1 + } + ], + "source_format": "GOOGLE_SHEETS", + "source_uris": [ + "https://docs.google.com/spreadsheets/d/123456789012345" + ] + } + ], + "table_id": "sheet" + } + references: + dataset_id: google_bigquery_dataset.default.dataset_id + dependencies: + google_bigquery_dataset.default: |- + { + "dataset_id": "foo", + "default_table_expiration_ms": 3600000, + "description": "This is a test description", + "friendly_name": "test", + "labels": { + "env": "default" + }, + "location": "EU" + } + argumentDocs: CUSTOM: ', you must encode the partition key schema within the source_uri_prefix by setting source_uri_prefix to gs://bucket/path_to_table/{key1:TYPE1}/{key2:TYPE2}/{key3:TYPE3}.' STRUCT: |- field type with RECORD @@ -12868,6 +14860,7 @@ resources: extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false. + external_data_configuration.json_extension: '(Optional) - Used to indicate that a JSON variant, rather than normal JSON, is being used as the sourceFormat. This should only be used in combination with the JSON source format. Valid values are: GEOJSON.' external_data_configuration.json_options: |- (Optional) - Additional properties to set if source_format is set to "JSON". Structure is documented below. @@ -14055,6 +16048,12 @@ resources: negative. If units is negative, nanos must be negative or zero. For example $-1.75 is represented as units=-1 and nanos=-750,000,000. + specified_amount.ownership_scope: |- + - + (Optional) + The ownership scope of the budget. The ownership scope and users' + IAM permissions determine who has full access to the budget's data. + Possible values are: OWNERSHIP_SCOPE_UNSPECIFIED, ALL_USERS, BILLING_ACCOUNT. specified_amount.threshold_rules: |- - (Optional) @@ -15088,6 +17087,31 @@ resources: "domain": "subdomain2.hashicorptest.com", "name": "dns-auth2" } + - name: default + manifest: |- + { + "description": "regional managed certs", + "location": "us-central1", + "managed": [ + { + "dns_authorizations": [ + "${google_certificate_manager_dns_authorization.instance.id}" + ], + "domains": [ + "${google_certificate_manager_dns_authorization.instance.domain}" + ] + } + ], + "name": "dns-cert" + } + dependencies: + google_certificate_manager_dns_authorization.instance: |- + { + "description": "The default dnss", + "domain": "subdomain.hashicorptest.com", + "location": "us-central1", + "name": "dns-auth" + } argumentDocs: authorization_attempt_info.details: |- - @@ -15626,6 +17650,15 @@ resources: "location": "global", "name": "dns-auth" } + - name: default + manifest: |- + { + "description": "reginal dns", + "domain": "subdomain.hashicorptest.com", + "location": "us-central1", + "name": "dns-auth", + "type": "PER_PROJECT_RECORD" + } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' @@ -15685,6 +17718,16 @@ resources: - The combination of labels configured directly on the resource and default labels configured on the provider. + type: |- + - + (Optional) + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + FIXED_RECORD DNS authorization uses DNS-01 validation method + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. update: '- Default is 20 minutes.' importStatements: [] google_certificate_manager_trust_config: @@ -16558,6 +18601,117 @@ resources: - Last update timestamp in RFC 3339 text format. importStatements: [] + google_cloud_quotas_quota_preference: + subCategory: Cloud Quotas + description: QuotaPreference represents the preferred quota configuration specified for a project, folder or organization. + name: google_cloud_quotas_quota_preference + title: "" + examples: + - name: preference + manifest: |- + { + "contact_email": "testuser@gmail.com", + "dimensions": { + "region": "us-east1" + }, + "name": "compute_googleapis_com-CPUS-per-project_us-east1", + "parent": "projects/my-project-name", + "quota_config": [ + { + "preferred_value": 200 + } + ], + "quota_id": "CPUS-per-project-region", + "service": "compute.googleapis.com" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Create time stamp. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + delete: '- Default is 20 minutes.' + etag: |- + - + The current etag of the quota preference. If an etag is provided on update and does not match the current server's etag of the quota preference, the request will be blocked and an ABORTED error will be returned. See https://google.aip.dev/134#etags for more details on etags. + id: '- an identifier for the resource with format {{parent}}/locations/global/quotaPreferences/{{name}}' + parent: |- + - + (Required) + The parent of the quota preference. Allowed parents are "projects/[project-id / number]" or "folders/[folder-id / number]" or "organizations/[org-id / number]". + quota_config: |- + - + (Required) + The preferred quota configuration. + Structure is documented below. + quota_config.annotations: |- + - + (Optional) + The annotations map for clients to store small amounts of arbitrary data. Do not put PII or other sensitive information here. See https://google.aip.dev/128#annotations. + An object containing a list of "key: value" pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + quota_config.contact_email: |- + - + (Optional) + An email address that can be used for quota related communication between the Google Cloud and the user in case the Google Cloud needs further information to make a decision on whether the user preferred quota can be granted. + The Google account for the email address must have quota update permission for the project, folder or organization this quota preference is for. + quota_config.dimensions: |- + - + (Optional) + The dimensions that this quota preference applies to. The key of the map entry is the name of a dimension, such as "region", "zone", "network_id", and the value of the map entry is the dimension value. If a dimension is missing from the map of dimensions, the quota preference applies to all the dimension values except for those that have other quota preferences configured for the specific value. + NOTE: QuotaPreferences can only be applied across all values of "user" and "resource" dimension. Do not set values for "user" or "resource" in the dimension map. + Example: {"provider": "Foo Inc"} where "provider" is a service specific dimension. + quota_config.granted_value: |- + - + (Output) + Granted quota value. + quota_config.ignore_safety_checks: |- + - + (Optional) + The list of quota safety checks to be ignored. + Default value is QUOTA_SAFETY_CHECK_UNSPECIFIED. + Possible values are: QUOTA_SAFETY_CHECK_UNSPECIFIED, QUOTA_DECREASE_BELOW_USAGE, QUOTA_DECREASE_PERCENTAGE_TOO_HIGH. + quota_config.justification: |- + - + (Optional) + The reason / justification for this quota preference. + quota_config.name: |- + - + (Optional) + The resource name of the quota preference. Required except in the CREATE requests. + quota_config.preferred_value: |- + - + (Required) + The preferred value. Must be greater than or equal to -1. If set to -1, it means the value is "unlimited". + quota_config.request_origin: |- + - + (Output) + The origin of the quota preference request. + quota_config.state_detail: |- + - + (Output) + Optional details about the state of this quota preference. + quota_config.trace_id: |- + - + (Output) + The trace id that the Google Cloud uses to provision the requested quota. This trace id may be used by the client to contact Cloud support to track the state of a quota preference request. The trace id is only produced for increase requests and is unique for each request. The quota decrease requests do not have a trace id. + quota_id: |- + - + (Required) + The id of the quota to which the quota preference is applied. A quota id is unique in the service. + Example: CPUS-per-project-region. + reconciling: |- + - + Is the quota preference pending Google Cloud approval and fulfillment. + service: |- + - + (Required) + The name of the service to which the quota preference is applied. + update: '- Default is 20 minutes.' + update_time: |- + - + Update time stamp. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: 2014-10-02T15:01:23Z and 2014-10-02T15:01:23.045123456Z. + importStatements: [] google_cloud_run_domain_mapping: subCategory: Cloud Run description: Resource to hold the state and status of a user's domain mapping. @@ -17933,7 +20087,7 @@ resources: - name: default manifest: |- { - "launch_stage": "BETA", + "launch_stage": "GA", "location": "us-central1", "name": "cloudrun-job", "template": [ @@ -17947,7 +20101,6 @@ resources: ], "vpc_access": [ { - "egress": "ALL_TRAFFIC", "network_interfaces": [ { "network": "default", @@ -18221,6 +20374,14 @@ resources: expire_time: |- - For a deleted resource, the time after which it will be permamently deleted. + gcs.bucket: |- + - + (Required) + Name of the cloud storage bucket to back the volume. The resource service account must have permission to access the bucket. + gcs.read_only: |- + - + (Optional) + If true, mount this volume as read-only in all mounts. If false, mount this volume as read-write. generation: |- - A number that monotonically increases every time the user modifies the desired state. @@ -18323,6 +20484,18 @@ resources: - (Optional) Network tags applied to this Cloud Run job. + nfs.path: |- + - + (Optional) + Path that is exported by the NFS server. + nfs.read_only: |- + - + (Optional) + If true, mount this volume as read-only in all mounts. + nfs.server: |- + - + (Required) + Hostname or IP address of the NFS server. observed_generation: |- - The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run. @@ -18506,10 +20679,20 @@ resources: (Optional, Beta) Ephemeral storage used as a shared volume. Structure is documented below. + volumes.gcs: |- + - + (Optional, Beta) + Cloud Storage bucket mounted as a volume using GCSFuse. This feature requires the launch stage to be set to ALPHA or BETA. + Structure is documented below. volumes.name: |- - (Required) Volume's name. + volumes.nfs: |- + - + (Optional, Beta) + NFS share mounted as a volume. This feature requires the launch stage to be set to ALPHA or BETA. + Structure is documented below. volumes.secret: |- - (Optional) @@ -18775,7 +20958,7 @@ resources: - name: default manifest: |- { - "launch_stage": "BETA", + "launch_stage": "GA", "location": "us-central1", "name": "cloudrun-service", "template": [ @@ -18787,7 +20970,6 @@ resources: ], "vpc_access": [ { - "egress": "ALL_TRAFFIC", "network_interfaces": [ { "network": "default", @@ -19422,6 +21604,11 @@ resources: - (Optional) If true, mount the NFS volume as read only + nfs.scaling: |- + - + (Optional, Beta) + Scaling settings that apply to the whole service + Structure is documented below. nfs.server: |- - (Required) @@ -19713,7 +21900,7 @@ resources: volumes.gcs: |- - (Optional) - Represents a GCS Bucket mounted as a volume. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. Structure is documented below. volumes.name: |- - @@ -23195,6 +25382,46 @@ resources: - Time at which the CustomTargetType was updated. importStatements: [] + google_clouddeploy_custom_target_type_iam_policy: + subCategory: Cloud Deploy + description: Collection of resources to manage IAM policy for Cloud Deploy CustomTargetType + name: google_clouddeploy_custom_target_type_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "location": "${google_clouddeploy_custom_target_type.custom-target-type.location}", + "name": "${google_clouddeploy_custom_target_type.custom-target-type.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_clouddeploy_custom_target_type.custom-target-type.project}" + } + references: + location: google_clouddeploy_custom_target_type.custom-target-type.location + name: google_clouddeploy_custom_target_type.custom-target-type.name + policy_data: data.google_iam_policy.admin.policy_data + project: google_clouddeploy_custom_target_type.custom-target-type.project + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_clouddeploy_custom_target_type_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the customtargettype are preserved.' + google_clouddeploy_custom_target_type_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the customtargettype are preserved.' + google_clouddeploy_custom_target_type_iam_policy: ': Authoritative. Sets the IAM policy for the customtargettype and replaces any existing policy already attached.' + location: '- (Required) The location of the source. Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' + policy_data: |- + - (Required only by google_clouddeploy_custom_target_type_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_clouddeploy_custom_target_type_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_clouddeploy_delivery_pipeline: subCategory: Cloud Deploy description: The Cloud Deploy @@ -24431,8 +26658,8 @@ resources: create: '- Default is 5 minutes.' delete: '- Default is 5 minutes.' description: '- (Optional) Description of the function.' - docker_registry: '- (Optional) Docker Registry to use for storing the function''s Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.' - docker_repository: '- (Optional) User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry. This is the repository to which the function docker image will be pushed after it is built by Cloud Build. If unspecified, Container Registry will be used by default, unless specified otherwise by other means.' + docker_registry: '- (Optional) Docker Registry to use for storing the function''s Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.' + docker_repository: '- (Optional) User-managed repository created in Artifact Registry to which the function''s Docker image will be pushed after it is built by Cloud Build. May optionally be encrypted with a customer-managed encryption key (CMEK). If unspecified and docker_registry is not explicitly set to CONTAINER_REGISTRY, GCF will create and use a default Artifact Registry repository named ''gcf-artifacts'' in the region.' effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. @@ -24995,6 +27222,89 @@ resources: "name": "function-source.zip", "source": "function-source.zip" } + - name: function + manifest: |- + { + "build_config": [ + { + "entry_point": "helloHttp", + "runtime": "nodejs16", + "service_account": "${google_service_account.account.id}", + "source": [ + { + "storage_source": [ + { + "bucket": "${google_storage_bucket.bucket.name}", + "object": "${google_storage_bucket_object.object.name}" + } + ] + } + ] + } + ], + "depends_on": [ + "${time_sleep.wait_60s}" + ], + "description": "a new function", + "location": "us-central1", + "name": "function-v2", + "service_config": [ + { + "available_memory": "256M", + "max_instance_count": 1, + "timeout_seconds": 60 + } + ] + } + references: + build_config.service_account: google_service_account.account.id + build_config.source.storage_source.bucket: google_storage_bucket.bucket.name + build_config.source.storage_source.object: google_storage_bucket_object.object.name + dependencies: + google_project_iam_member.artifact_registry_writer: |- + { + "member": "serviceAccount:${google_service_account.account.email}", + "project": "${google_service_account.account.project}", + "role": "roles/artifactregistry.writer" + } + google_project_iam_member.log_writer: |- + { + "member": "serviceAccount:${google_service_account.account.email}", + "project": "${google_service_account.account.project}", + "role": "roles/logging.logWriter" + } + google_project_iam_member.storage_object_admin: |- + { + "member": "serviceAccount:${google_service_account.account.email}", + "project": "${google_service_account.account.project}", + "role": "roles/storage.objectAdmin" + } + google_service_account.account: |- + { + "account_id": "gcf-sa", + "display_name": "Test Service Account" + } + google_storage_bucket.bucket: |- + { + "location": "US", + "name": "${local.project}-gcf-source", + "uniform_bucket_level_access": true + } + google_storage_bucket_object.object: |- + { + "bucket": "${google_storage_bucket.bucket.name}", + "name": "function-source.zip", + "source": "function-source.zip" + } + time_sleep.wait_60s: |- + { + "create_duration": "60s", + "depends_on": [ + "${google_project_iam_member.log_writer}", + "${google_project_iam_member.artifact_registry_writer}", + "${google_project_iam_member.storage_object_admin}" + ] + } - name: function manifest: |- { @@ -25357,6 +27667,10 @@ resources: (Optional) The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. + build_config.service_account: |- + - + (Optional) + The fully-qualified name of the service account to be used for building the container. build_config.source: |- - (Optional) @@ -25938,7 +28252,7 @@ resources: dependencies. config.environment_size: |- - - (Optional, Cloud Composer 2 only) + (Optional) The environment size controls the performance parameters of the managed Cloud Composer infrastructure that includes the Airflow database. Values for environment size are ENVIRONMENT_SIZE_SMALL, ENVIRONMENT_SIZE_MEDIUM, @@ -25992,7 +28306,7 @@ resources: If unspecified, no network-level access restrictions are applied. config.workloads_config: |- - - (Optional, Cloud Composer 2 only) + (Optional) The Kubernetes workloads configuration for GKE cluster associated with the Cloud Composer environment. create: '- Default is 60 minutes.' @@ -26000,13 +28314,13 @@ resources: - (Optional) CPU request and limit for DAG processor. - dag_processor.float storage_gb: |- - (Optional) - Storage (GB) request and limit for DAG processor. dag_processor.memory_gb: |- - (Optional) Memory (GB) request and limit for DAG processor. + dag_processor.storage_gb: |- + (Optional) + Storage (GB) request and limit for DAG processor. data_retention_config.task_logs_retention_config: |- - (Optional) @@ -26116,8 +28430,14 @@ resources: node_config.composer_internal_ipv4_cidr_block: |- - (Optional, Beta, Cloud Composer 3 only) - At least /20 IPv4 cidr range that will be used by Composer internal components. + /20 IPv4 cidr range that will be used by Composer internal components. Cannot be updated. + node_config.composer_network_attachment: |- + - + (Optional, Beta, Cloud Composer 3 only) + PSC (Private Service Connect) Network entry point. Customers can pre-create the Network Attachment + and point Cloud Composer environment to use. It is possible to share network attachment among many environments, + provided enough IP addresses are available. node_config.disk_size_gb: |- - (Optional, Cloud Composer 1 only) @@ -26303,6 +28623,8 @@ resources: Cloud Composer environments in versions composer-2.1.2-airflow-..* and newer) The configuration for Cloud Data Lineage integration. Structure is documented below. + ? software_config.composer-(([0-9]+)(\.[0-9]+\.[0-9]+(-preview\.[0-9]+)?)?|latest)-airflow-(([0-9]+)((\.[0-9]+)(\.[0-9]+)?)?(-build\.[0-9]+)?) + : 'Example: composer-3-airflow-2.6.3-build.4' software_config.composer-([0-9]+(\.[0-9]+\.[0-9]+(-preview\.[0-9]+)?)?|latest)-airflow-([0-9]+(\.[0-9]+(\.[0-9]+)?)?): |- . The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major @@ -26320,7 +28642,7 @@ resources: AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: software_config.image_version: |- - - (Optional in Cloud Composer 1, required in Cloud Composer 2) + (Required) In Composer 1, use a specific Composer 1 version in this parameter. If omitted, the default is the latest version of Composer 2. software_config.pypi_packages: |- - (Optional) @@ -26340,7 +28662,7 @@ resources: software_config.web_server_plugins_mode: |- - (Optional, Beta, Cloud Composer 3 only) - Web server plugins configuration. Should be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. + Web server plugins configuration. Can be either 'ENABLED' or 'DISABLED'. Defaults to 'ENABLED'. storage_config: |- - (Optional) @@ -26388,9 +28710,6 @@ resources: - (Optional) The number of CPUs for a single Airflow worker. - worker.float storage_gb: |- - (Optional) - The amount of storage (GB) for a single Airflow worker. worker.max_count: |- - (Optional) @@ -26406,6 +28725,9 @@ resources: (Optional) The minimum number of Airflow workers that the environment can run. The number of workers in the environment does not go above this number, even if a lower number of workers can handle the load. + worker.storage_gb: |- + (Optional) + The amount of storage (GB) for a single Airflow worker. workloads_config.dag_processor: |- - (Optional, Beta, Cloud Composer 3 only) @@ -26427,6 +28749,72 @@ resources: (Optional) Configuration for resources used by Airflow workers. importStatements: [] + google_composer_user_workloads_secret: + subCategory: Cloud Composer + description: User workloads Secret used by Airflow tasks that run with Kubernetes Executor or KubernetesPodOperator. + name: google_composer_user_workloads_secret + title: "" + examples: + - name: example + manifest: |- + { + "data": { + "email": "${base64encode(\"example-email\")}", + "password": "${base64encode(\"example-password\")}" + }, + "environment": "${google_composer_environment.example.name}", + "name": "example-secret", + "project": "example-project", + "region": "us-central1" + } + references: + environment: google_composer_environment.example.name + dependencies: + google_composer_environment.example: |- + { + "config": [ + { + "software_config": [ + { + "image_version": "example-image-version" + } + ] + } + ], + "name": "example-environment", + "project": "example-project", + "region": "us-central1" + } + argumentDocs: + data: |- + - + (Optional) + The "data" field of Kubernetes Secret, organized in key-value pairs, + which can contain sensitive values such as a password, a token, or a key. + Content of this field will not be displayed in CLI output, + but it will be stored in terraform state file. To protect sensitive data, + follow the best practices outlined in the HashiCorp documentation: + https://developer.hashicorp.com/terraform/language/state/sensitive-data. + The values for all keys have to be base64-encoded strings. + For details see: https://kubernetes.io/docs/concepts/configuration/secret/ + environment: |- + - + Environment where the Kubernetes Secret will be stored and used. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/environments/{{environment}}/userWorkloadsSecrets/{{name}}' + name: |- + - + (Required) + Name of the Kubernetes Secret. + project: |- + - + (Optional) + The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The location or Compute Engine region for the environment. + importStatements: [] google_compute_address: subCategory: Compute Engine description: Represents an Address resource. @@ -28734,7 +31122,7 @@ resources: - (Required) The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. id: '- an identifier for the resource with format projects/{{project}}/zones/{{zone}}/disks/{{name}}' image: |- - @@ -34901,6 +37289,8 @@ resources: Properties to set on all instances in the group. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. + all_instances_config.current_revision: '- Current all-instances configuration revision. This value is in RFC3339 text format.' + all_instances_config.effective: '- A bit indicating whether this configuration has been applied to all managed instances in the group.' all_instances_config.labels: '- (Optional), The label key-value pairs that you want to patch onto the instance.' all_instances_config.metadata: '- (Optional), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' auto_healing_policies: |- @@ -34918,6 +37308,7 @@ resources: appending a hyphen and a random four-character string to the base instance name. create: '- Default is 15 minutes.' + creation_timestamp: '- Creation timestamp in RFC3339 text format.' delete: '- Default is 15 minutes.' description: |- - (Optional) An optional textual description of the instance @@ -34925,7 +37316,8 @@ resources: fingerprint: '- The fingerprint of the instance group manager.' id: '- an identifier for the resource with format projects/{{project}}/zones/{{zone}}/instanceGroupManagers/{{name}}' instance_group: '- The full URL of the instance group created by the manager.' - instance_lifecycle_policy.force_update_on_repair: '- (Optional, (https://terraform.io/docs/providers/google/guides/provider_versions.html)), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' + instance_lifecycle_policy.default_action_on_failure: '- (Optional), Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired.' + instance_lifecycle_policy.force_update_on_repair: '- (Optional), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' list_managed_instances_results: |- - (Optional) Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: PAGELESS, PAGINATED. @@ -34943,13 +37335,15 @@ resources: for details on configuration. named_port.name: '- (Required) The name of the port.' named_port.port: '- (Required) The port number.' + params: '- (Optional Beta) Input only additional params for instance group manager creation. Structure is documented below. For more information, see API.' + params.resource_manager_tags: '- (Optional) Resource manager tags to bind to the managed instance group. The tags are key-value pairs. Keys must be in the format tagKeys/123 and values in the format tagValues/456. For more information, see Manage tags for resources' per_instance_configs.all_effective: '- A bit indicating if all of the group''s per-instance configs (listed in the output of a listPerInstanceConfigs API call) have status EFFECTIVE or there are no per-instance-configs.' project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. self_link: '- The URL of the created resource.' stateful.has_stateful_config: '- A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.' - stateful.per_instance_configs: '- Status of per-instance configs on the instance.' + stateful.per_instance_configs: '- Status of per-instance configs on the instances.' stateful_disk: '- (Optional) Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation.' stateful_disk.delete_rule: '- (Optional), A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.' stateful_disk.device_name: '- (Required), The device name of the disk to be attached.' @@ -34960,7 +37354,9 @@ resources: stateful_internal_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group.' stateful_internal_ip.interface_name: '- (Required), The network interface name of the internal Ip. Possible value: nic0' status: '- The status of this managed instance group.' + status.all_instances_config: '- Status of all-instances configuration on the group.' status.is_stable: '- A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.' + status.stateful: '- Stateful status of the given Instance Group Manager.' status.version_target: '- A status of consistency of Instances'' versions with their target version specified by version field on Instance Group Manager.' target_pools: |- - (Optional) The full URL of all target pools to which new @@ -34977,7 +37373,7 @@ resources: Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version. update: '- Default is 15 minutes.' - update_policy: '- (Optional) The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API' + update_policy: '- (Optional) The update policy for this managed instance group. Structure is documented below. For more information, see the official documentation and API.' update_policy.max_surge_fixed: '- (Optional), The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. If neither is set, defaults to 1' update_policy.max_surge_percent: '- (Optional), The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed.' update_policy.max_unavailable_fixed: '- (Optional), The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. If neither is set, defaults to 1' @@ -34994,7 +37390,6 @@ resources: version.instance_template: '- (Required) - The full URL to an instance template from which all new instances of this version will be created. It is recommended to reference instance templates through their unique id (self_link_unique attribute).' version.name: '- (Required) - Version name.' version.target_size: '- (Optional) - The number of instances calculated as a fixed number or a percentage depending on the settings. Structure is documented below.' - version_target.stateful: '- Stateful status of the given Instance Group Manager.' version_target.version_target: '- A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances'' target version are specified by version field on Instance Group Manager.' wait_for_instances: |- - (Optional) Whether to wait for all instances to be created/updated before @@ -35257,11 +37652,8 @@ resources: } } ], - "provider": "${google-beta}", "zone": "us-east7-b" } - references: - provider: google-beta argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' @@ -35858,6 +38250,10 @@ resources: - IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment. + cloud_router_ipv6_address: |- + - + IPv6 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. create: '- Default is 20 minutes.' creation_timestamp: |- - @@ -35866,6 +38262,10 @@ resources: - IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment. + customer_router_ipv6_address: |- + - + IPv6 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. delete: '- Default is 20 minutes.' description: |- - @@ -39024,7 +41424,7 @@ resources: For example, specify 80 for 80%. metric.filter: |- - - (Optional, Beta) + (Optional) A filter string to be used as the filter string for a Stackdriver Monitoring TimeSeries.list API call. This filter is used to select a specific TimeSeries for @@ -39060,7 +41460,7 @@ resources: The metric must have a value type of INT64 or DOUBLE. metric.single_instance_assignment: |- - - (Optional, Beta) + (Optional) If scaling is based on a per-group metric value that represents the total amount of work to be done or resource usage, set this value to an amount assigned for a single instance of the scaled group. @@ -39920,6 +42320,9 @@ resources: - Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. + generated_id: |- + - + The unique identifier for the resource. This identifier is defined by the server. health_checks: |- - (Optional) @@ -41396,6 +43799,8 @@ resources: Properties to set on all instances in the group. After setting allInstancesConfig on the group, you must update the group's instances to apply the configuration. + all_instances_config.current_revision: '- Current all-instances configuration revision. This value is in RFC3339 text format.' + all_instances_config.effective: '- A bit indicating whether this configuration has been applied to all managed instances in the group.' all_instances_config.labels: '- (Optional), The label key-value pairs that you want to patch onto the instance.' all_instances_config.metadata: '- (Optional), The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata.' auto_healing_policies: |- @@ -41413,6 +43818,7 @@ resources: appending a hyphen and a random four-character string to the base instance name. create: '- Default is 15 minutes.' + creation_timestamp: '- Creation timestamp in RFC3339 text format.' delete: '- Default is 15 minutes.' description: |- - (Optional) An optional textual description of the instance @@ -41424,7 +43830,8 @@ resources: fingerprint: '- The fingerprint of the instance group manager.' id: '- an identifier for the resource with format projects/{{project}}/regions/{{region}}/instanceGroupManagers/{{name}}' instance_group: '- The full URL of the instance group created by the manager.' - instance_lifecycle_policy.force_update_on_repair: '- (Optional, (https://terraform.io/docs/providers/google/guides/provider_versions.html)), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' + instance_lifecycle_policy.default_action_on_failure: '- (Optional), Default behavior for all instance or health check failures. Valid options are: REPAIR, DO_NOTHING. If DO_NOTHING then instances will not be repaired. If REPAIR (default), then failed instances will be repaired.' + instance_lifecycle_policy.force_update_on_repair: '- (Optional), Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group''s update policy type.' list_managed_instances_results: |- - (Optional) Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: PAGELESS, PAGINATED. @@ -41442,6 +43849,8 @@ resources: for details on configuration. named_port.name: '- (Required) The name of the port.' named_port.port: '- (Required) The port number.' + params: '- (Optional Beta) Input only additional params for instance group manager creation. Structure is documented below. For more information, see API.' + params.resource_manager_tags: '- (Optional) Resource manager tags to bind to the managed instance group. The tags are key-value pairs. Keys must be in the format tagKeys/123 and values in the format tagValues/456. For more information, see Manage tags for resources' per_instance_configs.all_effective: '- A bit indicating if all of the group''s per-instance configs (listed in the output of a listPerInstanceConfigs API call) have status EFFECTIVE or there are no per-instance-configs.' project: |- - (Optional) The ID of the project in which the resource belongs. If it @@ -41449,7 +43858,7 @@ resources: region: '- (Optional) The region where the managed instance group resides. If not provided, the provider region is used.' self_link: '- The URL of the created resource.' stateful.has_stateful_config: '- A bit indicating whether the managed instance group has stateful configuration, that is, if you have configured any items in a stateful policy or in per-instance configs. The group might report that it has no stateful config even when there is still some preserved state on a managed instance, for example, if you have deleted all PICs but not yet applied those deletions.' - stateful.per_instance_configs: '- Status of per-instance configs on the instance.' + stateful.per_instance_configs: '- Status of per-instance configs on the instances.' stateful_disk: '- (Optional) Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.' stateful_disk.delete_rule: '- (Optional), A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.' stateful_disk.device_name: '- (Required), The device name of the disk to be attached.' @@ -41459,7 +43868,9 @@ resources: stateful_internal_ip: '- (Optional) Internal network IPs assigned to the instances that will be preserved on instance delete, update, etc. This map is keyed with the network interface name. Structure is documented below.' stateful_internal_ip.delete_rule: '- (Optional), A value that prescribes what should happen to the internal ip when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the ip when the VM is deleted, but do not delete the ip. ON_PERMANENT_INSTANCE_DELETION will delete the internal ip when the VM is permanently deleted from the instance group.' stateful_internal_ip.interface_name: '- (Required), The network interface name of the internal Ip. Possible value: nic0.' + status.all_instances_config: '- Status of all-instances configuration on the group.' status.is_stable: '- A bit indicating whether the managed instance group is in a stable state. A stable state means that: none of the instances in the managed instance group is currently undergoing any type of change (for example, creation, restart, or deletion); no future changes are scheduled for instances in the managed instance group; and the managed instance group itself is not being modified.' + status.stateful: '- Stateful status of the given Instance Group Manager.' status.version_target: '- A status of consistency of Instances'' versions with their target version specified by version field on Instance Group Manager.' target_pools: |- - (Optional) The full URL of all target pools to which new @@ -41494,7 +43905,6 @@ resources: version.instance_template: '- (Required) - The full URL to an instance template from which all new instances of this version will be created.' version.name: '- (Required) - Version name.' version.target_size: '- (Optional) - The number of instances calculated as a fixed number or a percentage depending on the settings. Structure is documented below.' - version_target.stateful: '- Stateful status of the given Instance Group Manager.' version_target.version_target: '- A bit indicating whether version target has been reached in this managed instance group, i.e. all instances are in their target version. Instances'' target version are specified by version field on Instance Group Manager.' wait_for_instances: |- - (Optional) Whether to wait for all instances to be created/updated before @@ -42231,6 +44641,16 @@ resources: "name": "hello-world.zip", "source": "./test-fixtures/hello-world.zip" } + - name: appengine_neg + manifest: |- + { + "app_engine": [ + {} + ], + "name": "appengine-neg", + "network_endpoint_type": "SERVERLESS", + "region": "us-central1" + } - name: psc_neg manifest: |- { @@ -43845,6 +46265,125 @@ resources: ], "region": "us-central1" } + - name: default + manifest: |- + { + "name": "test-mtls-proxy", + "provider": "${google-beta}", + "region": "us-central1", + "server_tls_policy": "${google_network_security_server_tls_policy.default.id}", + "ssl_certificates": [ + "${google_compute_region_ssl_certificate.default.id}" + ], + "url_map": "${google_compute_region_url_map.default.id}" + } + references: + provider: google-beta + server_tls_policy: google_network_security_server_tls_policy.default.id + url_map: google_compute_region_url_map.default.id + dependencies: + google_certificate_manager_trust_config.default: |- + { + "description": "sample description for trust config", + "labels": { + "foo": "bar" + }, + "location": "us-central1", + "name": "my-trust-config", + "provider": "${google-beta}", + "trust_stores": [ + { + "intermediate_cas": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ], + "trust_anchors": [ + { + "pem_certificate": "${file(\"test-fixtures/ca_cert.pem\")}" + } + ] + } + ] + } + google_compute_region_backend_service.default: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "INTERNAL_MANAGED", + "name": "backend-service", + "port_name": "http", + "protocol": "HTTP", + "provider": "${google-beta}", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_health_check.default: |- + { + "check_interval_sec": 1, + "http_health_check": [ + { + "port": 80 + } + ], + "name": "http-health-check", + "provider": "${google-beta}", + "region": "us-central1", + "timeout_sec": 1 + } + google_compute_region_ssl_certificate.default: |- + { + "certificate": "${file(\"path/to/certificate.crt\")}", + "name": "my-certificate", + "private_key": "${file(\"path/to/private.key\")}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_compute_region_url_map.default: |- + { + "default_service": "${google_compute_region_backend_service.default.id}", + "description": "a description", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "allpaths" + } + ], + "name": "url-map", + "path_matcher": [ + { + "default_service": "${google_compute_region_backend_service.default.id}", + "name": "allpaths", + "path_rule": [ + { + "paths": [ + "/*" + ], + "service": "${google_compute_region_backend_service.default.id}" + } + ] + } + ], + "provider": "${google-beta}", + "region": "us-central1" + } + google_network_security_server_tls_policy.default: |- + { + "allow_open": "false", + "description": "my description", + "location": "us-central1", + "mtls_policy": [ + { + "client_validation_mode": "REJECT_INVALID", + "client_validation_trust_config": "projects/${data.google_project.project.number}/locations/us-central1/trustConfigs/${google_certificate_manager_trust_config.default.name}" + } + ], + "name": "my-tls-policy", + "provider": "${google-beta}" + } - name: default manifest: |- { @@ -43922,6 +46461,18 @@ resources: The Region in which the created target https proxy should reside. If it is not provided, the provider region is used. self_link: '- The URI of the created resource.' + server_tls_policy: |- + - + (Optional) + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. ssl_certificates: |- - (Optional) @@ -45380,6 +47931,111 @@ resources: ], "validity_period_hours": 12 } + - name: urlmap + manifest: |- + { + "default_service": "${google_compute_region_backend_service.home-backend.id}", + "description": "a description", + "host_rule": [ + { + "hosts": [ + "mysite.com" + ], + "path_matcher": "mysite" + } + ], + "name": "urlmap", + "path_matcher": [ + { + "default_service": "${google_compute_region_backend_service.home-backend.id}", + "name": "mysite", + "route_rules": [ + { + "match_rules": [ + { + "path_template_match": "/xyzwebservices/v2/xyz/users/{username=*}/carts/{cartid=**}" + } + ], + "priority": 1, + "route_action": [ + { + "url_rewrite": [ + { + "path_template_rewrite": "/{username}-{cartid}/" + } + ] + } + ], + "service": "${google_compute_region_backend_service.cart-backend.id}" + }, + { + "match_rules": [ + { + "path_template_match": "/xyzwebservices/v2/xyz/users/*/accountinfo/*" + } + ], + "priority": 2, + "service": "${google_compute_region_backend_service.user-backend.id}" + } + ] + } + ], + "region": "us-central1" + } + references: + default_service: google_compute_region_backend_service.home-backend.id + path_matcher.default_service: google_compute_region_backend_service.home-backend.id + path_matcher.route_rules.service: google_compute_region_backend_service.user-backend.id + dependencies: + google_compute_region_backend_service.cart-backend: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "EXTERNAL_MANAGED", + "name": "cart-service", + "port_name": "http", + "protocol": "HTTP", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_backend_service.home-backend: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "EXTERNAL_MANAGED", + "name": "home-service", + "port_name": "http", + "protocol": "HTTP", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_backend_service.user-backend: |- + { + "health_checks": [ + "${google_compute_region_health_check.default.id}" + ], + "load_balancing_scheme": "EXTERNAL_MANAGED", + "name": "user-service", + "port_name": "http", + "protocol": "HTTP", + "region": "us-central1", + "timeout_sec": 10 + } + google_compute_region_health_check.default: |- + { + "check_interval_sec": 1, + "http_health_check": [ + { + "port": 80, + "request_path": "/" + } + ], + "name": "health-check", + "region": "us-central1", + "timeout_sec": 1 + } argumentDocs: MATCH_ALL: ', MATCH_ANY.' abort.http_status: |- @@ -45733,6 +48389,17 @@ resources: UrlMap. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below. + match_rules.path_template_match: |- + - + (Optional) + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. match_rules.prefix_match: |- - (Optional) @@ -46152,6 +48819,20 @@ resources: Prior to forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. + url_rewrite.path_template_rewrite: |- + - + (Optional) + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. weighted_backend_services.backend_service: |- - (Required) @@ -47042,6 +49723,14 @@ resources: private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN. + bgp.identifier_range: |- + - + (Optional, Beta) + Explicitly specifies a range of valid BGP Identifiers for this Router. + It is provided as a link-local IPv4 range (from 169.254.0.0/16), of + size at least /30, even if the BGP sessions are over IPv6. It must + not overlap with any IPv4 BGP session ranges. Other vendors commonly + call this router ID. bgp.keepalive_interval: |- - (Optional) @@ -47118,6 +49807,9 @@ resources: ip_range: |- - (Optional) IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created. + ip_version: |- + - (Optional, Beta) + IP version of this interface. Can be either IPV4 or IPV6. name: |- - (Required) A unique name for the interface, required by GCE. Changing this forces a new interface to be created. @@ -47443,6 +50135,13 @@ resources: (Optional) Enable endpoint independent mapping. For more information see the official documentation. + endpoint_types: |- + - + (Optional) + Specifies the endpoint Types supported by the NAT Gateway. + Supported values include: + ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + ENDPOINT_TYPE_MANAGED_PROXY_LB. icmp_idle_timeout_sec: |- - (Optional) @@ -47765,6 +50464,27 @@ resources: "location": "${google_compute_subnetwork.subnetwork.region}", "name": "my-router-spoke" } + - name: foobar + manifest: |- + { + "advertised_route_priority": 100, + "interface": "${google_compute_router_interface.foobar.name}", + "md5_authentication_key": [ + { + "key": "%s-peer-key-value", + "name": "%s-peer-key" + } + ], + "name": "%s-peer", + "peer_asn": 65515, + "peer_ip_address": "169.254.3.2", + "region": "${google_compute_router.foobar.region}", + "router": "${google_compute_router.foobar.name}" + } + references: + interface: google_compute_router_interface.foobar.name + region: google_compute_router.foobar.region + router: google_compute_router.foobar.name argumentDocs: ALL_SUBNETS: |- : Advertises all of the router's own VPC subnets. @@ -47865,6 +50585,10 @@ resources: with the peer is terminated and all associated routing information is removed. If set to true, the peer connection can be established with routing information. The default is true. + enable_ipv4: |- + - + (Optional, Beta) + Enable IPv4 traffic over BGP Peer. It is enabled by default if the peerIpAddress is version 4. enable_ipv6: |- - (Optional) @@ -47879,6 +50603,10 @@ resources: (Optional) IP address of the interface inside Google Cloud Platform. Only IPv4 is supported. + ipv4_nexthop_address: |- + - + (Optional, Beta) + IPv4 address of the interface inside Google Cloud Platform. ipv6_nexthop_address: |- - (Optional) @@ -47889,6 +50617,17 @@ resources: management_type: |- - The resource that configures and manages this BGP peer. + md5_authentication_key: |- + - (Optional) Configuration for MD5 authentication on the BGP session. + Structure is documented below. + md5_authentication_key.key: |- + - + (Required, Input Only) + The MD5 authentication key for this BGP peer. Maximum length is 80 characters. Can only contain printable ASCII characters + md5_authentication_key.name: |- + - + (Required) + Name used to identify the key. Must be unique within a router. Must comply with RFC1035. name: |- - (Required) @@ -47908,6 +50647,10 @@ resources: (Optional) IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported. Required if ip_address is set. + peer_ipv4_nexthop_address: |- + - + (Optional, Beta) + IPv4 address of the BGP interface outside Google Cloud Platform. peer_ipv6_nexthop_address: |- - (Optional) @@ -48208,8 +50951,8 @@ resources: preconfigured_waf_config.exclusion: '- (Optional) An exclusion to apply during preconfigured WAF evaluation. Structure is documented below.' preconfigured_waf_config.exclusion.request_cookie: '- (Optional) Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.' preconfigured_waf_config.exclusion.request_header: '- (Optional) Request header whose value will be excluded from inspection during preconfigured WAF evaluation. Structure is documented below.' - preconfigured_waf_config.exclusion.request_query_param: '- (Optional) Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.' - preconfigured_waf_config.exclusion.request_uri: '- (Optional) Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.' + preconfigured_waf_config.exclusion.request_query_param: '- (Optional) Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body. Structure is documented below.' + preconfigured_waf_config.exclusion.request_uri: '- (Optional) Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded. Structure is documented below.' preconfigured_waf_config.exclusion.target_rule_ids: '- (Optional) A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. If omitted, it refers to all the rule IDs under the WAF rule set.' preconfigured_waf_config.exclusion.target_rule_set: '- (Required) Target WAF rule set to apply the preconfigured WAF exclusion.' project: |- @@ -48269,6 +51012,326 @@ resources: throttle: ': limit client traffic to the configured threshold. Configure parameters for this action in rate_limit_options. Requires rate_limit_options to be set for this.' type: '- The type indicates the intended use of the security policy. This field can be set only at resource creation time.' importStatements: [] + google_compute_security_policy_rule: + subCategory: Compute Engine + description: A rule for the SecurityPolicy. + name: google_compute_security_policy_rule + title: "" + examples: + - name: policy_rule + manifest: |- + { + "action": "allow", + "description": "new rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "security_policy": "${google_compute_security_policy.default.name}" + } + references: + security_policy: google_compute_security_policy.default.name + dependencies: + google_compute_security_policy.default: |- + { + "description": "basic global security policy", + "name": "policyruletest", + "type": "CLOUD_ARMOR" + } + - name: default_rule + manifest: |- + { + "action": "allow", + "description": "default rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "*" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "priority": "2147483647", + "security_policy": "${google_compute_security_policy.default.name}" + } + references: + security_policy: google_compute_security_policy.default.name + dependencies: + google_compute_security_policy.default: |- + { + "description": "basic global security policy", + "name": "policyruletest", + "type": "CLOUD_ARMOR" + } + - name: policy_rule + manifest: |- + { + "action": "allow", + "description": "new rule", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "security_policy": "${google_compute_security_policy.default.name}" + } + references: + security_policy: google_compute_security_policy.default.name + dependencies: + google_compute_security_policy.default: |- + { + "description": "basic global security policy", + "name": "policyruletest", + "type": "CLOUD_ARMOR" + } + - name: policy_rule_one + manifest: |- + { + "action": "allow", + "description": "new rule one", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "10.10.0.0/16" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 100, + "security_policy": "${google_compute_security_policy.default.name}" + } + references: + security_policy: google_compute_security_policy.default.name + dependencies: + google_compute_security_policy.default: |- + { + "description": "basic global security policy", + "name": "policywithmultiplerules", + "type": "CLOUD_ARMOR" + } + - name: policy_rule_two + manifest: |- + { + "action": "allow", + "description": "new rule two", + "match": [ + { + "config": [ + { + "src_ip_ranges": [ + "192.168.0.0/16", + "10.0.0.0/8" + ] + } + ], + "versioned_expr": "SRC_IPS_V1" + } + ], + "preview": true, + "priority": 101, + "security_policy": "${google_compute_security_policy.default.name}" + } + references: + security_policy: google_compute_security_policy.default.name + dependencies: + google_compute_security_policy.default: |- + { + "description": "basic global security policy", + "name": "policywithmultiplerules", + "type": "CLOUD_ARMOR" + } + argumentDocs: + action: |- + - + (Required) + The Action to perform when the rule is matched. The following are the valid actions: + config.src_ip_ranges: |- + - + (Optional) + CIDR IP address range. Maximum number of srcIpRanges allowed is 10. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + An optional description of this resource. Provide this property when you create the resource. + expr.expression: |- + - + (Required) + Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported. + id: '- an identifier for the resource with format projects/{{project}}/global/securityPolicies/{{security_policy}}/priority/{{priority}}' + match: |- + - + (Optional) + A match condition that incoming traffic is evaluated against. + If it evaluates to true, the corresponding 'action' is enforced. + Structure is documented below. + match.config: |- + - + (Optional) + The configuration options available when specifying versionedExpr. + This field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified. + Structure is documented below. + match.expr: |- + - + (Optional) + User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header. + Structure is documented below. + match.versioned_expr: |- + - + (Optional) + Preconfigured versioned expression. If this field is specified, config must also be specified. + Available preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. + Possible values are: SRC_IPS_V1. + preconfigured_waf_config: |- + - + (Optional) + Preconfigured WAF configuration to be applied for the rule. + If the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect. + Structure is documented below. + preconfigured_waf_config.exclusion: |- + - + (Optional) + An exclusion to apply during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_cookie: |- + - + (Optional) + Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_header: |- + - + (Optional) + Request header whose value will be excluded from inspection during preconfigured WAF evaluation. + Structure is documented below. + preconfigured_waf_config.exclusion.request_query_param: |- + - + (Optional) + Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. + Note that the parameter can be in the query string or in the POST body. + Structure is documented below. + preconfigured_waf_config.exclusion.request_uri: |- + - + (Optional) + Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. + When specifying this field, the query or fragment part should be excluded. + Structure is documented below. + preconfigured_waf_config.exclusion.target_rule_ids: |- + - + (Optional) + A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion. + If omitted, it refers to all the rule IDs under the WAF rule set. + preconfigured_waf_config.exclusion.target_rule_set: |- + - + (Required) + Target WAF rule set to apply the preconfigured WAF exclusion. + preview: |- + - + (Optional) + If set to true, the specified action is not enforced. + priority: |- + - + (Required) + An integer indicating the priority of a rule in the list. + The priority must be a positive value between 0 and 2147483647. + Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + request_cookie.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + request_cookie.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_header.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + request_header.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_query_param.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + request_query_param.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + request_uri.operator: |- + - + (Required) + You can specify an exact match or a partial match by using a field operator and a field value. + Available options: + EQUALS: The operator matches if the field value equals the specified value. + STARTS_WITH: The operator matches if the field value starts with the specified value. + ENDS_WITH: The operator matches if the field value ends with the specified value. + CONTAINS: The operator matches if the field value contains the specified value. + EQUALS_ANY: The operator matches if the field value is any value. + request_uri.value: |- + - + (Optional) + A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation. + The field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY. + security_policy: |- + - + (Required) + The name of the security policy this rule belongs to. + update: '- Default is 20 minutes.' + importStatements: [] google_compute_service_attachment: subCategory: Compute Engine description: Represents a ServiceAttachment resource. @@ -48453,6 +51516,107 @@ resources: "network": "${google_compute_network.psc_ilb_network.id}", "region": "us-west2" } + - name: psc_ilb_service_attachment + manifest: |- + { + "connection_preference": "ACCEPT_MANUAL", + "consumer_accept_lists": [ + { + "connection_limit": 1, + "network_url": "${google_compute_network.psc_ilb_consumer_network.self_link}" + } + ], + "description": "A service attachment configured with Terraform", + "enable_proxy_protocol": false, + "name": "my-psc-ilb", + "nat_subnets": [ + "${google_compute_subnetwork.psc_ilb_nat.id}" + ], + "region": "us-west2", + "target_service": "${google_compute_forwarding_rule.psc_ilb_target_service.id}" + } + references: + consumer_accept_lists.network_url: google_compute_network.psc_ilb_consumer_network.self_link + target_service: google_compute_forwarding_rule.psc_ilb_target_service.id + dependencies: + google_compute_address.psc_ilb_consumer_address: |- + { + "address_type": "INTERNAL", + "name": "psc-ilb-consumer-address", + "region": "us-west2", + "subnetwork": "${google_compute_subnetwork.psc_ilb_consumer_subnetwork.id}" + } + google_compute_forwarding_rule.psc_ilb_consumer: |- + { + "ip_address": "${google_compute_address.psc_ilb_consumer_address.id}", + "load_balancing_scheme": "", + "name": "psc-ilb-consumer-forwarding-rule", + "network": "${google_compute_network.psc_ilb_consumer_network.id}", + "region": "us-west2", + "subnetwork": "${google_compute_subnetwork.psc_ilb_consumer_subnetwork.id}", + "target": "${google_compute_service_attachment.psc_ilb_service_attachment.id}" + } + google_compute_forwarding_rule.psc_ilb_target_service: |- + { + "all_ports": true, + "backend_service": "${google_compute_region_backend_service.producer_service_backend.id}", + "load_balancing_scheme": "INTERNAL", + "name": "producer-forwarding-rule", + "network": "${google_compute_network.psc_ilb_network.name}", + "region": "us-west2", + "subnetwork": "${google_compute_subnetwork.psc_ilb_producer_subnetwork.name}" + } + google_compute_health_check.producer_service_health_check: |- + { + "check_interval_sec": 1, + "name": "producer-service-health-check", + "tcp_health_check": [ + { + "port": "80" + } + ], + "timeout_sec": 1 + } + google_compute_network.psc_ilb_consumer_network: |- + { + "auto_create_subnetworks": false, + "name": "psc-ilb-consumer-network" + } + google_compute_network.psc_ilb_network: |- + { + "auto_create_subnetworks": false, + "name": "psc-ilb-network" + } + google_compute_region_backend_service.producer_service_backend: |- + { + "health_checks": [ + "${google_compute_health_check.producer_service_health_check.id}" + ], + "name": "producer-service", + "region": "us-west2" + } + google_compute_subnetwork.psc_ilb_consumer_subnetwork: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "psc-ilb-consumer-network", + "network": "${google_compute_network.psc_ilb_consumer_network.id}", + "region": "us-west2" + } + google_compute_subnetwork.psc_ilb_nat: |- + { + "ip_cidr_range": "10.1.0.0/16", + "name": "psc-ilb-nat", + "network": "${google_compute_network.psc_ilb_network.id}", + "purpose": "PRIVATE_SERVICE_CONNECT", + "region": "us-west2" + } + google_compute_subnetwork.psc_ilb_producer_subnetwork: |- + { + "ip_cidr_range": "10.0.0.0/16", + "name": "psc-ilb-producer-subnetwork", + "network": "${google_compute_network.psc_ilb_network.id}", + "region": "us-west2" + } - name: psc_ilb_service_attachment manifest: |- { @@ -48563,10 +51727,16 @@ resources: (Required) The number of consumer forwarding rules the consumer project can create. + consumer_accept_lists.network_url: |- + - + (Optional) + The network that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. consumer_accept_lists.project_id_or_num: |- - - (Required) + (Optional) A project that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. consumer_reject_lists: |- - (Optional) @@ -55468,6 +58638,7 @@ resources: '"GPU_DRIVER_VERSION_UNSPECIFIED"': ': Default value is to not install any GPU driver.' '"INSTALLATION_DISABLED"': ': Disable GPU driver auto installation and needs manual installation.' '"LATEST"': ': "Latest" GPU driver in COS.' + '"MPS"': ': Enable co-operative multi-process CUDA workloads to run concurrently on a single GPU device with MPS' '"NO_RESERVATION"': ': Do not consume from any reserved capacity.' '"SPECIFIC_RESERVATION"': ': Must consume from a specific reservation. Must specify key value fields for specifying the reservations.' '"TIME_SHARING"': ': Allow multiple containers to have time-shared access to a single GPU device.' @@ -55527,6 +58698,10 @@ resources: otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable. + addons_config.stateful_ha_config: |- + - (Optional). + The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + It is disabled by default for Standard clusters. Set enabled = true to enable. advanced_datapath_observability_config.enable_metrics: '- (Required) Whether or not to enable advanced datapath metrics.' advanced_datapath_observability_config.enable_relay: '- (Optional) Whether or not Relay is enabled.' advanced_datapath_observability_config.relay_mode: '- (Optional) Mode used to make Relay available.' @@ -55580,7 +58755,7 @@ resources: GKE Autopilot clusters. Structure is documented below. cluster_autoscaling.autoscaling_profile: |- - - (Optional, Beta) Configuration + - (Optional) Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED. @@ -55648,6 +58823,9 @@ resources: Note that when this option is enabled, certain features of Standard GKE are not available. See the official documentation for available features. + enable_cilium_clusterwide_network_policy: |- + - (Optional) + Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false. enable_fqdn_network_policy: |- - (Optional, Beta) Whether FQDN Network Policy is enabled on this cluster. Users who enable this feature for existing Standard clusters must restart the GKE Dataplane V2 anetd DaemonSet after enabling it. See the Enable FQDN Network Policy in an existing cluster for more information. @@ -55663,7 +58841,7 @@ resources: this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. enable_l4_ilb_subsetting: |- - - (Optional, Beta) + - (Optional) Whether L4ILB Subsetting is enabled for this cluster. enable_legacy_abac: |- - (Optional) Whether the ABAC authorizer is enabled for this cluster. @@ -55896,6 +59074,7 @@ resources: feature. Structure is documented below. network_policy.enabled: '- (Required) Whether network policy is enabled on the cluster.' network_policy.provider: '- (Optional) The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED.' + network_tags.tags: (Optional) - List of network tags applied to auto-provisioned node pools. networking_mode: |- - (Optional) Determines whether alias IPs or routes will be used for pod IPs in the cluster. Options are VPC_NATIVE or ROUTES. VPC_NATIVE enables IP aliasing. Newly created clusters will default to VPC_NATIVE. @@ -55994,6 +59173,7 @@ resources: node_config.sandbox_config: |- - (Optional, Beta) GKE Sandbox configuration. When enabling this feature you must specify image_type = "COS_CONTAINERD" and node_version = "1.12.7-gke.17" or later to use it. Structure is documented below. + node_config.secondary_boot_disks: '- (Optional) Parameters for secondary boot disks to preload container images and data on new nodes. Structure is documented below. gcfs_config must be enabled=true for this feature to work. min_master_version must also be set to use GKE 1.28.3-gke.106700 or later versions.' node_config.service_account: |- - (Optional) The service account to be used by the Node VMs. If not specified, the "default" service account is used. @@ -56034,7 +59214,7 @@ resources: autopilot clusters and node auto-provisioning-enabled clusters. Structure is documented below. node_pool_auto_config.network_tags: (Optional) - The network tag config for the cluster's automatically provisioned node pools. - node_pool_auto_config.network_tags.tags: (Optional) - List of network tags applied to auto-provisioned node pools. + node_pool_auto_config.resource_manager_tags: '- (Optional) A map of resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Tags must be according to specifications found here. A maximum of 5 tag key-value pairs can be specified. Existing tags will be replaced with new values. Tags must be in one of the following formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}.' node_pool_defaults: '- (Optional) Default NodePool settings for the entire cluster. These settings are overridden if specified on the specific NodePool object. Structure is documented below.' node_pool_defaults.node_config_defaults: (Optional) - Subset of NodeConfig message that has defaults. node_pool_defaults.node_config_defaults.gcfs_config: (Optional, Beta) The default Google Container Filesystem (GCFS) configuration at the cluster level. e.g. enable image streaming across all the node pools within the cluster. Structure is documented below. @@ -56155,6 +59335,8 @@ resources: sandbox_config.sandbox_type: |- (Required) Which sandbox to use for pods in the node pool. Accepted values are: + secondary_boot_disks.disk_image: (Required) - Path to disk image to create the secondary boot disk from. After using the gke-disk-image-builder, this argument should be global/images/DISK_IMAGE_NAME. + secondary_boot_disks.mode: (Optional) - Mode for how the secondary boot disk is used. An example mode is CONTAINER_IMAGE_CACHE. security_posture_config: |- - (Optional) Enable/Disable Security Posture API features for the cluster. Structure is documented below. @@ -56210,947 +59392,1836 @@ resources: (Required) How to expose the node metadata to the workload running on the node. Accepted values are: importStatements: [] - google_container_node_pool: - subCategory: Kubernetes (Container) Engine - description: Manages a GKE NodePool resource. - name: google_container_node_pool + google_container_node_pool: + subCategory: Kubernetes (Container) Engine + description: Manages a GKE NodePool resource. + name: google_container_node_pool + title: "" + examples: + - name: primary_preemptible_nodes + manifest: |- + { + "cluster": "${google_container_cluster.primary.id}", + "name": "my-node-pool", + "node_config": [ + { + "machine_type": "e2-medium", + "oauth_scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "preemptible": true, + "service_account": "${google_service_account.default.email}" + } + ], + "node_count": 1 + } + references: + cluster: google_container_cluster.primary.id + node_config.service_account: google_service_account.default.email + dependencies: + google_container_cluster.primary: |- + { + "initial_node_count": 1, + "location": "us-central1", + "name": "my-gke-cluster", + "remove_default_node_pool": true + } + google_service_account.default: |- + { + "account_id": "service-account-id", + "display_name": "Service Account" + } + - name: np + manifest: |- + { + "cluster": "${google_container_cluster.primary.id}", + "name": "my-node-pool", + "node_config": [ + { + "machine_type": "e2-medium", + "oauth_scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "service_account": "${google_service_account.default.email}" + } + ], + "timeouts": [ + { + "create": "30m", + "update": "20m" + } + ] + } + references: + cluster: google_container_cluster.primary.id + node_config.service_account: google_service_account.default.email + dependencies: + google_container_cluster.primary: |- + { + "initial_node_count": 3, + "location": "us-central1-a", + "name": "marcellus-wallace", + "node_config": [ + { + "guest_accelerator": [ + { + "count": 1, + "type": "nvidia-tesla-k80" + } + ], + "oauth_scopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "service_account": "${google_service_account.default.email}" + } + ], + "node_locations": [ + "us-central1-c" + ] + } + google_service_account.default: |- + { + "account_id": "service-account-id", + "display_name": "Service Account" + } + argumentDocs: + additional_node_network_configs.network: '- Name of the VPC where the additional interface belongs.' + additional_node_network_configs.subnetwork: '- Name of the subnetwork where the additional interface belongs.' + additional_pod_network_configs.max_pods_per_node: '- The maximum number of pods per node which use this pod network.' + additional_pod_network_configs.secondary_pod_range: '- The name of the secondary range on the subnet which provides IP address for this pod range.' + additional_pod_network_configs.subnetwork: '- Name of the subnetwork where the additional pod network belongs.' + autoscaling: |- + - (Optional) Configuration required by cluster autoscaler to adjust + the size of the node pool to the current cluster usage. Structure is documented below. + autoscaling.location_policy: |- + - (Optional) Location policy specifies the algorithm used when + scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters. + autoscaling.max_node_count: |- + - (Optional) Maximum number of nodes per zone in the NodePool. + Must be >= min_node_count. Cannot be used with total limits. + autoscaling.min_node_count: |- + - (Optional) Minimum number of nodes per zone in the NodePool. + Must be >=0 and <= max_node_count. Cannot be used with total limits. + autoscaling.total_max_node_count: |- + - (Optional) Total maximum number of nodes in the NodePool. + Must be >= total_min_node_count. Cannot be used with per zone limits. + Total size limits are supported only in 1.24.1+ clusters. + autoscaling.total_min_node_count: |- + - (Optional) Total minimum number of nodes in the NodePool. + Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits. + Total size limits are supported only in 1.24.1+ clusters. + batch_node_count: '- (Optional) Number of blue nodes to drain in a batch.' + batch_percentage: '- (Optional) Percentage of the blue pool nodes to drain in a batch.' + batch_soak_duration: '- (Optionial) Soak time after each batch gets drained.' + blue_green_settings.node_pool_soak_duration: |- + - (Optional) Time needed after draining the entire blue pool. + After this period, the blue pool will be cleaned up. + blue_green_settings.standard_rollout_policy: '- (Required) Specifies the standard policy settings for blue-green upgrades.' + cluster: '- (Required) The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster.' + confidential_nodes: '- (Optional) Configuration for Confidential Nodes feature. Structure is documented below.' + confidential_nodes.enabled: |- + (Required) - Enable Confidential GKE Nodes for this cluster, to + enforce encryption of data in-use. + create: '- (Default 30 minutes) Used for adding node pools' + delete: '- (Default 30 minutes) Used for removing node pools.' + id: '- an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}}' + initial_node_count: |- + - (Optional) The initial number of nodes for the pool. In + regional or multi-zonal clusters, this is the number of nodes per zone. Changing + this will force recreation of the resource. WARNING: Resizing your node pool manually + may change this value in your existing cluster, which will trigger destruction + and recreation on the next Terraform run (to rectify the discrepancy). If you don't + need this value, don't set it. If you do need it, you can use a lifecycle block to + ignore subsequent changes to this field. + instance_group_urls: '- The resource URLs of the managed instance groups associated with this node pool.' + location: '- (Optional) The location (region or zone) of the cluster.' + managed_instance_group_urls: '- List of instance group URLs which have been assigned to this node pool.' + management: |- + - (Optional) Node management configuration, wherein auto-repair and + auto-upgrade is configured. Structure is documented below. + management.auto_repair: '- (Optional) Whether the nodes will be automatically repaired. Enabled by default.' + management.auto_upgrade: '- (Optional) Whether the nodes will be automatically upgraded. Enabled by default.' + max_pods_per_node: |- + - (Optional) The maximum number of pods per node in this node pool. + Note that this does not work on node pools which are "route-based" - that is, node + pools belonging to clusters that do not have IP Aliasing enabled. + See the official documentation + for more information. + name: |- + - (Optional) The name of the node pool. If left blank, Terraform will + auto-generate a unique name. + name_prefix: |- + - (Optional) Creates a unique name for the node pool beginning + with the specified prefix. Conflicts with name. + network_config: |- + - (Optional) The network configuration of the pool. Such as + configuration for Adding Pod IP address ranges) to the node pool. Or enabling private nodes. Structure is + documented below + network_config.additional_node_network_configs: |- + - (Optional, Beta) We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface. + Structure is documented below + network_config.additional_pod_network_configs: |- + - (Optional, Beta) We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node. + Structure is documented below + network_config.create_pod_range: '- (Optional) Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.' + network_config.enable_private_nodes: '- (Optional) Whether nodes have internal IP addresses only.' + network_config.pod_ipv4_cidr_block: '- (Optional) The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.' + network_config.pod_range: '- (Optional) The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.' + node_config: |- + - (Optional) Parameters used in creating the node pool. See + google_container_cluster for schema. + node_count: |- + - (Optional) The number of nodes per instance group. This field can be used to + update the number of nodes per instance group but should not be used alongside autoscaling. + node_locations: |- + - (Optional) + The list of zones in which the node pool's nodes should be located. Nodes must + be in the region of their regional cluster or in the same region as their + cluster's zone for zonal clusters. If unspecified, the cluster-level + node_locations will be used. + placement_policy: |- + - (Optional) Specifies a custom placement policy for the + nodes. + placement_policy.policy_name: |- + - (Optional) If set, refers to the name of a custom resource policy supplied by the user. + The resource policy must be in the same project and region as the node pool. + If not found, InvalidArgument error is returned. + placement_policy.tpu_topology: '- (Optional) The TPU placement topology for pod slice node pool.' + placement_policy.type: |- + - (Required) The type of the policy. Supports a single value: COMPACT. + Specifying COMPACT placement policy type places node pool's nodes in a closer + physical proximity in order to reduce network latency between nodes. + project: |- + - (Optional) The ID of the project in which to create the node pool. If blank, + the provider-configured project will be used. + queued_provisioning: |- + - (Optional) Specifies node pool-level settings of queued provisioning. + Structure is documented below. + queued_provisioning.enabled: (Required) - Makes nodes obtainable through the ProvisioningRequest API exclusively. + update: '- (Default 30 minutes) Used for updates to node pools' + upgrade_settings: |- + (Optional) Specify node upgrade settings to change how GKE upgrades nodes. + The maximum number of nodes upgraded simultaneously is limited to 20. Structure is documented below. + upgrade_settings.blue_green_settings: |- + - (Optional) The settings to adjust blue green upgrades. + Structure is documented below + upgrade_settings.max_surge: |- + - (Optional) The number of additional nodes that can be added to the node pool during + an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. + Can be set to 0 or greater. + upgrade_settings.max_unavailable: |- + - (Optional) The number of nodes that can be simultaneously unavailable during + an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in + parallel. Can be set to 0 or greater. + upgrade_settings.strategy: '- (Default SURGE) The upgrade stragey to be used for upgrading the nodes.' + version: |- + - (Optional) The Kubernetes version for the nodes in this pool. Note that if this field + and auto_upgrade are both specified, they will fight each other for what the node version should + be, so setting both is highly discouraged. While a fuzzy version can be specified, it's + recommended that you specify explicit versions as Terraform will see spurious diffs + when fuzzy versions are used. See the google_container_engine_versions data source's + version_prefix field to approximate fuzzy versions in a Terraform-compatible way. + importStatements: [] + google_container_registry: + subCategory: Container Registry + description: Ensures the GCS bucket backing Google Container Registry exists. + name: google_container_registry + title: "" + examples: + - name: registry + manifest: |- + { + "location": "EU", + "project": "my-project" + } + - name: registry + manifest: |- + { + "location": "EU", + "project": "my-project" + } + dependencies: + google_storage_bucket_iam_member.viewer: |- + { + "bucket": "${google_container_registry.registry.id}", + "member": "user:jane@example.com", + "role": "roles/storage.objectViewer" + } + argumentDocs: + bucket_self_link: '- The URI of the created resource.' + id: '- The name of the bucket that supports the Container Registry. In the form of artifacts.{project}.appspot.com or {location}.artifacts.{project}.appspot.com if location is specified.' + location: '- (Optional) The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.' + project: '- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.' + importStatements: [] + google_data_catalog_entry: + subCategory: Data catalog + description: Entry Metadata. + name: google_data_catalog_entry + title: "" + examples: + - name: basic_entry + manifest: |- + { + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "user_specified_system": "SomethingExternal", + "user_specified_type": "my_custom_type" + } + references: + entry_group: google_data_catalog_entry_group.entry_group.id + dependencies: + google_data_catalog_entry_group.entry_group: |- + { + "entry_group_id": "my_group" + } + - name: basic_entry + manifest: |- + { + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "gcs_fileset_spec": [ + { + "file_patterns": [ + "gs://fake_bucket/dir/*" + ] + } + ], + "type": "FILESET" + } + references: + entry_group: google_data_catalog_entry_group.entry_group.id + dependencies: + google_data_catalog_entry_group.entry_group: |- + { + "entry_group_id": "my_group" + } + - name: basic_entry + manifest: |- + { + "description": "a custom type entry for a user specified system", + "display_name": "my custom type entry", + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "linked_resource": "my/linked/resource", + "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", + "user_specified_system": "Something_custom", + "user_specified_type": "my_user_specified_type" + } + references: + entry_group: google_data_catalog_entry_group.entry_group.id + dependencies: + google_data_catalog_entry_group.entry_group: |- + { + "entry_group_id": "my_group" + } + argumentDocs: + bigquery_date_sharded_spec: |- + - + Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. + Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + Structure is documented below. + bigquery_date_sharded_spec.dataset: |- + - + (Output) + The Data Catalog resource name of the dataset entry the current table belongs to, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId} + bigquery_date_sharded_spec.shard_count: |- + - + (Output) + Total number of shards. + bigquery_date_sharded_spec.table_prefix: |- + - + (Output) + The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, + for example, for shard MyTable20180101, the tablePrefix is MyTable. + bigquery_table_spec: |- + - + Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. + Structure is documented below. + bigquery_table_spec.table_source_type: |- + - + (Output) + The table source type. + bigquery_table_spec.table_spec: |- + - + (Output) + Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. + Structure is documented below. + bigquery_table_spec.view_spec: |- + - + (Output) + Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. + Structure is documented below. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Entry description, which can consist of several sentences or paragraphs that describe entry contents. + display_name: |- + - + (Optional) + Display information such as title and description. A short name to identify the entry, + for example, "Analytics Data - Jan 2011". + entry_group: |- + - + (Required) + The name of the entry group this entry is in. + entry_id: |- + - + (Required) + The id of the entry to create. + gcs_fileset_spec: |- + - + (Optional) + Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. + Structure is documented below. + gcs_fileset_spec.file_patterns: |- + - + (Required) + Patterns to identify a set of files in Google Cloud Storage. + See Cloud Storage documentation + for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: + gcs_fileset_spec.sample_gcs_file_specs: |- + - + (Output) + Sample files contained in this fileset, not all files contained in this fileset are represented here. + Structure is documented below. + id: '- an identifier for the resource with format {{name}}' + integrated_system: |- + - + This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. + linked_resource: |- + - + (Optional) + The resource this metadata entry refers to. + For Google Cloud Platform resources, linkedResource is the full name of the resource. + For example, the linkedResource for a table resource from BigQuery is: + //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId + Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, + this field is optional and defaults to an empty string. + name: |- + - + The Data Catalog resource name of the entry in URL format. + Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. + Note that this Entry and its child resources may not actually be stored in the location in this name. + sample_gcs_file_specs.file_path: |- + - + (Output) + The full file path + sample_gcs_file_specs.size_bytes: |- + - + (Output) + The size of the file, in bytes. + schema: |- + - + (Optional) + Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema + attached to it. See + https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema + for what fields this schema can contain. + table_spec.grouped_entry: |- + - + (Output) + If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the + Data Catalog resource name of the date sharded grouped entry, for example, + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. + Otherwise, groupedEntry is empty. + type: |- + - + (Optional) + The type of the entry. Only used for Entries with types in the EntryType enum. + Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. + Possible values are: FILESET. + update: '- Default is 20 minutes.' + user_specified_system: |- + - + (Optional) + This field indicates the entry's source system that Data Catalog does not integrate with. + userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, + and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + user_specified_type: |- + - + (Optional) + Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. + When creating an entry, users should check the enum values first, if nothing matches the entry + to be created, then provide a custom value, for example "my_special_type". + userSpecifiedType strings must begin with a letter or underscore and can only contain letters, + numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. + view_spec.view_query: |- + - + (Output) + The query that defines the table view. + importStatements: [] + google_data_catalog_entry_group: + subCategory: Data catalog + description: An EntryGroup resource represents a logical grouping of zero or more Data Catalog Entry resources. + name: google_data_catalog_entry_group + title: "" + examples: + - name: basic_entry_group + manifest: |- + { + "entry_group_id": "my_group" + } + - name: basic_entry_group + manifest: |- + { + "description": "entry group created by Terraform", + "display_name": "terraform entry group", + "entry_group_id": "my_group" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. + display_name: |- + - + (Optional) + A short name to identify the entry group, for example, "analytics data - jan 2011". + entry_group_id: |- + - + (Required) + The id of the entry group to create. The id must begin with a letter or underscore, + contain only English letters, numbers and underscores, and be at most 64 characters. + id: '- an identifier for the resource with format {{name}}' + name: |- + - + The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId} + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + EntryGroup location region. + update: '- Default is 20 minutes.' + importStatements: [] + google_data_catalog_entry_group_iam_policy: + subCategory: Data catalog + description: Collection of resources to manage IAM policy for Data catalog EntryGroup + name: google_data_catalog_entry_group_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "entry_group": "${google_data_catalog_entry_group.basic_entry_group.name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}" + } + references: + entry_group: google_data_catalog_entry_group.basic_entry_group.name + policy_data: data.google_iam_policy.admin.policy_data + argumentDocs: + entry_group: '- (Required) Used to find the parent resource to bind the IAM policy to' + etag: '- (Computed) The etag of the IAM policy.' + google_data_catalog_entry_group_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.' + google_data_catalog_entry_group_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.' + google_data_catalog_entry_group_iam_policy: ': Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_data_catalog_entry_group_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_data_catalog_entry_group_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_data_catalog_policy_tag: + subCategory: Data catalog + description: Denotes one policy tag in a taxonomy. + name: google_data_catalog_policy_tag + title: "" + examples: + - name: basic_policy_tag + manifest: |- + { + "description": "A policy tag normally associated with low security items", + "display_name": "Low security", + "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + } + references: + taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + dependencies: + google_data_catalog_taxonomy.my_taxonomy: |- + { + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy_display_name" + } + - name: parent_policy + manifest: |- + { + "description": "A policy tag category used for high security access", + "display_name": "High", + "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + } + references: + taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + dependencies: + google_data_catalog_taxonomy.my_taxonomy: |- + { + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy_display_name" + } + - name: child_policy + manifest: |- + { + "description": "A hash of the users ssn", + "display_name": "ssn", + "parent_policy_tag": "${google_data_catalog_policy_tag.parent_policy.id}", + "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + } + references: + parent_policy_tag: google_data_catalog_policy_tag.parent_policy.id + taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + dependencies: + google_data_catalog_taxonomy.my_taxonomy: |- + { + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy_display_name" + } + - name: child_policy2 + manifest: |- + { + "depends_on": [ + "${google_data_catalog_policy_tag.child_policy}" + ], + "description": "The users date of birth", + "display_name": "dob", + "parent_policy_tag": "${google_data_catalog_policy_tag.parent_policy.id}", + "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + } + references: + parent_policy_tag: google_data_catalog_policy_tag.parent_policy.id + taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + dependencies: + google_data_catalog_taxonomy.my_taxonomy: |- + { + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "taxonomy_display_name" + } + argumentDocs: + child_policy_tags: |- + - + Resource names of child policy tags of this policy tag. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + Description of this policy tag. It must: contain only unicode characters, tabs, + newlines, carriage returns and page breaks; and be at most 2000 bytes long when + encoded in UTF-8. If not set, defaults to an empty description. + If not set, defaults to an empty description. + display_name: |- + - + (Required) + User defined name of this policy tag. It must: be unique within the parent + taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; + not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. + id: '- an identifier for the resource with format {{name}}' + name: |- + - + Resource name of this policy tag, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}" + parent_policy_tag: |- + - + (Optional) + Resource name of this policy tag's parent policy tag. + If empty, it means this policy tag is a top level policy tag. + If not set, defaults to an empty string. + taxonomy: |- + - + (Required) + Taxonomy the policy tag is associated with + update: '- Default is 20 minutes.' + importStatements: [] + google_data_catalog_policy_tag_iam_policy: + subCategory: Data catalog + description: Collection of resources to manage IAM policy for Data catalog PolicyTag + name: google_data_catalog_policy_tag_iam_policy title: "" examples: - - name: primary_preemptible_nodes + - name: policy manifest: |- { - "cluster": "${google_container_cluster.primary.id}", - "name": "my-node-pool", - "node_config": [ + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "policy_tag": "${google_data_catalog_policy_tag.basic_policy_tag.name}" + } + references: + policy_data: data.google_iam_policy.admin.policy_data + policy_tag: google_data_catalog_policy_tag.basic_policy_tag.name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_data_catalog_policy_tag_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.' + google_data_catalog_policy_tag_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.' + google_data_catalog_policy_tag_iam_policy: ': Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_data_catalog_policy_tag_iam_policy) The policy data generated by + a google_iam_policy data source. + policy_tag: '- (Required) Used to find the parent resource to bind the IAM policy to' + role: |- + - (Required) The role that should be applied. Only one + google_data_catalog_policy_tag_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] + google_data_catalog_tag: + subCategory: Data catalog + description: Tags are used to attach custom metadata to Data Catalog resources. + name: google_data_catalog_tag + title: "" + examples: + - name: basic_tag + manifest: |- + { + "fields": [ { - "machine_type": "e2-medium", - "oauth_scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "preemptible": true, - "service_account": "${google_service_account.default.email}" + "field_name": "source", + "string_value": "my-string" } ], - "node_count": 1 + "parent": "${google_data_catalog_entry.entry.id}", + "template": "${google_data_catalog_tag_template.tag_template.id}" } references: - cluster: google_container_cluster.primary.id - node_config.service_account: google_service_account.default.email + parent: google_data_catalog_entry.entry.id + template: google_data_catalog_tag_template.tag_template.id dependencies: - google_container_cluster.primary: |- + google_data_catalog_entry.entry: |- { - "initial_node_count": 1, - "location": "us-central1", - "name": "my-gke-cluster", - "remove_default_node_pool": true + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "user_specified_system": "SomethingExternal", + "user_specified_type": "my_custom_type" } - google_service_account.default: |- + google_data_catalog_entry_group.entry_group: |- { - "account_id": "service-account-id", - "display_name": "Service Account" + "entry_group_id": "my_entry_group" } - - name: np - manifest: |- - { - "cluster": "${google_container_cluster.primary.id}", - "name": "my-node-pool", - "node_config": [ + google_data_catalog_tag_template.tag_template: |- { - "machine_type": "e2-medium", - "oauth_scopes": [ - "https://www.googleapis.com/auth/cloud-platform" + "display_name": "Demo Tag Template", + "fields": [ + { + "display_name": "Source of data asset", + "field_id": "source", + "is_required": true, + "type": [ + { + "primitive_type": "STRING" + } + ] + }, + { + "display_name": "Number of rows in the data asset", + "field_id": "num_rows", + "type": [ + { + "primitive_type": "DOUBLE" + } + ] + }, + { + "display_name": "PII type", + "field_id": "pii_type", + "type": [ + { + "enum_type": [ + { + "allowed_values": [ + { + "display_name": "EMAIL" + }, + { + "display_name": "SOCIAL SECURITY NUMBER" + }, + { + "display_name": "NONE" + } + ] + } + ] + } + ] + } ], - "service_account": "${google_service_account.default.email}" + "force_delete": "false", + "region": "us-central1", + "tag_template_id": "my_template" } - ], - "timeouts": [ + - name: entry_group_tag + manifest: |- + { + "fields": [ { - "create": "30m", - "update": "20m" + "field_name": "source", + "string_value": "my-string" } - ] + ], + "parent": "${google_data_catalog_entry_group.entry_group.id}", + "template": "${google_data_catalog_tag_template.tag_template.id}" } references: - cluster: google_container_cluster.primary.id - node_config.service_account: google_service_account.default.email + parent: google_data_catalog_entry_group.entry_group.id + template: google_data_catalog_tag_template.tag_template.id dependencies: - google_container_cluster.primary: |- + google_data_catalog_entry.first_entry: |- { - "initial_node_count": 3, - "location": "us-central1-a", - "name": "marcellus-wallace", - "node_config": [ + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "first_entry", + "user_specified_system": "SomethingExternal", + "user_specified_type": "my_custom_type" + } + google_data_catalog_entry.second_entry: |- + { + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "second_entry", + "user_specified_system": "SomethingElseExternal", + "user_specified_type": "another_custom_type" + } + google_data_catalog_entry_group.entry_group: |- + { + "entry_group_id": "my_entry_group" + } + google_data_catalog_tag_template.tag_template: |- + { + "display_name": "Demo Tag Template", + "fields": [ { - "guest_accelerator": [ + "display_name": "Source of data asset", + "field_id": "source", + "is_required": true, + "type": [ { - "count": 1, - "type": "nvidia-tesla-k80" + "primitive_type": "STRING" } - ], - "oauth_scopes": [ - "https://www.googleapis.com/auth/cloud-platform" - ], - "service_account": "${google_service_account.default.email}" + ] + }, + { + "display_name": "Number of rows in the data asset", + "field_id": "num_rows", + "type": [ + { + "primitive_type": "DOUBLE" + } + ] + }, + { + "display_name": "PII type", + "field_id": "pii_type", + "type": [ + { + "enum_type": [ + { + "allowed_values": [ + { + "display_name": "EMAIL" + }, + { + "display_name": "SOCIAL SECURITY NUMBER" + }, + { + "display_name": "NONE" + } + ] + } + ] + } + ] } ], - "node_locations": [ - "us-central1-c" - ] - } - google_service_account.default: |- - { - "account_id": "service-account-id", - "display_name": "Service Account" + "force_delete": "false", + "region": "us-central1", + "tag_template_id": "my_template" } - argumentDocs: - additional_node_network_configs.network: '- Name of the VPC where the additional interface belongs.' - additional_node_network_configs.subnetwork: '- Name of the subnetwork where the additional interface belongs.' - additional_pod_network_configs.max_pods_per_node: '- The maximum number of pods per node which use this pod network.' - additional_pod_network_configs.secondary_pod_range: '- The name of the secondary range on the subnet which provides IP address for this pod range.' - additional_pod_network_configs.subnetwork: '- Name of the subnetwork where the additional pod network belongs.' - autoscaling: |- - - (Optional) Configuration required by cluster autoscaler to adjust - the size of the node pool to the current cluster usage. Structure is documented below. - autoscaling.location_policy: |- - - (Optional) Location policy specifies the algorithm used when - scaling-up the node pool. Location policy is supported only in 1.24.1+ clusters. - autoscaling.max_node_count: |- - - (Optional) Maximum number of nodes per zone in the NodePool. - Must be >= min_node_count. Cannot be used with total limits. - autoscaling.min_node_count: |- - - (Optional) Minimum number of nodes per zone in the NodePool. - Must be >=0 and <= max_node_count. Cannot be used with total limits. - autoscaling.total_max_node_count: |- - - (Optional) Total maximum number of nodes in the NodePool. - Must be >= total_min_node_count. Cannot be used with per zone limits. - Total size limits are supported only in 1.24.1+ clusters. - autoscaling.total_min_node_count: |- - - (Optional) Total minimum number of nodes in the NodePool. - Must be >=0 and <= total_max_node_count. Cannot be used with per zone limits. - Total size limits are supported only in 1.24.1+ clusters. - batch_node_count: '- (Optional) Number of blue nodes to drain in a batch.' - batch_percentage: '- (Optional) Percentage of the blue pool nodes to drain in a batch.' - batch_soak_duration: '- (Optionial) Soak time after each batch gets drained.' - blue_green_settings.node_pool_soak_duration: |- - - (Optional) Time needed after draining the entire blue pool. - After this period, the blue pool will be cleaned up. - blue_green_settings.standard_rollout_policy: '- (Required) Specifies the standard policy settings for blue-green upgrades.' - cluster: '- (Required) The cluster to create the node pool for. Cluster must be present in location provided for clusters. May be specified in the format projects/{{project}}/locations/{{location}}/clusters/{{cluster}} or as just the name of the cluster.' - confidential_nodes: '- (Optional) Configuration for Confidential Nodes feature. Structure is documented below.' - confidential_nodes.enabled: |- - (Required) - Enable Confidential GKE Nodes for this cluster, to - enforce encryption of data in-use. - create: '- (Default 30 minutes) Used for adding node pools' - delete: '- (Default 30 minutes) Used for removing node pools.' - id: '- an identifier for the resource with format {{project}}/{{location}}/{{cluster}}/{{name}}' - initial_node_count: |- - - (Optional) The initial number of nodes for the pool. In - regional or multi-zonal clusters, this is the number of nodes per zone. Changing - this will force recreation of the resource. WARNING: Resizing your node pool manually - may change this value in your existing cluster, which will trigger destruction - and recreation on the next Terraform run (to rectify the discrepancy). If you don't - need this value, don't set it. If you do need it, you can use a lifecycle block to - ignore subsequent changes to this field. - instance_group_urls: '- The resource URLs of the managed instance groups associated with this node pool.' - location: '- (Optional) The location (region or zone) of the cluster.' - managed_instance_group_urls: '- List of instance group URLs which have been assigned to this node pool.' - management: |- - - (Optional) Node management configuration, wherein auto-repair and - auto-upgrade is configured. Structure is documented below. - management.auto_repair: '- (Optional) Whether the nodes will be automatically repaired. Enabled by default.' - management.auto_upgrade: '- (Optional) Whether the nodes will be automatically upgraded. Enabled by default.' - max_pods_per_node: |- - - (Optional) The maximum number of pods per node in this node pool. - Note that this does not work on node pools which are "route-based" - that is, node - pools belonging to clusters that do not have IP Aliasing enabled. - See the official documentation - for more information. - name: |- - - (Optional) The name of the node pool. If left blank, Terraform will - auto-generate a unique name. - name_prefix: |- - - (Optional) Creates a unique name for the node pool beginning - with the specified prefix. Conflicts with name. - network_config: |- - - (Optional) The network configuration of the pool. Such as - configuration for Adding Pod IP address ranges) to the node pool. Or enabling private nodes. Structure is - documented below - network_config.additional_node_network_configs: |- - - (Optional, Beta) We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface. - Structure is documented below - network_config.additional_pod_network_configs: |- - - (Optional, Beta) We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node. - Structure is documented below - network_config.create_pod_range: '- (Optional) Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.' - network_config.enable_private_nodes: '- (Optional) Whether nodes have internal IP addresses only.' - network_config.pod_ipv4_cidr_block: '- (Optional) The IP address range for pod IPs in this node pool. Only applicable if createPodRange is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.' - network_config.pod_range: '- (Optional) The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.' - node_config: |- - - (Optional) Parameters used in creating the node pool. See - google_container_cluster for schema. - node_count: |- - - (Optional) The number of nodes per instance group. This field can be used to - update the number of nodes per instance group but should not be used alongside autoscaling. - node_locations: |- - - (Optional) - The list of zones in which the node pool's nodes should be located. Nodes must - be in the region of their regional cluster or in the same region as their - cluster's zone for zonal clusters. If unspecified, the cluster-level - node_locations will be used. - placement_policy: |- - - (Optional) Specifies a custom placement policy for the - nodes. - placement_policy.policy_name: |- - - (Optional) If set, refers to the name of a custom resource policy supplied by the user. - The resource policy must be in the same project and region as the node pool. - If not found, InvalidArgument error is returned. - placement_policy.tpu_topology: '- (Optional) The TPU placement topology for pod slice node pool.' - placement_policy.type: |- - - (Required) The type of the policy. Supports a single value: COMPACT. - Specifying COMPACT placement policy type places node pool's nodes in a closer - physical proximity in order to reduce network latency between nodes. - project: |- - - (Optional) The ID of the project in which to create the node pool. If blank, - the provider-configured project will be used. - queued_provisioning: |- - - (Optional, Beta) Specifies node pool-level settings of queued provisioning. - Structure is documented below. - queued_provisioning.enabled: (Required) - Makes nodes obtainable through the ProvisioningRequest API exclusively. - update: '- (Default 30 minutes) Used for updates to node pools' - upgrade_settings: |- - (Optional) Specify node upgrade settings to change how GKE upgrades nodes. - The maximum number of nodes upgraded simultaneously is limited to 20. Structure is documented below. - upgrade_settings.blue_green_settings: |- - - (Optional) The settings to adjust blue green upgrades. - Structure is documented below - upgrade_settings.max_surge: |- - - (Optional) The number of additional nodes that can be added to the node pool during - an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. - Can be set to 0 or greater. - upgrade_settings.max_unavailable: |- - - (Optional) The number of nodes that can be simultaneously unavailable during - an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in - parallel. Can be set to 0 or greater. - upgrade_settings.strategy: '- (Default SURGE) The upgrade stragey to be used for upgrading the nodes.' - version: |- - - (Optional) The Kubernetes version for the nodes in this pool. Note that if this field - and auto_upgrade are both specified, they will fight each other for what the node version should - be, so setting both is highly discouraged. While a fuzzy version can be specified, it's - recommended that you specify explicit versions as Terraform will see spurious diffs - when fuzzy versions are used. See the google_container_engine_versions data source's - version_prefix field to approximate fuzzy versions in a Terraform-compatible way. - importStatements: [] - google_container_registry: - subCategory: Container Registry - description: Ensures the GCS bucket backing Google Container Registry exists. - name: google_container_registry - title: "" - examples: - - name: registry - manifest: |- - { - "location": "EU", - "project": "my-project" - } - - name: registry + - name: basic_tag manifest: |- { - "location": "EU", - "project": "my-project" - } - dependencies: - google_storage_bucket_iam_member.viewer: |- + "column": "address", + "fields": [ { - "bucket": "${google_container_registry.registry.id}", - "member": "user:jane@example.com", - "role": "roles/storage.objectViewer" + "field_name": "source", + "string_value": "my-string" + }, + { + "double_value": 5, + "field_name": "num_rows" + }, + { + "enum_value": "EMAIL", + "field_name": "pii_type" } - argumentDocs: - bucket_self_link: '- The URI of the created resource.' - id: '- The name of the bucket that supports the Container Registry. In the form of artifacts.{project}.appspot.com or {location}.artifacts.{project}.appspot.com if location is specified.' - location: '- (Optional) The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.' - project: '- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.' - importStatements: [] - google_data_catalog_entry: - subCategory: Data catalog - description: Entry Metadata. - name: google_data_catalog_entry - title: "" - examples: - - name: basic_entry - manifest: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "user_specified_system": "SomethingExternal", - "user_specified_type": "my_custom_type" + ], + "parent": "${google_data_catalog_entry.entry.id}", + "template": "${google_data_catalog_tag_template.tag_template.id}" } references: - entry_group: google_data_catalog_entry_group.entry_group.id + parent: google_data_catalog_entry.entry.id + template: google_data_catalog_tag_template.tag_template.id dependencies: + google_data_catalog_entry.entry: |- + { + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", + "user_specified_system": "SomethingExternal", + "user_specified_type": "my_custom_type" + } google_data_catalog_entry_group.entry_group: |- { - "entry_group_id": "my_group" + "entry_group_id": "my_entry_group" + } + google_data_catalog_tag_template.tag_template: |- + { + "display_name": "Demo Tag Template", + "fields": [ + { + "display_name": "Source of data asset", + "field_id": "source", + "is_required": true, + "type": [ + { + "primitive_type": "STRING" + } + ] + }, + { + "display_name": "Number of rows in the data asset", + "field_id": "num_rows", + "type": [ + { + "primitive_type": "DOUBLE" + } + ] + }, + { + "display_name": "PII type", + "field_id": "pii_type", + "type": [ + { + "enum_type": [ + { + "allowed_values": [ + { + "display_name": "EMAIL" + }, + { + "display_name": "SOCIAL SECURITY NUMBER" + }, + { + "display_name": "NONE" + } + ] + } + ] + } + ] + } + ], + "force_delete": "false", + "region": "us-central1", + "tag_template_id": "my_template" } - - name: basic_entry + - name: second-tag manifest: |- { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "gcs_fileset_spec": [ + "column": "first_name", + "fields": [ { - "file_patterns": [ - "gs://fake_bucket/dir/*" - ] + "field_name": "source", + "string_value": "my-string" + }, + { + "enum_value": "NONE", + "field_name": "pii_type" } ], - "type": "FILESET" + "parent": "${google_data_catalog_entry.entry.id}", + "template": "${google_data_catalog_tag_template.tag_template.id}" } references: - entry_group: google_data_catalog_entry_group.entry_group.id + parent: google_data_catalog_entry.entry.id + template: google_data_catalog_tag_template.tag_template.id dependencies: - google_data_catalog_entry_group.entry_group: |- + google_data_catalog_entry.entry: |- { - "entry_group_id": "my_group" + "entry_group": "${google_data_catalog_entry_group.entry_group.id}", + "entry_id": "my_entry", + "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", + "user_specified_system": "SomethingExternal", + "user_specified_type": "my_custom_type" } - - name: basic_entry - manifest: |- - { - "description": "a custom type entry for a user specified system", - "display_name": "my custom type entry", - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "linked_resource": "my/linked/resource", - "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", - "user_specified_system": "Something_custom", - "user_specified_type": "my_user_specified_type" - } - references: - entry_group: google_data_catalog_entry_group.entry_group.id - dependencies: google_data_catalog_entry_group.entry_group: |- { - "entry_group_id": "my_group" + "entry_group_id": "my_entry_group" + } + google_data_catalog_tag_template.tag_template: |- + { + "display_name": "Demo Tag Template", + "fields": [ + { + "display_name": "Source of data asset", + "field_id": "source", + "is_required": true, + "type": [ + { + "primitive_type": "STRING" + } + ] + }, + { + "display_name": "Number of rows in the data asset", + "field_id": "num_rows", + "type": [ + { + "primitive_type": "DOUBLE" + } + ] + }, + { + "display_name": "PII type", + "field_id": "pii_type", + "type": [ + { + "enum_type": [ + { + "allowed_values": [ + { + "display_name": "EMAIL" + }, + { + "display_name": "SOCIAL SECURITY NUMBER" + }, + { + "display_name": "NONE" + } + ] + } + ] + } + ] + } + ], + "force_delete": "false", + "region": "us-central1", + "tag_template_id": "my_template" } argumentDocs: - bigquery_date_sharded_spec: |- + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + fields: |- - - Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD. - Context: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding. + (Required) + This maps the ID of a tag field to the value of and additional information about that field. + Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. Structure is documented below. - bigquery_date_sharded_spec.dataset: |- + fields.bool_value: |- - - (Output) - The Data Catalog resource name of the dataset entry the current table belongs to, for example, - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId} - bigquery_date_sharded_spec.shard_count: |- + (Optional) + Holds the value for a tag field with boolean type. + fields.column: |- - - (Output) - Total number of shards. - bigquery_date_sharded_spec.table_prefix: |- + (Optional) + Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an + individual column based on that schema. + For attaching a tag to a nested column, use . to separate the column names. Example: + outer_column.inner_column + fields.display_name: |- - (Output) - The table name prefix of the shards. The name of any given shard is [tablePrefix]YYYYMMDD, - for example, for shard MyTable20180101, the tablePrefix is MyTable. - bigquery_table_spec: |- + The display name of this field + fields.double_value: |- - - Specification that applies to a BigQuery table. This is only valid on entries of type TABLE. - Structure is documented below. - bigquery_table_spec.table_source_type: |- + (Optional) + Holds the value for a tag field with double type. + fields.enum_value: |- - - (Output) - The table source type. - bigquery_table_spec.table_spec: |- + (Optional) + Holds the value for a tag field with enum type. This value must be one of the allowed values in the definition of this enum. + fields.field_name: '- (Required) The identifier for this object. Format specified above.' + fields.order: |- - (Output) - Spec of a BigQuery table. This field should only be populated if tableSourceType is BIGQUERY_TABLE. - Structure is documented below. - bigquery_table_spec.view_spec: |- + The order of this field with respect to other fields in this tag. For example, a higher value can indicate + a more important field. The value can be negative. Multiple fields can have the same order, and field orders + within a tag do not have to be sequential. + fields.parent: |- - - (Output) - Table view specification. This field should only be populated if tableSourceType is BIGQUERY_VIEW. - Structure is documented below. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - description: |- + (Optional) + The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to + all entries in that group. + fields.string_value: |- - (Optional) - Entry description, which can consist of several sentences or paragraphs that describe entry contents. - display_name: |- + Holds the value for a tag field with string type. + fields.timestamp_value: |- - (Optional) - Display information such as title and description. A short name to identify the entry, - for example, "Analytics Data - Jan 2011". - entry_group: |- + Holds the value for a tag field with timestamp type. + id: '- an identifier for the resource with format {{name}}' + name: |- - - (Required) - The name of the entry group this entry is in. - entry_id: |- + The resource name of the tag in URL format. Example: + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or + projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} + where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. + template: |- - (Required) - The id of the entry to create. - gcs_fileset_spec: |- + The resource name of the tag template that this tag uses. Example: + projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + This field cannot be modified after creation. + template_displayname: |- - - (Optional) - Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET. - Structure is documented below. - gcs_fileset_spec.file_patterns: |- + The display name of the tag template. + update: '- Default is 20 minutes.' + importStatements: [] + google_data_catalog_tag_template: + subCategory: Data catalog + description: A tag template defines a tag, which can have one or more typed fields. + name: google_data_catalog_tag_template + title: "" + examples: + - name: basic_tag_template + manifest: |- + { + "display_name": "Demo Tag Template", + "fields": [ + { + "display_name": "Source of data asset", + "field_id": "source", + "is_required": true, + "type": [ + { + "primitive_type": "STRING" + } + ] + }, + { + "display_name": "Number of rows in the data asset", + "field_id": "num_rows", + "type": [ + { + "primitive_type": "DOUBLE" + } + ] + }, + { + "display_name": "PII type", + "field_id": "pii_type", + "type": [ + { + "enum_type": [ + { + "allowed_values": [ + { + "display_name": "EMAIL" + }, + { + "display_name": "SOCIAL SECURITY NUMBER" + }, + { + "display_name": "NONE" + } + ] + } + ] + } + ] + } + ], + "force_delete": "false", + "region": "us-central1", + "tag_template_id": "my_template" + } + argumentDocs: + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + enum_type.allowed_values: |- - (Required) - Patterns to identify a set of files in Google Cloud Storage. - See Cloud Storage documentation - for more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns: - gcs_fileset_spec.sample_gcs_file_specs: |- - - - (Output) - Sample files contained in this fileset, not all files contained in this fileset are represented here. + The set of allowed values for this enum. The display names of the + values must be case-insensitively unique within this set. Currently, + enum values can only be added to the list of allowed values. Deletion + and renaming of enum values are not supported. + Can have up to 500 allowed values. Structure is documented below. - id: '- an identifier for the resource with format {{name}}' - integrated_system: |- + enum_type.allowed_values.display_name: |- - - This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub. - linked_resource: |- + (Required) + The display name of the enum value. + enum_type.allowed_values.force_delete: |- - (Optional) - The resource this metadata entry refers to. - For Google Cloud Platform resources, linkedResource is the full name of the resource. - For example, the linkedResource for a table resource from BigQuery is: - //bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId - Output only when Entry is of type in the EntryType enum. For entries with userSpecifiedType, - this field is optional and defaults to an empty string. - name: |- + This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. + enum_type.allowed_values.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + enum_type.allowed_values.region: |- - - The Data Catalog resource name of the entry in URL format. - Example: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}. - Note that this Entry and its child resources may not actually be stored in the location in this name. - sample_gcs_file_specs.file_path: |- + (Optional) + Template location region. + fields: |- - - (Output) - The full file path - sample_gcs_file_specs.size_bytes: |- + (Required) + Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it. + Structure is documented below. + fields.description: |- - - (Output) - The size of the file, in bytes. - schema: |- + (Optional) + A description for this field. + fields.display_name: |- - (Optional) - Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema - attached to it. See - https://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema - for what fields this schema can contain. - table_spec.grouped_entry: |- + The display name for this field. + fields.field_id: '- (Required) The identifier for this object. Format specified above.' + fields.is_required: |- + - + (Optional) + Whether this is a required field. Defaults to false. + fields.name: |- - (Output) - If the table is a dated shard, i.e., with name pattern [prefix]YYYYMMDD, groupedEntry is the - Data Catalog resource name of the date sharded grouped entry, for example, - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}. - Otherwise, groupedEntry is empty. - type: |- + The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field} + fields.order: |- - (Optional) - The type of the entry. Only used for Entries with types in the EntryType enum. - Currently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. - Possible values are: FILESET. - update: '- Default is 20 minutes.' - user_specified_system: |- + The order of this field with respect to other fields in this tag template. + A higher value indicates a more important field. The value can be negative. + Multiple fields can have the same order, and field orders within a tag do not have to be sequential. + fields.type: |- - - (Optional) - This field indicates the entry's source system that Data Catalog does not integrate with. - userSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers, - and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. - user_specified_type: |- + (Required) + The type of value this tag field can contain. + Structure is documented below. + id: '- an identifier for the resource with format {{name}}' + name: |- + - + The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} + tag_template_id: |- + - + (Required) + The id of the tag template to create. + type.enum_type: |- - (Optional) - Entry type if it does not fit any of the input-allowed values listed in EntryType enum above. - When creating an entry, users should check the enum values first, if nothing matches the entry - to be created, then provide a custom value, for example "my_special_type". - userSpecifiedType strings must begin with a letter or underscore and can only contain letters, - numbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long. - view_spec.view_query: |- + Represents an enum type. + Exactly one of primitive_type or enum_type must be set + Structure is documented below. + type.primitive_type: |- - - (Output) - The query that defines the table view. + (Optional) + Represents primitive types - string, bool etc. + Exactly one of primitive_type or enum_type must be set + Possible values are: DOUBLE, STRING, BOOL, TIMESTAMP. + update: '- Default is 20 minutes.' importStatements: [] - google_data_catalog_entry_group: + google_data_catalog_tag_template_iam_policy: subCategory: Data catalog - description: An EntryGroup resource represents a logical grouping of zero or more Data Catalog Entry resources. - name: google_data_catalog_entry_group + description: Collection of resources to manage IAM policy for Data catalog TagTemplate + name: google_data_catalog_tag_template_iam_policy title: "" examples: - - name: basic_entry_group + - name: policy manifest: |- { - "entry_group_id": "my_group" + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "tag_template": "${google_data_catalog_tag_template.basic_tag_template.name}" } - - name: basic_entry_group + references: + policy_data: data.google_iam_policy.admin.policy_data + tag_template: google_data_catalog_tag_template.basic_tag_template.name + argumentDocs: + etag: '- (Computed) The etag of the IAM policy.' + google_data_catalog_tag_template_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.' + google_data_catalog_tag_template_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.' + google_data_catalog_tag_template_iam_policy: ': Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_data_catalog_tag_template_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + role: |- + - (Required) The role that should be applied. Only one + google_data_catalog_tag_template_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + tag_template: '- (Required) Used to find the parent resource to bind the IAM policy to' + importStatements: [] + google_data_catalog_taxonomy: + subCategory: Data catalog + description: A collection of policy tags that classify data along a common axis. + name: google_data_catalog_taxonomy + title: "" + examples: + - name: basic_taxonomy manifest: |- { - "description": "entry group created by Terraform", - "display_name": "terraform entry group", - "entry_group_id": "my_group" + "activated_policy_types": [ + "FINE_GRAINED_ACCESS_CONTROL" + ], + "description": "A collection of policy tags", + "display_name": "my_taxonomy" } argumentDocs: + activated_policy_types: |- + - + (Optional) + A list of policy types that are activated for this taxonomy. If not set, + defaults to an empty list. + Each value may be one of: POLICY_TYPE_UNSPECIFIED, FINE_GRAINED_ACCESS_CONTROL. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' description: |- - (Optional) - Entry group description, which can consist of several sentences or paragraphs that describe entry group contents. + Description of this taxonomy. It must: contain only unicode characters, + tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes + long when encoded in UTF-8. If not set, defaults to an empty description. display_name: |- - - - (Optional) - A short name to identify the entry group, for example, "analytics data - jan 2011". - entry_group_id: |- - (Required) - The id of the entry group to create. The id must begin with a letter or underscore, - contain only English letters, numbers and underscores, and be at most 64 characters. + User defined name of this taxonomy. + The taxonomy display name must be unique within an organization. + It must: contain only unicode letters, numbers, underscores, dashes + and spaces; not start or end with spaces; and be at most 200 bytes + long when encoded in UTF-8. id: '- an identifier for the resource with format {{name}}' name: |- - - The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId} + Resource name of this taxonomy, whose format is: + "projects/{project}/locations/{region}/taxonomies/{taxonomy}". project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. region: |- - (Optional) - EntryGroup location region. + Taxonomy location region. update: '- Default is 20 minutes.' importStatements: [] - google_data_catalog_entry_group_iam_policy: + google_data_catalog_taxonomy_iam_policy: subCategory: Data catalog - description: Collection of resources to manage IAM policy for Data catalog EntryGroup - name: google_data_catalog_entry_group_iam_policy + description: Collection of resources to manage IAM policy for Data catalog Taxonomy + name: google_data_catalog_taxonomy_iam_policy title: "" examples: - name: policy manifest: |- { - "entry_group": "${google_data_catalog_entry_group.basic_entry_group.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}" + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "taxonomy": "${google_data_catalog_taxonomy.basic_taxonomy.name}" } references: - entry_group: google_data_catalog_entry_group.basic_entry_group.name policy_data: data.google_iam_policy.admin.policy_data + taxonomy: google_data_catalog_taxonomy.basic_taxonomy.name argumentDocs: - entry_group: '- (Required) Used to find the parent resource to bind the IAM policy to' etag: '- (Computed) The etag of the IAM policy.' - google_data_catalog_entry_group_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.' - google_data_catalog_entry_group_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.' - google_data_catalog_entry_group_iam_policy: ': Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.' + google_data_catalog_taxonomy_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.' + google_data_catalog_taxonomy_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.' + google_data_catalog_taxonomy_iam_policy: ': Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.' member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: policy_data: |- - - (Required only by google_data_catalog_entry_group_iam_policy) The policy data generated by + - (Required only by google_data_catalog_taxonomy_iam_policy) The policy data generated by a google_iam_policy data source. project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. role: |- - (Required) The role that should be applied. Only one - google_data_catalog_entry_group_iam_binding can be used per role. Note that custom roles must be of the format + google_data_catalog_taxonomy_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. + taxonomy: '- (Required) Used to find the parent resource to bind the IAM policy to' importStatements: [] - google_data_catalog_policy_tag: - subCategory: Data catalog - description: Denotes one policy tag in a taxonomy. - name: google_data_catalog_policy_tag + google_data_fusion_instance: + subCategory: Cloud Data Fusion + description: Represents a Data Fusion instance. + name: google_data_fusion_instance title: "" examples: - - name: basic_policy_tag + - name: basic_instance manifest: |- { - "description": "A policy tag normally associated with low security items", - "display_name": "Low security", - "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + "name": "my-instance", + "region": "us-central1", + "type": "BASIC" + } + - name: extended_instance + manifest: |- + { + "accelerators": [ + { + "accelerator_type": "CDC", + "state": "ENABLED" + } + ], + "dataproc_service_account": "${data.google_app_engine_default_service_account.default.email}", + "description": "My Data Fusion instance", + "display_name": "My Data Fusion instance", + "enable_stackdriver_logging": true, + "enable_stackdriver_monitoring": true, + "labels": { + "example_key": "example_value" + }, + "name": "my-instance", + "network_config": [ + { + "ip_allocation": "${google_compute_global_address.private_ip_alloc.address}/${google_compute_global_address.private_ip_alloc.prefix_length}", + "network": "default" + } + ], + "private_instance": true, + "region": "us-central1", + "type": "BASIC" } references: - taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + dataproc_service_account: data.google_app_engine_default_service_account.default.email dependencies: - google_data_catalog_taxonomy.my_taxonomy: |- + google_compute_global_address.private_ip_alloc: |- { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "taxonomy_display_name" + "address_type": "INTERNAL", + "name": "datafusion-ip-alloc", + "network": "${google_compute_network.network.id}", + "prefix_length": 22, + "purpose": "VPC_PEERING" } - - name: parent_policy + google_compute_network.network: |- + { + "name": "datafusion-full-network" + } + - name: cmek manifest: |- { - "description": "A policy tag category used for high security access", - "display_name": "High", - "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + "crypto_key_config": [ + { + "key_reference": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "depends_on": [ + "${google_kms_crypto_key_iam_member.crypto_key_member}" + ], + "name": "my-instance", + "region": "us-central1", + "type": "BASIC" } references: - taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + crypto_key_config.key_reference: google_kms_crypto_key.crypto_key.id dependencies: - google_data_catalog_taxonomy.my_taxonomy: |- + google_kms_crypto_key.crypto_key: |- { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "taxonomy_display_name" + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "my-instance" } - - name: child_policy + google_kms_crypto_key_iam_member.crypto_key_member: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datafusion.iam.gserviceaccount.com", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.key_ring: |- + { + "location": "us-central1", + "name": "my-instance" + } + - name: enterprise_instance manifest: |- { - "description": "A hash of the users ssn", - "display_name": "ssn", - "parent_policy_tag": "${google_data_catalog_policy_tag.parent_policy.id}", - "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + "enable_rbac": true, + "name": "my-instance", + "region": "us-central1", + "type": "ENTERPRISE" } - references: - parent_policy_tag: google_data_catalog_policy_tag.parent_policy.id - taxonomy: google_data_catalog_taxonomy.my_taxonomy.id - dependencies: - google_data_catalog_taxonomy.my_taxonomy: |- - { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "taxonomy_display_name" - } - - name: child_policy2 + - name: event manifest: |- { - "depends_on": [ - "${google_data_catalog_policy_tag.child_policy}" + "event_publish_config": [ + { + "enabled": true, + "topic": "${google_pubsub_topic.event.id}" + } ], - "description": "The users date of birth", - "display_name": "dob", - "parent_policy_tag": "${google_data_catalog_policy_tag.parent_policy.id}", - "taxonomy": "${google_data_catalog_taxonomy.my_taxonomy.id}" + "name": "my-instance", + "region": "us-central1", + "type": "BASIC" } references: - parent_policy_tag: google_data_catalog_policy_tag.parent_policy.id - taxonomy: google_data_catalog_taxonomy.my_taxonomy.id + event_publish_config.topic: google_pubsub_topic.event.id dependencies: - google_data_catalog_taxonomy.my_taxonomy: |- + google_pubsub_topic.event: |- { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "taxonomy_display_name" + "name": "my-instance" } + - name: zone + manifest: |- + { + "name": "my-instance", + "region": "us-central1", + "type": "DEVELOPER", + "zone": "us-central1-a" + } argumentDocs: - child_policy_tags: |- + BASIC: ', ENTERPRISE, DEVELOPER.' + accelerators: |- - - Resource names of child policy tags of this policy tag. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' + (Optional) + List of accelerators enabled for this CDF instance. + If accelerators are enabled it is possible a permadiff will be created with the Options field. + Users will need to either manually update their state file to include these diffed options, or include the field in a lifecycle ignore changes block. + Structure is documented below. + accelerators.accelerator_type: |- + - + (Required) + The type of an accelator for a CDF instance. + Possible values are: CDC, HEALTHCARE, CCAI_INSIGHTS. + accelerators.state: |- + - + (Required) + The type of an accelator for a CDF instance. + Possible values are: ENABLED, DISABLED. + api_endpoint: |- + - + Endpoint on which the REST APIs is accessible. + create: '- Default is 90 minutes.' + create_time: |- + - + The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + crypto_key_config: |- + - + (Optional) + The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature. + Structure is documented below. + crypto_key_config.key_reference: |- + - + (Required) + The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects//locations//keyRings//cryptoKeys/. + dataproc_service_account: |- + - + (Optional) + User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. + delete: '- Default is 50 minutes.' description: |- - (Optional) - Description of this policy tag. It must: contain only unicode characters, tabs, - newlines, carriage returns and page breaks; and be at most 2000 bytes long when - encoded in UTF-8. If not set, defaults to an empty description. - If not set, defaults to an empty description. + An optional description of the instance. display_name: |- + - + (Optional) + Display name for an instance. + effective_labels: for all of the labels present on the resource. + enable_rbac: |- + - + (Optional) + Option to enable granular role-based access control. + enable_stackdriver_logging: |- + - + (Optional) + Option to enable Stackdriver Logging. + enable_stackdriver_monitoring: |- + - + (Optional) + Option to enable Stackdriver Monitoring. + event_publish_config: |- + - + (Optional) + Option to enable and pass metadata for event publishing. + Structure is documented below. + event_publish_config.enabled: |- - (Required) - User defined name of this policy tag. It must: be unique within the parent - taxonomy; contain only unicode letters, numbers, underscores, dashes and spaces; - not start or end with spaces; and be at most 200 bytes long when encoded in UTF-8. - id: '- an identifier for the resource with format {{name}}' + Option to enable Event Publishing. + event_publish_config.topic: |- + - + (Required) + The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id} + gcs_bucket: |- + - + Cloud Storage bucket generated by Data Fusion in the customer project. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' + labels: |- + - + (Optional) + The resource labels for instance to use to annotate any related underlying resources, + such as Compute Engine VMs. name: |- - - Resource name of this policy tag, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}" - parent_policy_tag: |- + (Required) + The ID of the instance or a fully qualified identifier for the instance. + network_config: |- - (Optional) - Resource name of this policy tag's parent policy tag. - If empty, it means this policy tag is a top level policy tag. - If not set, defaults to an empty string. - taxonomy: |- + Network configuration options. These are required when a private Data Fusion instance is to be created. + Structure is documented below. + network_config.ip_allocation: |- - (Required) - Taxonomy the policy tag is associated with - update: '- Default is 20 minutes.' + The IP range in CIDR notation to use for the managed Data Fusion instance + nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. + network_config.network: |- + - + (Required) + Name of the network in the project with which the tenant project + will be peered for executing pipelines. In case of shared VPC where the network resides in another host + project the network should specified in the form of projects/{host-project-id}/global/networks/{network} + options: |- + - + (Optional) + Map of additional options used to configure the behavior of Data Fusion instance. + p4_service_account: |- + - + P4 service account for the customer project. + private_instance: |- + - + (Optional) + Specifies whether the Data Fusion instance should be private. If set to + true, all Data Fusion nodes will have private IP addresses and will not be + able to access the public internet. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The region of the Data Fusion instance. + service_account: |- + - + (Beta, Deprecated) + Service account which will be used to access resources in the customer project. + service_endpoint: |- + - + Endpoint on which the Data Fusion UI and REST APIs are accessible. + state: |- + - + The current state of this Data Fusion instance. + state_message: |- + - + Additional information about the current state of this Data Fusion instance if available. + tenant_project_id: |- + - + The name of the tenant project. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + type: |- + - + (Required) + Represents the type of Data Fusion instance. Each type is configured with + the default settings for processing and memory. + update: '- Default is 25 minutes.' + update_time: |- + - + The time the instance was last updated in RFC3339 UTC "Zulu" format, accurate to nanoseconds. + version: |- + - + (Optional) + Current version of the Data Fusion. + zone: |- + - + (Optional) + Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. importStatements: [] - google_data_catalog_policy_tag_iam_policy: - subCategory: Data catalog - description: Collection of resources to manage IAM policy for Data catalog PolicyTag - name: google_data_catalog_policy_tag_iam_policy + google_data_fusion_instance_iam_policy: + subCategory: Cloud Data Fusion + description: Collection of resources to manage IAM policy for Cloud Data Fusion Instance + name: google_data_fusion_instance_iam_policy title: "" examples: - name: policy manifest: |- { + "name": "${google_data_fusion_instance.basic_instance.name}", "policy_data": "${data.google_iam_policy.admin.policy_data}", - "policy_tag": "${google_data_catalog_policy_tag.basic_policy_tag.name}" + "project": "${google_data_fusion_instance.basic_instance.project}", + "region": "${google_data_fusion_instance.basic_instance.region}" } references: + name: google_data_fusion_instance.basic_instance.name policy_data: data.google_iam_policy.admin.policy_data - policy_tag: google_data_catalog_policy_tag.basic_policy_tag.name + project: google_data_fusion_instance.basic_instance.project + region: google_data_fusion_instance.basic_instance.region argumentDocs: etag: '- (Computed) The etag of the IAM policy.' - google_data_catalog_policy_tag_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.' - google_data_catalog_policy_tag_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.' - google_data_catalog_policy_tag_iam_policy: ': Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.' + google_data_fusion_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.' + google_data_fusion_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.' + google_data_fusion_instance_iam_policy: ': Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.' member/members: |- - (Required) Identities that will be granted the privilege in role. Each entry can have one of the following values: + name: '- (Required) Used to find the parent resource to bind the IAM policy to' policy_data: |- - - (Required only by google_data_catalog_policy_tag_iam_policy) The policy data generated by + - (Required only by google_data_fusion_instance_iam_policy) The policy data generated by a google_iam_policy data source. - policy_tag: '- (Required) Used to find the parent resource to bind the IAM policy to' + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + region: |- + - (Optional) The region of the Data Fusion instance. + Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no + region is specified, it is taken from the provider configuration. role: |- - (Required) The role that should be applied. Only one - google_data_catalog_policy_tag_iam_binding can be used per role. Note that custom roles must be of the format + google_data_fusion_instance_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] - google_data_catalog_tag: - subCategory: Data catalog - description: Tags are used to attach custom metadata to Data Catalog resources. - name: google_data_catalog_tag + google_data_loss_prevention_deidentify_template: + subCategory: Data loss prevention + description: Allows creation of templates to de-identify content. + name: google_data_loss_prevention_deidentify_template title: "" examples: - - name: basic_tag + - name: basic manifest: |- { - "fields": [ - { - "field_name": "source", - "string_value": "my-string" - } - ], - "parent": "${google_data_catalog_entry.entry.id}", - "template": "${google_data_catalog_tag_template.tag_template.id}" - } - references: - parent: google_data_catalog_entry.entry.id - template: google_data_catalog_tag_template.tag_template.id - dependencies: - google_data_catalog_entry.entry: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "user_specified_system": "SomethingExternal", - "user_specified_type": "my_custom_type" - } - google_data_catalog_entry_group.entry_group: |- - { - "entry_group_id": "my_entry_group" - } - google_data_catalog_tag_template.tag_template: |- + "deidentify_config": [ { - "display_name": "Demo Tag Template", - "fields": [ - { - "display_name": "Source of data asset", - "field_id": "source", - "is_required": true, - "type": [ - { - "primitive_type": "STRING" - } - ] - }, + "info_type_transformations": [ { - "display_name": "Number of rows in the data asset", - "field_id": "num_rows", - "type": [ + "transformations": [ { - "primitive_type": "DOUBLE" - } - ] - }, - { - "display_name": "PII type", - "field_id": "pii_type", - "type": [ + "info_types": [ + { + "name": "FIRST_NAME" + } + ], + "primitive_transformation": [ + { + "replace_with_info_type_config": true + } + ] + }, { - "enum_type": [ + "info_types": [ { - "allowed_values": [ - { - "display_name": "EMAIL" - }, - { - "display_name": "SOCIAL SECURITY NUMBER" - }, + "name": "PHONE_NUMBER" + }, + { + "name": "AGE" + } + ], + "primitive_transformation": [ + { + "replace_config": [ { - "display_name": "NONE" + "new_value": [ + { + "integer_value": 9 + } + ] } ] } ] - } - ] - } - ], - "force_delete": "false", - "region": "us-central1", - "tag_template_id": "my_template" - } - - name: entry_group_tag - manifest: |- - { - "fields": [ - { - "field_name": "source", - "string_value": "my-string" - } - ], - "parent": "${google_data_catalog_entry_group.entry_group.id}", - "template": "${google_data_catalog_tag_template.tag_template.id}" - } - references: - parent: google_data_catalog_entry_group.entry_group.id - template: google_data_catalog_tag_template.tag_template.id - dependencies: - google_data_catalog_entry.first_entry: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "first_entry", - "user_specified_system": "SomethingExternal", - "user_specified_type": "my_custom_type" - } - google_data_catalog_entry.second_entry: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "second_entry", - "user_specified_system": "SomethingElseExternal", - "user_specified_type": "another_custom_type" - } - google_data_catalog_entry_group.entry_group: |- - { - "entry_group_id": "my_entry_group" - } - google_data_catalog_tag_template.tag_template: |- - { - "display_name": "Demo Tag Template", - "fields": [ - { - "display_name": "Source of data asset", - "field_id": "source", - "is_required": true, - "type": [ - { - "primitive_type": "STRING" - } - ] - }, - { - "display_name": "Number of rows in the data asset", - "field_id": "num_rows", - "type": [ + }, { - "primitive_type": "DOUBLE" - } - ] - }, - { - "display_name": "PII type", - "field_id": "pii_type", - "type": [ + "info_types": [ + { + "name": "EMAIL_ADDRESS" + }, + { + "name": "LAST_NAME" + } + ], + "primitive_transformation": [ + { + "character_mask_config": [ + { + "characters_to_ignore": [ + { + "common_characters_to_ignore": "PUNCTUATION" + } + ], + "masking_character": "X", + "number_to_mask": 4, + "reverse_order": true + } + ] + } + ] + }, { - "enum_type": [ + "info_types": [ { - "allowed_values": [ - { - "display_name": "EMAIL" - }, - { - "display_name": "SOCIAL SECURITY NUMBER" - }, + "name": "DATE_OF_BIRTH" + } + ], + "primitive_transformation": [ + { + "replace_config": [ { - "display_name": "NONE" + "new_value": [ + { + "date_value": [ + { + "day": 1, + "month": 1, + "year": 2020 + } + ] + } + ] } ] } ] - } - ] - } - ], - "force_delete": "false", - "region": "us-central1", - "tag_template_id": "my_template" - } - - name: basic_tag - manifest: |- - { - "column": "address", - "fields": [ - { - "field_name": "source", - "string_value": "my-string" - }, - { - "double_value": 5, - "field_name": "num_rows" - }, - { - "enum_value": "EMAIL", - "field_name": "pii_type" - } - ], - "parent": "${google_data_catalog_entry.entry.id}", - "template": "${google_data_catalog_tag_template.tag_template.id}" - } - references: - parent: google_data_catalog_entry.entry.id - template: google_data_catalog_tag_template.tag_template.id - dependencies: - google_data_catalog_entry.entry: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", - "user_specified_system": "SomethingExternal", - "user_specified_type": "my_custom_type" - } - google_data_catalog_entry_group.entry_group: |- - { - "entry_group_id": "my_entry_group" - } - google_data_catalog_tag_template.tag_template: |- - { - "display_name": "Demo Tag Template", - "fields": [ - { - "display_name": "Source of data asset", - "field_id": "source", - "is_required": true, - "type": [ - { - "primitive_type": "STRING" - } - ] - }, - { - "display_name": "Number of rows in the data asset", - "field_id": "num_rows", - "type": [ - { - "primitive_type": "DOUBLE" - } - ] - }, - { - "display_name": "PII type", - "field_id": "pii_type", - "type": [ + }, { - "enum_type": [ + "info_types": [ { - "allowed_values": [ - { - "display_name": "EMAIL" - }, - { - "display_name": "SOCIAL SECURITY NUMBER" - }, + "name": "CREDIT_CARD_NUMBER" + } + ], + "primitive_transformation": [ + { + "crypto_deterministic_config": [ { - "display_name": "NONE" + "context": [ + { + "name": "sometweak" + } + ], + "crypto_key": [ + { + "transient": [ + { + "name": "beep" + } + ] + } + ], + "surrogate_info_type": [ + { + "name": "abc" + } + ] } ] } @@ -57158,1784 +61229,1562 @@ resources: } ] } - ], - "force_delete": "false", - "region": "us-central1", - "tag_template_id": "my_template" - } - - name: second-tag - manifest: |- - { - "column": "first_name", - "fields": [ - { - "field_name": "source", - "string_value": "my-string" - }, - { - "enum_value": "NONE", - "field_name": "pii_type" + ] } ], - "parent": "${google_data_catalog_entry.entry.id}", - "template": "${google_data_catalog_tag_template.tag_template.id}" + "description": "Description", + "display_name": "Displayname", + "parent": "projects/my-project-name" } - references: - parent: google_data_catalog_entry.entry.id - template: google_data_catalog_tag_template.tag_template.id - dependencies: - google_data_catalog_entry.entry: |- - { - "entry_group": "${google_data_catalog_entry_group.entry_group.id}", - "entry_id": "my_entry", - "schema": "{\n \"columns\": [\n {\n \"column\": \"first_name\",\n \"description\": \"First name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"last_name\",\n \"description\": \"Last name\",\n \"mode\": \"REQUIRED\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"address\",\n \"description\": \"Address\",\n \"mode\": \"REPEATED\",\n \"subcolumns\": [\n {\n \"column\": \"city\",\n \"description\": \"City\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n },\n {\n \"column\": \"state\",\n \"description\": \"State\",\n \"mode\": \"NULLABLE\",\n \"type\": \"STRING\"\n }\n ],\n \"type\": \"RECORD\"\n }\n ]\n}\n", - "user_specified_system": "SomethingExternal", - "user_specified_type": "my_custom_type" - } - google_data_catalog_entry_group.entry_group: |- - { - "entry_group_id": "my_entry_group" - } - google_data_catalog_tag_template.tag_template: |- + - name: basic + manifest: |- + { + "deidentify_config": [ { - "display_name": "Demo Tag Template", - "fields": [ - { - "display_name": "Source of data asset", - "field_id": "source", - "is_required": true, - "type": [ - { - "primitive_type": "STRING" - } - ] - }, - { - "display_name": "Number of rows in the data asset", - "field_id": "num_rows", - "type": [ - { - "primitive_type": "DOUBLE" - } - ] - }, + "image_transformations": [ { - "display_name": "PII type", - "field_id": "pii_type", - "type": [ + "transforms": [ { - "enum_type": [ + "redaction_color": [ { - "allowed_values": [ - { - "display_name": "EMAIL" - }, - { - "display_name": "SOCIAL SECURITY NUMBER" - }, + "blue": 1, + "green": 0.2, + "red": 0.5 + } + ], + "selected_info_types": [ + { + "info_types": [ { - "display_name": "NONE" + "name": "COLOR_INFO", + "version": "latest" } ] } ] + }, + { + "all_info_types": [ + {} + ] + }, + { + "all_text": [ + {} + ] } ] } - ], - "force_delete": "false", - "region": "us-central1", - "tag_template_id": "my_template" + ] } + ], + "description": "Description", + "display_name": "Displayname", + "parent": "projects/my-project-name" + } argumentDocs: + bucketing_config.buckets: |- + - + (Optional) + Set of buckets. Ranges must be non-overlapping. + Bucket is represented as a range, along with replacement values. + Structure is documented below. + bucketing_config.buckets.max: |- + - + (Optional) + Upper bound of the range, exclusive; type must match min. + The max block must only contain one argument. See the bucketing_config block description for more information about choosing a data type. + Structure is documented below. + bucketing_config.buckets.min: |- + - + (Optional) + Lower bound of the range, inclusive. Type should be the same as max if used. + The min block must only contain one argument. See the bucketing_config block description for more information about choosing a data type. + Structure is documented below. + bucketing_config.buckets.replacement_value: |- + - + (Required) + Replacement value for this bucket. + The replacement_value block must only contain one argument. + Structure is documented below. + character_mask_config.characters_to_ignore: |- + - + (Optional) + Characters to skip when doing de-identification of a value. These will be left alone and skipped. + Structure is documented below. + character_mask_config.masking_character: |- + - + (Optional) + Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string + such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for + strings, and 0 for digits. + character_mask_config.number_to_mask: |- + - + (Optional) + Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. + character_mask_config.reverse_order: |- + - + (Optional) + Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the + input string 1234-5678-9012-3456 is masked as 00000000000000-3456. + characters_to_ignore: includes - + characters_to_ignore.characters_to_skip: |- + - + (Optional) + Characters to not transform when masking. + characters_to_ignore.common_characters_to_ignore: |- + - + (Optional) + Common characters to not transform when masking. Useful to avoid removing punctuation. + Possible values are: NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE. + condition.expressions: |- + - + (Optional) + An expression. + Structure is documented below. + condition.expressions.conditions: |- + - + (Optional) + Conditions to apply to the expression. + Structure is documented below. + condition.expressions.logical_operator: |- + - + (Optional) + The operator to apply to the result of conditions. Default and currently only supported value is AND + Default value is AND. + Possible values are: AND. + conditions.conditions: |- + - + (Optional) + A collection of conditions. + Structure is documented below. + conditions.conditions.field: |- + - + (Required) + Field within the record this condition is evaluated against. + Structure is documented below. + conditions.conditions.operator: |- + - + (Required) + Operator used to compare the field or infoType to the value. + Possible values are: EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS, LESS_THAN_OR_EQUALS, EXISTS. + conditions.conditions.value: |- + - + (Optional) + Value to compare against. + The value block must only contain one argument. For example when a condition is evaluated against a string-type field, only string_value should be set. + This argument is mandatory, except for conditions using the EXISTS operator. + Structure is documented below. + context.name: |- + - + (Optional) + Name describing the field. create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - fields: |- + create_time: |- + - + The creation timestamp of an deidentifyTemplate. Set by the server. + crypto_deterministic_config.InfoTypeTransformation: |- + is applied to both structured and non-structured ContentItems. + Structure is documented below. + crypto_deterministic_config.context: |- + - + (Optional) + A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. + If the context is not set, plaintext would be used as is for encryption. If the context is set but: + crypto_deterministic_config.crypto_key: |- + - + (Optional) + The key used by the encryption function. + Structure is documented below. + crypto_deterministic_config.surrogate_info_type: |- + - + (Optional) + The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} + For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' + This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. + Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. + In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either + crypto_hash_config.crypto_key: |- + - + (Optional) + The key used by the encryption function. + Structure is documented below. + crypto_hash_config.crypto_key.kms_wrapped: |- + - + (Optional) + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see Creating a wrapped key. + Note: When you use Cloud KMS for cryptographic operations, charges apply. + Structure is documented below. + crypto_hash_config.crypto_key.transient: |- + - + (Optional) + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + Structure is documented below. + crypto_hash_config.crypto_key.unwrapped: |- + - + (Optional) + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + Structure is documented below. + crypto_key.kms_wrapped: |- + - + (Optional) + KMS wrapped key. + Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt + For more information, see Creating a wrapped key. + Note: When you use Cloud KMS for cryptographic operations, charges apply. + Structure is documented below. + crypto_key.transient: |- + - + (Optional) + Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + Structure is documented below. + crypto_key.unwrapped: |- + - + (Optional) + Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + Structure is documented below. + crypto_replace_ffx_fpe_config.InfoTypeTransformation: |- + is applied to both structured and non-structured ContentItems. Currently, the referenced field may be of value type integer or string. + The tweak is constructed as a sequence of bytes in big endian byte order such that: + crypto_replace_ffx_fpe_config.common_alphabet: |- + - + (Optional) + Common alphabets. + Possible values are: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC. + crypto_replace_ffx_fpe_config.context: |- + - + (Optional) + The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. + If the context is set but: + crypto_replace_ffx_fpe_config.crypto_key: |- + - + (Optional) + The key used by the encryption algorithm. + Structure is documented below. + crypto_replace_ffx_fpe_config.custom_alphabet: |- + - + (Optional) + This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/ + crypto_replace_ffx_fpe_config.radix: |- + - + (Optional) + The native way to select the alphabet. Must be in the range [2, 95]. + crypto_replace_ffx_fpe_config.surrogate_info_type: |- + - + (Optional) + The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate + For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' + This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. + In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE + Structure is documented below. + date_shift_config.context: |- + - + (Optional) + Points to the field that contains the context, for example, an entity id. + If set, must also set cryptoKey. If set, shift will be consistent for the given context. + Structure is documented below. + date_shift_config.crypto_key: |- + - + (Optional) + The key used by the encryption function. + Structure is documented below. + date_shift_config.lower_bound_days: |- - (Required) - This maps the ID of a tag field to the value of and additional information about that field. - Valid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields. + Range of shift in days. Negative means shift to earlier in time. + date_shift_config.upper_bound_days: |- + - + (Required) + Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). + Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. + date_value.day: |- + - + (Optional) + Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a + year by itself or a year and month where the day is not significant. + date_value.description: |- + - + (Optional) + A description of the template. + date_value.display_name: |- + - + (Optional) + User set display name of the template. + date_value.month: |- + - + (Optional) + Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. + date_value.template_id: |- + - + (Optional) + The template id can contain uppercase and lowercase letters, numbers, and hyphens; + that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is + 100 characters. Can be empty to allow the system to generate one. + date_value.year: |- + - + (Optional) + Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. + deidentify_config: |- + - + (Required) + Configuration of the deidentify template Structure is documented below. - fields.bool_value: |- + deidentify_config.image_transformations: |- - (Optional) - Holds the value for a tag field with boolean type. - fields.column: |- + Treat the dataset as an image and redact. + Structure is documented below. + deidentify_config.info_type_transformations: |- - (Optional) - Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an - individual column based on that schema. - For attaching a tag to a nested column, use . to separate the column names. Example: - outer_column.inner_column - fields.display_name: |- + Treat the dataset as free-form text and apply the same free text transformation everywhere + Structure is documented below. + deidentify_config.record_transformations: |- - - (Output) - The display name of this field - fields.double_value: |- + (Optional) + Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. + Structure is documented below. + delete: '- Default is 20 minutes.' + field.name: |- - (Optional) - Holds the value for a tag field with double type. - fields.enum_value: |- + Name describing the field. + field_transformations.condition: |- - (Optional) - Holds the value for a tag field with enum type. This value must be one of the allowed values in the definition of this enum. - fields.field_name: '- (Required) The identifier for this object. Format specified above.' - fields.order: |- + Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. + Example Use Cases: + field_transformations.fields: |- - - (Output) - The order of this field with respect to other fields in this tag. For example, a higher value can indicate - a more important field. The value can be negative. Multiple fields can have the same order, and field orders - within a tag do not have to be sequential. - fields.parent: |- + (Required) + Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. + FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type". + Structure is documented below. + field_transformations.info_type_transformations: |- - (Optional) - The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to - all entries in that group. - fields.string_value: |- + Treat the contents of the field as free text, and selectively transform content that matches an InfoType. + Only one of primitive_transformation or info_type_transformations must be specified. + Structure is documented below. + field_transformations.primitive_transformation: |- - (Optional) - Holds the value for a tag field with string type. - fields.timestamp_value: |- + Apply the transformation to the entire field. + The primitive_transformation block must only contain one argument, corresponding to the type of transformation. + Only one of primitive_transformation or info_type_transformations must be specified. + Structure is documented below. + fields.name: |- - (Optional) - Holds the value for a tag field with timestamp type. - id: '- an identifier for the resource with format {{name}}' - name: |- - - - The resource name of the tag in URL format. Example: - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or - projects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id} - where tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name. - template: |- + Name describing the field. + fixed_size_bucketing_config.bucket_size: |- - (Required) - The resource name of the tag template that this tag uses. Example: - projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} - This field cannot be modified after creation. - template_displayname: |- - - - The display name of the tag template. - update: '- Default is 20 minutes.' - importStatements: [] - google_data_catalog_tag_template: - subCategory: Data catalog - description: A tag template defines a tag, which can have one or more typed fields. - name: google_data_catalog_tag_template - title: "" - examples: - - name: basic_tag_template - manifest: |- - { - "display_name": "Demo Tag Template", - "fields": [ - { - "display_name": "Source of data asset", - "field_id": "source", - "is_required": true, - "type": [ - { - "primitive_type": "STRING" - } - ] - }, - { - "display_name": "Number of rows in the data asset", - "field_id": "num_rows", - "type": [ - { - "primitive_type": "DOUBLE" - } - ] - }, - { - "display_name": "PII type", - "field_id": "pii_type", - "type": [ - { - "enum_type": [ - { - "allowed_values": [ - { - "display_name": "EMAIL" - }, - { - "display_name": "SOCIAL SECURITY NUMBER" - }, - { - "display_name": "NONE" - } - ] - } - ] - } - ] - } - ], - "force_delete": "false", - "region": "us-central1", - "tag_template_id": "my_template" - } - argumentDocs: - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - enum_type.allowed_values: |- + Size of each bucket (except for minimum and maximum buckets). + So if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. + Precision up to 2 decimals works. + fixed_size_bucketing_config.lower_bound: |- - (Required) - The set of allowed values for this enum. The display names of the - values must be case-insensitively unique within this set. Currently, - enum values can only be added to the list of allowed values. Deletion - and renaming of enum values are not supported. - Can have up to 500 allowed values. + Lower bound value of buckets. + All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value "-10". + The lower_bound block must only contain one argument. See the fixed_size_bucketing_config block description for more information about choosing a data type. Structure is documented below. - enum_type.allowed_values.display_name: |- + fixed_size_bucketing_config.upper_bound: |- - (Required) - The display name of the enum value. - enum_type.allowed_values.force_delete: |- - - - (Optional) - This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template. - enum_type.allowed_values.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - enum_type.allowed_values.region: |- - - - (Optional) - Template location region. - fields: |- + Upper bound value of buckets. + All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value "89+". + The upper_bound block must only contain one argument. See the fixed_size_bucketing_config block description for more information about choosing a data type. + Structure is documented below. + id: '- an identifier for the resource with format {{parent}}/deidentifyTemplates/{{name}}' + image_transformations.transforms: |- - (Required) - Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it. + For determination of how redaction of images should occur. Structure is documented below. - fields.description: |- + image_transformations.transforms.all_info_types: |- - (Optional) - A description for this field. - fields.display_name: |- + Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes. + image_transformations.transforms.all_text: |- - (Optional) - The display name for this field. - fields.field_id: '- (Required) The identifier for this object. Format specified above.' - fields.is_required: |- + Apply transformation to all text that doesn't match an infoType. + image_transformations.transforms.redaction_color: |- - (Optional) - Whether this is a required field. Defaults to false. - fields.name: |- - - - (Output) - The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field} - fields.order: |- + The color to use when redacting content from an image. If not specified, the default is black. + Structure is documented below. + image_transformations.transforms.selected_info_types: |- - (Optional) - The order of this field with respect to other fields in this tag template. - A higher value indicates a more important field. The value can be negative. - Multiple fields can have the same order, and field orders within a tag do not have to be sequential. - fields.type: |- + Apply transformation to the selected infoTypes. + Structure is documented below. + info_type_transformations.transformations: |- - (Required) - The type of value this tag field can contain. + Transformation for each infoType. Cannot specify more than one for a given infoType. Structure is documented below. - id: '- an identifier for the resource with format {{name}}' - name: |- + info_type_transformations.transformations.info_types: |- - - The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId} - tag_template_id: |- + (Optional) + InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to + all findings that correspond to infoTypes that were requested in InspectConfig. + Structure is documented below. + info_type_transformations.transformations.primitive_transformation: |- - (Required) - The id of the tag template to create. - type.enum_type: |- - - - (Optional) - Represents an enum type. - Exactly one of primitive_type or enum_type must be set + Primitive transformation to apply to the infoType. + The primitive_transformation block must only contain one argument, corresponding to the type of transformation. Structure is documented below. - type.primitive_type: |- + info_types.name: |- - - (Optional) - Represents primitive types - string, bool etc. - Exactly one of primitive_type or enum_type must be set - Possible values are: DOUBLE, STRING, BOOL, TIMESTAMP. - update: '- Default is 20 minutes.' - importStatements: [] - google_data_catalog_tag_template_iam_policy: - subCategory: Data catalog - description: Collection of resources to manage IAM policy for Data catalog TagTemplate - name: google_data_catalog_tag_template_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "tag_template": "${google_data_catalog_tag_template.basic_tag_template.name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - tag_template: google_data_catalog_tag_template.basic_tag_template.name - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_data_catalog_tag_template_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.' - google_data_catalog_tag_template_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.' - google_data_catalog_tag_template_iam_policy: ': Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_data_catalog_tag_template_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_data_catalog_tag_template_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - tag_template: '- (Required) Used to find the parent resource to bind the IAM policy to' - importStatements: [] - google_data_catalog_taxonomy: - subCategory: Data catalog - description: A collection of policy tags that classify data along a common axis. - name: google_data_catalog_taxonomy - title: "" - examples: - - name: basic_taxonomy - manifest: |- - { - "activated_policy_types": [ - "FINE_GRAINED_ACCESS_CONTROL" - ], - "description": "A collection of policy tags", - "display_name": "my_taxonomy" - } - argumentDocs: - activated_policy_types: |- + (Required) + Name of the information type. + info_types.sensitivity_score: |- - (Optional) - A list of policy types that are activated for this taxonomy. If not set, - defaults to an empty list. - Each value may be one of: POLICY_TYPE_UNSPECIFIED, FINE_GRAINED_ACCESS_CONTROL. - create: '- Default is 20 minutes.' - delete: '- Default is 20 minutes.' - description: |- + Optional custom sensitivity for this InfoType. This only applies to data profiling. + Structure is documented below. + info_types.version: |- - (Optional) - Description of this taxonomy. It must: contain only unicode characters, - tabs, newlines, carriage returns and page breaks; and be at most 2000 bytes - long when encoded in UTF-8. If not set, defaults to an empty description. - display_name: |- + Version name for this InfoType. + kms_wrapped.crypto_key_name: |- - (Required) - User defined name of this taxonomy. - The taxonomy display name must be unique within an organization. - It must: contain only unicode letters, numbers, underscores, dashes - and spaces; not start or end with spaces; and be at most 200 bytes - long when encoded in UTF-8. - id: '- an identifier for the resource with format {{name}}' - name: |- + The resource name of the KMS CryptoKey to use for unwrapping. + kms_wrapped.wrapped_key: |- - - Resource name of this taxonomy, whose format is: - "projects/{project}/locations/{region}/taxonomies/{taxonomy}". - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - region: |- + (Required) + The wrapped data crypto key. + A base64-encoded string. + lower_bound.boolean_value: |- - (Optional) - Taxonomy location region. - update: '- Default is 20 minutes.' - importStatements: [] - google_data_catalog_taxonomy_iam_policy: - subCategory: Data catalog - description: Collection of resources to manage IAM policy for Data catalog Taxonomy - name: google_data_catalog_taxonomy_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "taxonomy": "${google_data_catalog_taxonomy.basic_taxonomy.name}" - } - references: - policy_data: data.google_iam_policy.admin.policy_data - taxonomy: google_data_catalog_taxonomy.basic_taxonomy.name - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_data_catalog_taxonomy_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.' - google_data_catalog_taxonomy_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.' - google_data_catalog_taxonomy_iam_policy: ': Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - policy_data: |- - - (Required only by google_data_catalog_taxonomy_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - role: |- - - (Required) The role that should be applied. Only one - google_data_catalog_taxonomy_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - taxonomy: '- (Required) Used to find the parent resource to bind the IAM policy to' - importStatements: [] - google_data_fusion_instance: - subCategory: Cloud Data Fusion - description: Represents a Data Fusion instance. - name: google_data_fusion_instance - title: "" - examples: - - name: basic_instance - manifest: |- - { - "name": "my-instance", - "region": "us-central1", - "type": "BASIC" - } - - name: extended_instance - manifest: |- - { - "accelerators": [ - { - "accelerator_type": "CDC", - "state": "ENABLED" - } - ], - "dataproc_service_account": "${data.google_app_engine_default_service_account.default.email}", - "description": "My Data Fusion instance", - "display_name": "My Data Fusion instance", - "enable_stackdriver_logging": true, - "enable_stackdriver_monitoring": true, - "labels": { - "example_key": "example_value" - }, - "name": "my-instance", - "network_config": [ - { - "ip_allocation": "${google_compute_global_address.private_ip_alloc.address}/${google_compute_global_address.private_ip_alloc.prefix_length}", - "network": "default" - } - ], - "private_instance": true, - "region": "us-central1", - "type": "BASIC" - } - references: - dataproc_service_account: data.google_app_engine_default_service_account.default.email - dependencies: - google_compute_global_address.private_ip_alloc: |- - { - "address_type": "INTERNAL", - "name": "datafusion-ip-alloc", - "network": "${google_compute_network.network.id}", - "prefix_length": 22, - "purpose": "VPC_PEERING" - } - google_compute_network.network: |- - { - "name": "datafusion-full-network" - } - - name: cmek - manifest: |- - { - "crypto_key_config": [ - { - "key_reference": "${google_kms_crypto_key.crypto_key.id}" - } - ], - "depends_on": [ - "${google_kms_crypto_key_iam_member.crypto_key_member}" - ], - "name": "my-instance", - "region": "us-central1", - "type": "BASIC" - } - references: - crypto_key_config.key_reference: google_kms_crypto_key.crypto_key.id - dependencies: - google_kms_crypto_key.crypto_key: |- - { - "key_ring": "${google_kms_key_ring.key_ring.id}", - "name": "my-instance" - } - google_kms_crypto_key_iam_member.crypto_key_member: |- - { - "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", - "member": "serviceAccount:service-${data.google_project.project.number}@gcp-sa-datafusion.iam.gserviceaccount.com", - "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" - } - google_kms_key_ring.key_ring: |- - { - "location": "us-central1", - "name": "my-instance" - } - - name: enterprise_instance - manifest: |- - { - "enable_rbac": true, - "name": "my-instance", - "region": "us-central1", - "type": "ENTERPRISE" - } - - name: event - manifest: |- - { - "event_publish_config": [ - { - "enabled": true, - "topic": "${google_pubsub_topic.event.id}" - } - ], - "name": "my-instance", - "region": "us-central1", - "type": "BASIC" - } - references: - event_publish_config.topic: google_pubsub_topic.event.id - dependencies: - google_pubsub_topic.event: |- - { - "name": "my-instance" - } - - name: zone - manifest: |- - { - "name": "my-instance", - "region": "us-central1", - "type": "DEVELOPER", - "zone": "us-central1-a" - } - argumentDocs: - BASIC: ', ENTERPRISE, DEVELOPER.' - accelerators: |- + A boolean value. + lower_bound.date_value: |- - (Optional) - List of accelerators enabled for this CDF instance. - If accelerators are enabled it is possible a permadiff will be created with the Options field. - Users will need to either manually update their state file to include these diffed options, or include the field in a lifecycle ignore changes block. + Represents a whole or partial calendar date. Structure is documented below. - accelerators.accelerator_type: |- + lower_bound.day_of_week_value: |- - - (Required) - The type of an accelator for a CDF instance. - Possible values are: CDC, HEALTHCARE, CCAI_INSIGHTS. - accelerators.state: |- + (Optional) + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + lower_bound.float_value: |- - - (Required) - The type of an accelator for a CDF instance. - Possible values are: ENABLED, DISABLED. - api_endpoint: |- + (Optional) + A float value. + lower_bound.integer_value: |- - - Endpoint on which the REST APIs is accessible. - create: '- Default is 90 minutes.' - create_time: |- + (Optional) + An integer value (int64 format) + lower_bound.string_value: |- - - The time the instance was created in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - crypto_key_config: |- + (Optional) + A string value. + lower_bound.time_value: |- - (Optional) - The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature. + Represents a time of day. Structure is documented below. - crypto_key_config.key_reference: |- + lower_bound.timestamp_value: |- - - (Required) - The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects//locations//keyRings//cryptoKeys/. - dataproc_service_account: |- + (Optional) + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + masking_character: is * + max.boolean_value: |- - (Optional) - User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines. - delete: '- Default is 50 minutes.' - description: |- + A boolean value. + max.date_value: |- - (Optional) - An optional description of the instance. - display_name: |- + Represents a whole or partial calendar date. + Structure is documented below. + max.day_of_week_value: |- - (Optional) - Display name for an instance. - effective_labels: for all of the labels present on the resource. - enable_rbac: |- + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + max.float_value: |- - (Optional) - Option to enable granular role-based access control. - enable_stackdriver_logging: |- + A float value. + max.integer_value: |- - (Optional) - Option to enable Stackdriver Logging. - enable_stackdriver_monitoring: |- + An integer value (int64 format) + max.string_value: |- - (Optional) - Option to enable Stackdriver Monitoring. - event_publish_config: |- + A string value. + max.time_value: |- - (Optional) - Option to enable and pass metadata for event publishing. + Represents a time of day. Structure is documented below. - event_publish_config.enabled: |- - - - (Required) - Option to enable Event Publishing. - event_publish_config.topic: |- - - - (Required) - The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id} - gcs_bucket: |- - - - Cloud Storage bucket generated by Data Fusion in the customer project. - id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}' - labels: |- + max.timestamp_value: |- - (Optional) - The resource labels for instance to use to annotate any related underlying resources, - such as Compute Engine VMs. - name: |- + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + min.boolean_value: |- - - (Required) - The ID of the instance or a fully qualified identifier for the instance. - network_config: |- + (Optional) + A boolean value. + min.date_value: |- - (Optional) - Network configuration options. These are required when a private Data Fusion instance is to be created. + Represents a whole or partial calendar date. Structure is documented below. - network_config.ip_allocation: |- - - - (Required) - The IP range in CIDR notation to use for the managed Data Fusion instance - nodes. This range must not overlap with any other ranges used in the Data Fusion instance network. - network_config.network: |- - - - (Required) - Name of the network in the project with which the tenant project - will be peered for executing pipelines. In case of shared VPC where the network resides in another host - project the network should specified in the form of projects/{host-project-id}/global/networks/{network} - options: |- + min.day_of_week_value: |- - (Optional) - Map of additional options used to configure the behavior of Data Fusion instance. - p4_service_account: |- - - - P4 service account for the customer project. - private_instance: |- + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + min.float_value: |- - (Optional) - Specifies whether the Data Fusion instance should be private. If set to - true, all Data Fusion nodes will have private IP addresses and will not be - able to access the public internet. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - region: |- + A float value. + min.integer_value: |- - (Optional) - The region of the Data Fusion instance. - service_account: |- - - - (Beta, Deprecated) - Service account which will be used to access resources in the customer project. - service_endpoint: |- - - - Endpoint on which the Data Fusion UI and REST APIs are accessible. - state: |- + An integer value (int64 format) + min.string_value: |- - - The current state of this Data Fusion instance. - state_message: |- + (Optional) + A string value. + min.time_value: |- - - Additional information about the current state of this Data Fusion instance if available. - tenant_project_id: |- + (Optional) + Represents a time of day. + Structure is documented below. + min.timestamp_value: |- - - The name of the tenant project. - terraform_labels: |- + (Optional) + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + name: |- - - The combination of labels configured directly on the resource - and default labels configured on the provider. - type: |- + The resource name of the template. Set by the server. + number_to_mask: is -4 + parent: |- - (Required) - Represents the type of Data Fusion instance. Each type is configured with - the default settings for processing and memory. - update: '- Default is 25 minutes.' - update_time: |- - - - The time the instance was last updated in RFC3339 UTC "Zulu" format, accurate to nanoseconds. - version: |- + The parent of the template in any of the following formats: + primitive_transformation.bucketing_config: |- - (Optional) - Current version of the Data Fusion. - zone: |- + Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH + This can be used on data of type: number, long, string, timestamp. + If the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. + See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. + Structure is documented below. + primitive_transformation.character_mask_config: |- - (Optional) - Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field. - importStatements: [] - google_data_fusion_instance_iam_policy: - subCategory: Cloud Data Fusion - description: Collection of resources to manage IAM policy for Cloud Data Fusion Instance - name: google_data_fusion_instance_iam_policy - title: "" - examples: - - name: policy - manifest: |- - { - "name": "${google_data_fusion_instance.basic_instance.name}", - "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_data_fusion_instance.basic_instance.project}", - "region": "${google_data_fusion_instance.basic_instance.region}" - } - references: - name: google_data_fusion_instance.basic_instance.name - policy_data: data.google_iam_policy.admin.policy_data - project: google_data_fusion_instance.basic_instance.project - region: google_data_fusion_instance.basic_instance.region - argumentDocs: - etag: '- (Computed) The etag of the IAM policy.' - google_data_fusion_instance_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.' - google_data_fusion_instance_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.' - google_data_fusion_instance_iam_policy: ': Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.' - member/members: |- - - (Required) Identities that will be granted the privilege in role. - Each entry can have one of the following values: - name: '- (Required) Used to find the parent resource to bind the IAM policy to' - policy_data: |- - - (Required only by google_data_fusion_instance_iam_policy) The policy data generated by - a google_iam_policy data source. - project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - region: |- - - (Optional) The region of the Data Fusion instance. - Used to find the parent resource to bind the IAM policy to. If not specified, - the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no - region is specified, it is taken from the provider configuration. - role: |- - - (Required) The role that should be applied. Only one - google_data_fusion_instance_iam_binding can be used per role. Note that custom roles must be of the format - [projects|organizations]/{parent-name}/roles/{role-name}. - importStatements: [] - google_data_loss_prevention_deidentify_template: - subCategory: Data loss prevention - description: Allows creation of templates to de-identify content. - name: google_data_loss_prevention_deidentify_template - title: "" - examples: - - name: basic - manifest: |- - { - "deidentify_config": [ - { - "info_type_transformations": [ - { - "transformations": [ - { - "info_types": [ - { - "name": "FIRST_NAME" - } - ], - "primitive_transformation": [ - { - "replace_with_info_type_config": true - } - ] - }, - { - "info_types": [ - { - "name": "PHONE_NUMBER" - }, - { - "name": "AGE" - } - ], - "primitive_transformation": [ - { - "replace_config": [ - { - "new_value": [ - { - "integer_value": 9 - } - ] - } - ] - } - ] - }, - { - "info_types": [ - { - "name": "EMAIL_ADDRESS" - }, - { - "name": "LAST_NAME" - } - ], - "primitive_transformation": [ - { - "character_mask_config": [ - { - "characters_to_ignore": [ - { - "common_characters_to_ignore": "PUNCTUATION" - } - ], - "masking_character": "X", - "number_to_mask": 4, - "reverse_order": true - } - ] - } - ] - }, - { - "info_types": [ - { - "name": "DATE_OF_BIRTH" - } - ], - "primitive_transformation": [ - { - "replace_config": [ - { - "new_value": [ - { - "date_value": [ - { - "day": 1, - "month": 1, - "year": 2020 - } - ] - } - ] - } - ] - } - ] - }, - { - "info_types": [ - { - "name": "CREDIT_CARD_NUMBER" - } - ], - "primitive_transformation": [ - { - "crypto_deterministic_config": [ - { - "context": [ - { - "name": "sometweak" - } - ], - "crypto_key": [ - { - "transient": [ - { - "name": "beep" - } - ] - } - ], - "surrogate_info_type": [ - { - "name": "abc" - } - ] - } - ] - } - ] - } - ] - } - ] - } - ], - "description": "Description", - "display_name": "Displayname", - "parent": "projects/my-project-name" - } - - name: basic - manifest: |- - { - "deidentify_config": [ - { - "image_transformations": [ - { - "transforms": [ - { - "redaction_color": [ - { - "blue": 1, - "green": 0.2, - "red": 0.5 - } - ], - "selected_info_types": [ - { - "info_types": [ - { - "name": "COLOR_INFO", - "version": "latest" - } - ] - } - ] - }, - { - "all_info_types": [ - {} - ] - }, - { - "all_text": [ - {} - ] - } - ] - } - ] - } - ], - "description": "Description", - "display_name": "Displayname", - "parent": "projects/my-project-name" - } - argumentDocs: - bucketing_config.buckets: |- + Partially mask a string by replacing a given number of characters with a fixed character. + Masking can start from the beginning or end of the string. + Structure is documented below. + primitive_transformation.crypto_deterministic_config: |- - (Optional) - Set of buckets. Ranges must be non-overlapping. - Bucket is represented as a range, along with replacement values. + Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. Structure is documented below. - bucketing_config.buckets.max: |- + primitive_transformation.crypto_hash_config: |- - (Optional) - Upper bound of the range, exclusive; type must match min. - The max block must only contain one argument. See the bucketing_config block description for more information about choosing a data type. + Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. + Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). + Currently, only string and integer values can be hashed. + See https://cloud.google.com/dlp/docs/pseudonymization to learn more. Structure is documented below. - bucketing_config.buckets.min: |- + primitive_transformation.crypto_replace_ffx_fpe_config: |- - (Optional) - Lower bound of the range, inclusive. Type should be the same as max if used. - The min block must only contain one argument. See the bucketing_config block description for more information about choosing a data type. + Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the content.reidentify API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. + Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. Structure is documented below. - bucketing_config.buckets.replacement_value: |- + primitive_transformation.date_shift_config: |- - - (Required) - Replacement value for this bucket. - The replacement_value block must only contain one argument. + (Optional) + Shifts dates by random number of days, with option to be consistent for the same context. Structure is documented below. - character_mask_config.characters_to_ignore: |- + primitive_transformation.fixed_size_bucketing_config: |- - (Optional) - Characters to skip when doing de-identification of a value. These will be left alone and skipped. + Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. + The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". + This can be used on data of type: double, long. + If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. + See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. Structure is documented below. - character_mask_config.masking_character: |- + primitive_transformation.redact_config: |- - (Optional) - Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string - such as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for - strings, and 0 for digits. - character_mask_config.number_to_mask: |- + Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. + primitive_transformation.replace_config: |- - (Optional) - Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally. - character_mask_config.reverse_order: |- + Replace each input value with a given value. + Structure is documented below. + primitive_transformation.replace_dictionary_config: |- - (Optional) - Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is false, then the - input string 1234-5678-9012-3456 is masked as 00000000000000-3456. - characters_to_ignore: includes - - characters_to_ignore.characters_to_skip: |- + Replace with a value randomly drawn (with replacement) from a dictionary. + Structure is documented below. + primitive_transformation.replace_with_info_type_config: |- - (Optional) - Characters to not transform when masking. - characters_to_ignore.common_characters_to_ignore: |- + Replace each matching finding with the name of the info type. + primitive_transformation.time_part_config: |- - (Optional) - Common characters to not transform when masking. Useful to avoid removing punctuation. - Possible values are: NUMERIC, ALPHA_UPPER_CASE, ALPHA_LOWER_CASE, PUNCTUATION, WHITESPACE. - condition.expressions: |- + For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value. + Structure is documented below. + record_suppressions.condition: |- - (Optional) - An expression. + A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. Structure is documented below. - condition.expressions.conditions: |- + record_suppressions.condition.expressions: |- + - + (Optional) + An expression, consisting of an operator and conditions. + Structure is documented below. + record_suppressions.condition.expressions.conditions: |- - (Optional) Conditions to apply to the expression. Structure is documented below. - condition.expressions.logical_operator: |- + record_suppressions.condition.expressions.logical_operator: |- - (Optional) - The operator to apply to the result of conditions. Default and currently only supported value is AND + The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value is AND. Possible values are: AND. - conditions.conditions: |- + record_transformations.field_transformations: |- - (Optional) - A collection of conditions. + Transform the record by applying various field transformations. Structure is documented below. - conditions.conditions.field: |- + record_transformations.record_suppressions: |- - - (Required) - Field within the record this condition is evaluated against. + (Optional) + Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. Structure is documented below. - conditions.conditions.operator: |- + redaction_color.blue: |- + - + (Optional) + The amount of blue in the color as a value in the interval [0, 1]. + redaction_color.green: |- + - + (Optional) + The amount of green in the color as a value in the interval [0, 1]. + redaction_color.red: |- + - + (Optional) + The amount of red in the color as a value in the interval [0, 1]. + replace_config.new_value: |- - (Required) - Operator used to compare the field or infoType to the value. - Possible values are: EQUAL_TO, NOT_EQUAL_TO, GREATER_THAN, LESS_THAN, GREATER_THAN_OR_EQUALS, LESS_THAN_OR_EQUALS, EXISTS. - conditions.conditions.value: |- + Replace each input value with a given value. + The new_value block must only contain one argument. For example when replacing the contents of a string-type field, only string_value should be set. + Structure is documented below. + replace_config.new_value.boolean_value: |- + - + (Optional) + A boolean value. + replace_config.new_value.date_value: |- + - + (Optional) + Represents a whole or partial calendar date. + Structure is documented below. + replace_config.new_value.day_of_week_value: |- + - + (Optional) + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + replace_config.new_value.float_value: |- + - + (Optional) + A float value. + replace_config.new_value.integer_value: |- + - + (Optional) + An integer value. + replace_config.new_value.string_value: |- + - + (Optional) + A string value. + replace_config.new_value.time_value: |- - (Optional) - Value to compare against. - The value block must only contain one argument. For example when a condition is evaluated against a string-type field, only string_value should be set. - This argument is mandatory, except for conditions using the EXISTS operator. + Represents a time of day. Structure is documented below. - context.name: |- + replace_config.new_value.timestamp_value: |- - (Optional) - Name describing the field. - create: '- Default is 20 minutes.' - create_time: |- + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + replace_dictionary_config.word_list: |- - - The creation timestamp of an deidentifyTemplate. Set by the server. - crypto_deterministic_config.InfoTypeTransformation: |- - is applied to both structured and non-structured ContentItems. + (Required) + A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries. Structure is documented below. - crypto_deterministic_config.context: |- + replace_dictionary_config.word_list.words: |- + - + (Required) + Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. + replacement_value.boolean_value: |- - (Optional) - A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well. - If the context is not set, plaintext would be used as is for encryption. If the context is set but: - crypto_deterministic_config.crypto_key: |- + A boolean value. + replacement_value.date_value: |- - (Optional) - The key used by the encryption function. + Represents a whole or partial calendar date. Structure is documented below. - crypto_deterministic_config.surrogate_info_type: |- + replacement_value.day_of_week_value: |- - (Optional) - The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate} - For example, if the name of custom info type is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' - This annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text. - Note: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text. - In order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either - crypto_hash_config.crypto_key: |- + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + replacement_value.float_value: |- - (Optional) - The key used by the encryption function. - Structure is documented below. - crypto_hash_config.crypto_key.kms_wrapped: |- + A float value. + replacement_value.integer_value: |- - (Optional) - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see Creating a wrapped key. - Note: When you use Cloud KMS for cryptographic operations, charges apply. - Structure is documented below. - crypto_hash_config.crypto_key.transient: |- + An integer value (int64 format) + replacement_value.string_value: |- - (Optional) - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. - Structure is documented below. - crypto_hash_config.crypto_key.unwrapped: |- + A string value. + replacement_value.time_value: |- - (Optional) - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + Represents a time of day. Structure is documented below. - crypto_key.kms_wrapped: |- + replacement_value.timestamp_value: |- - (Optional) - KMS wrapped key. - Include to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt - For more information, see Creating a wrapped key. - Note: When you use Cloud KMS for cryptographic operations, charges apply. - Structure is documented below. - crypto_key.transient: |- + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + reverse_order: is false + selected_info_types.info_types: |- - - (Optional) - Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. + (Required) + InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to + all findings that correspond to infoTypes that were requested in InspectConfig. Structure is documented below. - crypto_key.unwrapped: |- + selected_info_types.info_types.name: |- + - + (Required) + Name of the information type. + selected_info_types.info_types.sensitivity_score: |- - (Optional) - Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. + Optional custom sensitivity for this InfoType. This only applies to data profiling. Structure is documented below. - crypto_replace_ffx_fpe_config.InfoTypeTransformation: |- - is applied to both structured and non-structured ContentItems. Currently, the referenced field may be of value type integer or string. - The tweak is constructed as a sequence of bytes in big endian byte order such that: - crypto_replace_ffx_fpe_config.common_alphabet: |- + selected_info_types.info_types.version: |- - (Optional) - Common alphabets. - Possible values are: FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED, NUMERIC, HEXADECIMAL, UPPER_CASE_ALPHA_NUMERIC, ALPHA_NUMERIC. - crypto_replace_ffx_fpe_config.context: |- + Version name for this InfoType. + sensitivity_score.score: |- + - + (Required) + The sensitivity score applied to the resource. + Possible values are: SENSITIVITY_LOW, SENSITIVITY_MODERATE, SENSITIVITY_HIGH. + surrogate_info_type.name: |- - (Optional) - The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used. - If the context is set but: - crypto_replace_ffx_fpe_config.crypto_key: |- + Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$-_]{1,64}. + surrogate_info_type.sensitivity_score: |- - (Optional) - The key used by the encryption algorithm. + Optional custom sensitivity for this InfoType. This only applies to data profiling. Structure is documented below. - crypto_replace_ffx_fpe_config.custom_alphabet: |- + surrogate_info_type.version: |- - (Optional) - This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range [2, 95]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is: - 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~`!@#$%^&*()_-+={[}]|:;"'<,>.?/ - crypto_replace_ffx_fpe_config.radix: |- + Optional version name for this InfoType. + time_part_config.part_to_extract: |- - (Optional) - The native way to select the alphabet. Must be in the range [2, 95]. - crypto_replace_ffx_fpe_config.surrogate_info_type: |- + The part of the time to keep. + Possible values are: YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY. + time_value.hours: |- - (Optional) - The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info_type_name(surrogate_character_count):surrogate - For example, if the name of custom infoType is 'MY_TOKEN_INFO_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY_TOKEN_INFO_TYPE(3):abc' - This annotation identifies the surrogate when inspecting content using the custom infoType SurrogateType. This facilitates reversal of the surrogate when it occurs in free text. - In order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY_TOKEN_TYPE - Structure is documented below. - date_shift_config.context: |- + Hours of day in 24 hour format. Should be from 0 to 23. + time_value.minutes: |- - (Optional) - Points to the field that contains the context, for example, an entity id. - If set, must also set cryptoKey. If set, shift will be consistent for the given context. - Structure is documented below. - date_shift_config.crypto_key: |- + Minutes of hour of day. Must be from 0 to 59. + time_value.nanos: |- - (Optional) - The key used by the encryption function. - Structure is documented below. - date_shift_config.lower_bound_days: |- + Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. + time_value.seconds: |- + - + (Optional) + Seconds of minutes of the time. Must normally be from 0 to 59. + transient.name: |- - (Required) - Range of shift in days. Negative means shift to earlier in time. - date_shift_config.upper_bound_days: |- + Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). + unwrapped.key: |- - (Required) - Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). - Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction. - date_value.day: |- + A 128/192/256 bit key. + A base64-encoded string. + update: '- Default is 20 minutes.' + update_time: |- - - (Optional) - Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a - year by itself or a year and month where the day is not significant. - date_value.description: |- + The last update timestamp of an deidentifyTemplate. Set by the server. + upper_bound.boolean_value: |- - (Optional) - A description of the template. - date_value.display_name: |- + A boolean value. + upper_bound.date_value: |- - (Optional) - User set display name of the template. - date_value.month: |- + Represents a whole or partial calendar date. + Structure is documented below. + upper_bound.day_of_week_value: |- - (Optional) - Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day. - date_value.template_id: |- + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + upper_bound.float_value: |- - (Optional) - The template id can contain uppercase and lowercase letters, numbers, and hyphens; - that is, it must match the regular expression: [a-zA-Z\d-_]+. The maximum length is - 100 characters. Can be empty to allow the system to generate one. - date_value.year: |- + A float value. + upper_bound.integer_value: |- - (Optional) - Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year. - deidentify_config: |- - - - (Required) - Configuration of the deidentify template - Structure is documented below. - deidentify_config.image_transformations: |- + An integer value (int64 format) + upper_bound.string_value: |- - (Optional) - Treat the dataset as an image and redact. - Structure is documented below. - deidentify_config.info_type_transformations: |- + A string value. + upper_bound.time_value: |- - (Optional) - Treat the dataset as free-form text and apply the same free text transformation everywhere + Represents a time of day. Structure is documented below. - deidentify_config.record_transformations: |- + upper_bound.timestamp_value: |- - (Optional) - Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table. - Structure is documented below. - delete: '- Default is 20 minutes.' - field.name: |- + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + value.boolean_value: |- - (Optional) - Name describing the field. - field_transformations.condition: |- + A boolean value. + value.date_value: |- - (Optional) - Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation. - Example Use Cases: - field_transformations.fields: |- - - - (Required) - Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId. - FieldId name matching ignores the index. For example, instead of "contact.nums[0].type", use "contact.nums.type". + Represents a whole or partial calendar date. Structure is documented below. - field_transformations.info_type_transformations: |- + value.day_of_week_value: |- - (Optional) - Treat the contents of the field as free text, and selectively transform content that matches an InfoType. - Only one of primitive_transformation or info_type_transformations must be specified. - Structure is documented below. - field_transformations.primitive_transformation: |- + Represents a day of the week. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + value.float_value: |- - (Optional) - Apply the transformation to the entire field. - The primitive_transformation block must only contain one argument, corresponding to the type of transformation. - Only one of primitive_transformation or info_type_transformations must be specified. - Structure is documented below. - fields.name: |- + A float value. + value.integer_value: |- - (Optional) - Name describing the field. - fixed_size_bucketing_config.bucket_size: |- - - - (Required) - Size of each bucket (except for minimum and maximum buckets). - So if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+. - Precision up to 2 decimals works. - fixed_size_bucketing_config.lower_bound: |- - - - (Required) - Lower bound value of buckets. - All values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value "-10". - The lower_bound block must only contain one argument. See the fixed_size_bucketing_config block description for more information about choosing a data type. - Structure is documented below. - fixed_size_bucketing_config.upper_bound: |- - - - (Required) - Upper bound value of buckets. - All values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value "89+". - The upper_bound block must only contain one argument. See the fixed_size_bucketing_config block description for more information about choosing a data type. - Structure is documented below. - id: '- an identifier for the resource with format {{parent}}/deidentifyTemplates/{{name}}' - image_transformations.transforms: |- + An integer value (int64 format) + value.string_value: |- - - (Required) - For determination of how redaction of images should occur. - Structure is documented below. - image_transformations.transforms.all_info_types: |- + (Optional) + A string value. + value.time_value: |- - (Optional) - Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes. - image_transformations.transforms.all_text: |- + Represents a time of day. + Structure is documented below. + value.timestamp_value: |- - (Optional) - Apply transformation to all text that doesn't match an infoType. - image_transformations.transforms.redaction_color: |- + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] + google_data_loss_prevention_discovery_config: + subCategory: Data loss prevention + description: Configuration for discovery to scan resources for profile generation. + name: google_data_loss_prevention_discovery_config + title: "" + examples: + - name: basic + manifest: |- + { + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "parent": "projects/my-project-name/locations/us", + "status": "RUNNING", + "targets": [ + { + "big_query_target": [ + { + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + - name: actions + manifest: |- + { + "actions": [ + { + "export_data": [ + { + "profile_table": [ + { + "dataset_id": "dataset", + "project_id": "project", + "table_id": "table" + } + ] + } + ] + }, + { + "pub_sub_notification": [ + { + "detail_of_message": "TABLE_PROFILE", + "event": "NEW_PROFILE", + "pubsub_condition": [ + { + "expressions": [ + { + "conditions": [ + { + "minimum_sensitivity_score": "HIGH" + } + ], + "logical_operator": "OR" + } + ] + } + ], + "topic": "projects//topics/${google_pubsub_topic.actions.name}" + } + ] + } + ], + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "parent": "projects/my-project-name/locations/us", + "status": "RUNNING", + "targets": [ + { + "big_query_target": [ + { + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + google_pubsub_topic.actions: |- + { + "name": "fake-topic" + } + - name: org_running + manifest: |- + { + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "org_config": [ + { + "location": [ + { + "organization_id": "123456789" + } + ], + "project_id": "my-project-name" + } + ], + "parent": "organizations/123456789/locations/us", + "status": "RUNNING", + "targets": [ + { + "big_query_target": [ + { + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + - name: org_folder_paused + manifest: |- + { + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "org_config": [ + { + "location": [ + { + "folder_id": 123 + } + ], + "project_id": "my-project-name" + } + ], + "parent": "organizations/123456789/locations/us", + "status": "PAUSED", + "targets": [ + { + "big_query_target": [ + { + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + - name: conditions_cadence + manifest: |- + { + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "parent": "projects/my-project-name/locations/us", + "status": "RUNNING", + "targets": [ + { + "big_query_target": [ + { + "cadence": [ + { + "schema_modified_cadence": [ + { + "frequency": "UPDATE_FREQUENCY_DAILY", + "types": [ + "SCHEMA_NEW_COLUMNS" + ] + } + ], + "table_modified_cadence": [ + { + "frequency": "UPDATE_FREQUENCY_DAILY", + "types": [ + "TABLE_MODIFIED_TIMESTAMP" + ] + } + ] + } + ], + "conditions": [ + { + "type_collection": "BIG_QUERY_COLLECTION_ALL_TYPES" + } + ], + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + - name: filter_regexes_and_conditions + manifest: |- + { + "inspect_templates": [ + "projects//inspectTemplates/${google_data_loss_prevention_inspect_template.basic.name}" + ], + "location": "us", + "parent": "projects/my-project-name/locations/us", + "status": "RUNNING", + "targets": [ + { + "big_query_target": [ + { + "conditions": [ + { + "created_after": "2023-10-02T15:01:23Z", + "or_conditions": [ + { + "min_age": "10800s", + "min_row_count": 10 + } + ], + "types": [ + { + "types": [ + "BIG_QUERY_TABLE_TYPE_TABLE", + "BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE" + ] + } + ] + } + ], + "filter": [ + { + "tables": [ + { + "include_regexes": [ + { + "patterns": [ + { + "dataset_id_regex": ".*", + "project_id_regex": ".*", + "table_id_regex": ".*" + } + ] + } + ] + } + ] + } + ] + } + ] + }, + { + "big_query_target": [ + { + "filter": [ + { + "other_tables": [ + {} + ] + } + ] + } + ] + } + ] + } + dependencies: + google_data_loss_prevention_inspect_template.basic: |- + { + "description": "My description", + "display_name": "display_name", + "inspect_config": [ + { + "info_types": [ + { + "name": "EMAIL_ADDRESS" + } + ] + } + ], + "parent": "projects/my-project-name" + } + argumentDocs: + actions: |- - (Optional) - The color to use when redacting content from an image. If not specified, the default is black. + Actions to execute at the completion of scanning Structure is documented below. - image_transformations.transforms.selected_info_types: |- + actions.export_data: |- - (Optional) - Apply transformation to the selected infoTypes. - Structure is documented below. - info_type_transformations.transformations: |- - - - (Required) - Transformation for each infoType. Cannot specify more than one for a given infoType. + Export data profiles into a provided location Structure is documented below. - info_type_transformations.transformations.info_types: |- + actions.pub_sub_notification: |- - (Optional) - InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to - all findings that correspond to infoTypes that were requested in InspectConfig. - Structure is documented below. - info_type_transformations.transformations.primitive_transformation: |- - - - (Required) - Primitive transformation to apply to the infoType. - The primitive_transformation block must only contain one argument, corresponding to the type of transformation. + Publish a message into the Pub/Sub topic. Structure is documented below. - info_types.name: |- - - - (Required) - Name of the information type. - info_types.sensitivity_score: |- + cadence.schema_modified_cadence: |- - (Optional) - Optional custom sensitivity for this InfoType. This only applies to data profiling. + Governs when to update data profiles when a schema is modified Structure is documented below. - info_types.version: |- - - - (Optional) - Version name for this InfoType. - kms_wrapped.crypto_key_name: |- - - - (Required) - The resource name of the KMS CryptoKey to use for unwrapping. - kms_wrapped.wrapped_key: |- - - - (Required) - The wrapped data crypto key. - A base64-encoded string. - lower_bound.boolean_value: |- - - - (Optional) - A boolean value. - lower_bound.date_value: |- + cadence.table_modified_cadence: |- - (Optional) - Represents a whole or partial calendar date. + Governs when to update profile when a table is modified. Structure is documented below. - lower_bound.day_of_week_value: |- - - - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - lower_bound.float_value: |- + conditions.created_after: |- - (Optional) - A float value. - lower_bound.integer_value: |- + A timestamp in RFC3339 UTC "Zulu" format with nanosecond resolution and upto nine fractional digits. + conditions.minimum_risk_score: |- - (Optional) - An integer value (int64 format) - lower_bound.string_value: |- + The minimum data risk score that triggers the condition. + Possible values are: HIGH, MEDIUM_OR_HIGH. + conditions.minimum_sensitivity_score: |- - (Optional) - A string value. - lower_bound.time_value: |- + The minimum sensitivity level that triggers the condition. + Possible values are: HIGH, MEDIUM_OR_HIGH. + conditions.or_conditions: |- - (Optional) - Represents a time of day. + At least one of the conditions must be true for a table to be scanned. Structure is documented below. - lower_bound.timestamp_value: |- - - - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - masking_character: is * - max.boolean_value: |- + conditions.type_collection: |- - (Optional) - A boolean value. - max.date_value: |- + Restrict discovery to categories of table types. Currently view, materialized view, snapshot and non-biglake external tables are supported. + Possible values are: BIG_QUERY_COLLECTION_ALL_TYPES, BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES. + conditions.types: |- - (Optional) - Represents a whole or partial calendar date. + Restrict discovery to specific table type Structure is documented below. - max.day_of_week_value: |- + create: '- Default is 20 minutes.' + create_time: |- - - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - max.float_value: |- + Output only. The creation timestamp of a DiscoveryConfig. + delete: '- Default is 20 minutes.' + details.code: |- - (Optional) - A float value. - max.integer_value: |- + The status code, which should be an enum value of google.rpc.Code. + details.details: |- - (Optional) - An integer value (int64 format) - max.string_value: |- + A list of messages that carry the error details. + details.message: |- - (Optional) - A string value. - max.time_value: |- + A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. + display_name: |- - (Optional) - Represents a time of day. + Display Name (max 1000 Chars) + errors: |- + - + Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared. Structure is documented below. - max.timestamp_value: |- + errors.details: |- - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - min.boolean_value: |- + Detailed error codes and messages. + Structure is documented below. + errors.timestamp: |- - (Optional) - A boolean value. - min.date_value: |- + The times the error occurred. List includes the oldest timestamp and the last 9 timestamps. + export_data.profile_table: |- - (Optional) - Represents a whole or partial calendar date. + Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in a new row in BigQuery Structure is documented below. - min.day_of_week_value: |- + export_data.profile_table.dataset_id: |- - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - min.float_value: |- + Dataset Id of the table + export_data.profile_table.project_id: |- - (Optional) - A float value. - min.integer_value: |- + The Google Cloud Platform project ID of the project containing the table. If omitted, the project ID is inferred from the API call. + export_data.profile_table.table_id: |- - (Optional) - An integer value (int64 format) - min.string_value: |- + Name of the table + filter.other_tables: |- - (Optional) - A string value. - min.time_value: |- + Catch-all. This should always be the last filter in the list because anything above it will apply first. + filter.tables: |- - (Optional) - Represents a time of day. + A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config. Structure is documented below. - min.timestamp_value: |- + id: '- an identifier for the resource with format {{parent}}/discoveryConfigs/{{name}}' + inspect_templates: |- - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - name: |- + Detection logic for profile generation + last_run_time: |- - - The resource name of the template. Set by the server. - number_to_mask: is -4 - parent: |- + Output only. The timestamp of the last time this config was executed + location: |- - (Required) - The parent of the template in any of the following formats: - primitive_transformation.bucketing_config: |- - - - (Optional) - Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -> LOW 31-65 -> MEDIUM 66-100 -> HIGH - This can be used on data of type: number, long, string, timestamp. - If the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. - See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. - Structure is documented below. - primitive_transformation.character_mask_config: |- - - - (Optional) - Partially mask a string by replacing a given number of characters with a fixed character. - Masking can start from the beginning or end of the string. - Structure is documented below. - primitive_transformation.crypto_deterministic_config: |- - - - (Optional) - Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC https://tools.ietf.org/html/rfc5297. - Structure is documented below. - primitive_transformation.crypto_hash_config: |- + Location to create the discovery config in. + location.folder_id: |- - (Optional) - Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes. - Outputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=). - Currently, only string and integer values can be hashed. - See https://cloud.google.com/dlp/docs/pseudonymization to learn more. - Structure is documented below. - primitive_transformation.crypto_replace_ffx_fpe_config: |- + The ID for the folder within an organization to scan + location.organization_id: |- - (Optional) - Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the content.reidentify API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See https://cloud.google.com/dlp/docs/pseudonymization to learn more. - Note: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity. - Structure is documented below. - primitive_transformation.date_shift_config: |- + The ID of an organization to scan + name: |- - - (Optional) - Shifts dates by random number of days, with option to be consistent for the same context. - Structure is documented below. - primitive_transformation.fixed_size_bucketing_config: |- + Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created. + or_conditions.min_age: |- - (Optional) - Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies. - The transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with "10-20". - This can be used on data of type: double, long. - If the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing. - See https://cloud.google.com/dlp/docs/concepts-bucketing to learn more. - Structure is documented below. - primitive_transformation.redact_config: |- + Duration format. The minimum age a table must have before Cloud DLP can profile it. Value greater than 1. + or_conditions.min_row_count: |- - (Optional) - Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '. - primitive_transformation.replace_config: |- + Minimum number of rows that should be present before Cloud DLP profiles as a table. + org_config: |- - (Optional) - Replace each input value with a given value. + A nested object resource Structure is documented below. - primitive_transformation.replace_dictionary_config: |- + org_config.location: |- - (Optional) - Replace with a value randomly drawn (with replacement) from a dictionary. + The data to scan folder org or project Structure is documented below. - primitive_transformation.replace_with_info_type_config: |- + org_config.project_id: |- - (Optional) - Replace each matching finding with the name of the info type. - primitive_transformation.time_part_config: |- + The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the cloud DLP API must be enabled. + parent: |- - - (Optional) - For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value. - Structure is documented below. - record_suppressions.condition: |- + (Required) + The parent of the discovery config in any of the following formats: + pub_sub_notification.detail_of_message: |- - (Optional) - A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content. - Structure is documented below. - record_suppressions.condition.expressions: |- + How much data to include in the pub/sub message. + Possible values are: TABLE_PROFILE, RESOURCE_NAME. + pub_sub_notification.event: |- - (Optional) - An expression, consisting of an operator and conditions. - Structure is documented below. - record_suppressions.condition.expressions.conditions: |- + The type of event that triggers a Pub/Sub. At most one PubSubNotification per EventType is permitted. + Possible values are: NEW_PROFILE, CHANGED_PROFILE, SCORE_INCREASED, ERROR_CHANGED. + pub_sub_notification.pubsub_condition: |- - (Optional) - Conditions to apply to the expression. + Conditions for triggering pubsub Structure is documented below. - record_suppressions.condition.expressions.logical_operator: |- - - - (Optional) - The operator to apply to the result of conditions. Default and currently only supported value is AND. - Default value is AND. - Possible values are: AND. - record_transformations.field_transformations: |- + pub_sub_notification.topic: |- - (Optional) - Transform the record by applying various field transformations. - Structure is documented below. - record_transformations.record_suppressions: |- + Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}. + pubsub_condition.expressions: |- - (Optional) - Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output. + An expression Structure is documented below. - redaction_color.blue: |- - - - (Optional) - The amount of blue in the color as a value in the interval [0, 1]. - redaction_color.green: |- - - - (Optional) - The amount of green in the color as a value in the interval [0, 1]. - redaction_color.red: |- + pubsub_condition.expressions.conditions: |- - (Optional) - The amount of red in the color as a value in the interval [0, 1]. - replace_config.new_value: |- - - - (Required) - Replace each input value with a given value. - The new_value block must only contain one argument. For example when replacing the contents of a string-type field, only string_value should be set. + Conditions to apply to the expression Structure is documented below. - replace_config.new_value.boolean_value: |- - - - (Optional) - A boolean value. - replace_config.new_value.date_value: |- + pubsub_condition.expressions.logical_operator: |- - (Optional) - Represents a whole or partial calendar date. - Structure is documented below. - replace_config.new_value.day_of_week_value: |- + The operator to apply to the collection of conditions + Possible values are: OR, AND. + schema_modified_cadence.frequency: |- - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - replace_config.new_value.float_value: |- + How frequently profiles may be updated when schemas are modified. Default to monthly + Possible values are: UPDATE_FREQUENCY_NEVER, UPDATE_FREQUENCY_DAILY, UPDATE_FREQUENCY_MONTHLY. + schema_modified_cadence.types: |- - (Optional) - A float value. - replace_config.new_value.integer_value: |- + The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMN. + Each value may be one of: SCHEMA_NEW_COLUMNS, SCHEMA_REMOVED_COLUMNS. + status: |- - (Optional) - An integer value. - replace_config.new_value.string_value: |- + Required. A status for this configuration + Possible values are: RUNNING, PAUSED. + table_modified_cadence.frequency: |- - (Optional) - A string value. - replace_config.new_value.time_value: |- + How frequently data profiles can be updated when tables are modified. Defaults to never. + Possible values are: UPDATE_FREQUENCY_NEVER, UPDATE_FREQUENCY_DAILY, UPDATE_FREQUENCY_MONTHLY. + table_modified_cadence.types: |- - (Optional) - Represents a time of day. - Structure is documented below. - replace_config.new_value.timestamp_value: |- + The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP + Each value may be one of: TABLE_MODIFIED_TIMESTAMP. + tables.include_regexes: |- - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. - Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - replace_dictionary_config.word_list: |- - - - (Required) - A list of words to select from for random replacement. The limits page contains details about the size limits of dictionaries. + A collection of regular expressions to match a BQ table against. Structure is documented below. - replace_dictionary_config.word_list.words: |- - - - (Required) - Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits. - replacement_value.boolean_value: |- + tables.include_regexes.patterns: |- - (Optional) - A boolean value. - replacement_value.date_value: |- - - - (Optional) - Represents a whole or partial calendar date. + A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables. Structure is documented below. - replacement_value.day_of_week_value: |- - - - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - replacement_value.float_value: |- + tables.include_regexes.patterns.dataset_id_regex: |- - (Optional) - A float value. - replacement_value.integer_value: |- + if unset, this property matches all datasets + tables.include_regexes.patterns.project_id_regex: |- - (Optional) - An integer value (int64 format) - replacement_value.string_value: |- + For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project. + tables.include_regexes.patterns.table_id_regex: |- - (Optional) - A string value. - replacement_value.time_value: |- + if unset, this property matches all tables + targets: |- - (Optional) - Represents a time of day. + Target to match against for determining what to scan and how frequently Structure is documented below. - replacement_value.timestamp_value: |- + targets.big_query_target: |- - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - reverse_order: is false - selected_info_types.info_types: |- - - - (Required) - InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to - all findings that correspond to infoTypes that were requested in InspectConfig. + BigQuery target for Discovery. The first target to match a table will be the one applied. Structure is documented below. - selected_info_types.info_types.name: |- - - - (Required) - Name of the information type. - selected_info_types.info_types.sensitivity_score: |- + targets.big_query_target.cadence: |- - (Optional) - Optional custom sensitivity for this InfoType. This only applies to data profiling. + How often and when to update profiles. New tables that match both the fiter and conditions are scanned as quickly as possible depending on system capacity. Structure is documented below. - selected_info_types.info_types.version: |- - - - (Optional) - Version name for this InfoType. - sensitivity_score.score: |- - - - (Required) - The sensitivity score applied to the resource. - Possible values are: SENSITIVITY_LOW, SENSITIVITY_MODERATE, SENSITIVITY_HIGH. - surrogate_info_type.name: |- - - - (Optional) - Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern [A-Za-z0-9$-_]{1,64}. - surrogate_info_type.sensitivity_score: |- + targets.big_query_target.conditions: |- - (Optional) - Optional custom sensitivity for this InfoType. This only applies to data profiling. + In addition to matching the filter, these conditions must be true before a profile is generated Structure is documented below. - surrogate_info_type.version: |- - - - (Optional) - Optional version name for this InfoType. - time_part_config.part_to_extract: |- - - - (Optional) - The part of the time to keep. - Possible values are: YEAR, MONTH, DAY_OF_MONTH, DAY_OF_WEEK, WEEK_OF_YEAR, HOUR_OF_DAY. - time_value.hours: |- - - - (Optional) - Hours of day in 24 hour format. Should be from 0 to 23. - time_value.minutes: |- + targets.big_query_target.disabled: |- - (Optional) - Minutes of hour of day. Must be from 0 to 59. - time_value.nanos: |- + Tables that match this filter will not have profiles created. + targets.big_query_target.filter: |- - (Optional) - Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. - time_value.seconds: |- + Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table + Structure is documented below. + types.types: |- - (Optional) - Seconds of minutes of the time. Must normally be from 0 to 59. - transient.name: |- - - - (Required) - Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate TransientCryptoKey protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated). - unwrapped.key: |- - - - (Required) - A 128/192/256 bit key. - A base64-encoded string. + A set of BiqQuery table types + Each value may be one of: BIG_QUERY_TABLE_TYPE_TABLE, BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE. update: '- Default is 20 minutes.' update_time: |- - - The last update timestamp of an deidentifyTemplate. Set by the server. - upper_bound.boolean_value: |- - - - (Optional) - A boolean value. - upper_bound.date_value: |- - - - (Optional) - Represents a whole or partial calendar date. - Structure is documented below. - upper_bound.day_of_week_value: |- - - - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - upper_bound.float_value: |- - - - (Optional) - A float value. - upper_bound.integer_value: |- - - - (Optional) - An integer value (int64 format) - upper_bound.string_value: |- - - - (Optional) - A string value. - upper_bound.time_value: |- - - - (Optional) - Represents a time of day. - Structure is documented below. - upper_bound.timestamp_value: |- - - - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". - value.boolean_value: |- - - - (Optional) - A boolean value. - value.date_value: |- - - - (Optional) - Represents a whole or partial calendar date. - Structure is documented below. - value.day_of_week_value: |- - - - (Optional) - Represents a day of the week. - Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. - value.float_value: |- - - - (Optional) - A float value. - value.integer_value: |- - - - (Optional) - An integer value (int64 format) - value.string_value: |- - - - (Optional) - A string value. - value.time_value: |- - - - (Optional) - Represents a time of day. - Structure is documented below. - value.timestamp_value: |- - - - (Optional) - A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + Output only. The last update timestamp of a DiscoveryConfig. importStatements: [] google_data_loss_prevention_inspect_template: subCategory: Data loss prevention @@ -62489,38 +66338,54 @@ resources: } } argumentDocs: + additional_experiments: '- (Optional) List of experiments that should be used by the job. An example value is ["enable_stackdriver_agent_metrics"].' + autoscaling_algorithm: '- (Optional) The algorithm to use for autoscaling.' container_spec_gcs_path: |- - (Required) The GCS path to the Dataflow job Flex Template. effective_labels: |- - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + enable_streaming_engine: '- (Optional) Immutable. Indicates if the job should use the streaming engine feature.' + ip_configuration: '- (Optional) The configuration for VM IPs. Options are "WORKER_IP_PUBLIC" or "WORKER_IP_PRIVATE".' job_id: '- The unique ID of this job.' + kms_key_name: '- (Optional) The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY' labels: |- - (Optional) User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource. - name: '- (Required) A unique name for the resource, required by Dataflow.' + launcher_machine_type: '- (Optional) The machine type to use for launching the job. The default is n1-standard-1.' + machine_type: '- (Optional) The machine type to use for the job.' + max_workers: '- (Optional) Immutable. The maximum number of Google Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.' + name: '- (Required) Immutable. A unique name for the resource, required by Dataflow.' + network: '- (Optional) The network to which VMs will be assigned. If it is not provided, "default" will be used.' + num_workers: '- (Optional) Immutable. The initial number of Google Compute Engine instances for the job.' on_delete: |- - (Optional) One of "drain" or "cancel". Specifies behavior of deletion during terraform destroy. See above note. parameters: |- - - (Optional) Key/Value pairs to be passed to the Dataflow job (as - used in the template). Additional pipeline options - such as serviceAccount, workerMachineType, etc can be specified here. + - Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + case-sensitive based on the language on which the pipeline is coded, mostly Java. + Note: do not configure Dataflow options here in parameters. project: |- - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. - region: '- (Optional) The region in which the created job should run.' + region: '- (Optional) Immutable. The region in which the created job should run.' + sdk_container_image: '- (Optional) Docker registry location of container image to use for the ''worker harness. Default is the container for the version of the SDK. Note this field is only valid for portable pipelines.' + service_account_email: '- (Optional) Service account email to run the workers as.' skip_wait_on_job_termination: |- - (Optional) If set to true, terraform will treat DRAINING and CANCELLING as terminal states when deleting the resource, and will remove the resource from terraform state and move on. See above note. + staging_location: '- (Optional) The Cloud Storage path to use for staging files. Must be a valid Cloud Storage URL, beginning with gs://.' state: '- The current state of the resource, selected from the JobState enum' + subnetwork: '- (Optional) The subnetwork to which VMs will be assigned. Should be of the form "regions/REGION/subnetworks/SUBNETWORK".' + temp_location: '- (Optional) The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.' terraform_labels: |- - The combination of labels configured directly on the resource and default labels configured on the provider. + transform_name_mapping: '- (Optional) Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.' importStatements: [] google_dataflow_job: subCategory: Dataflow @@ -62591,7 +66456,10 @@ resources: name: '- (Required) A unique name for the resource, required by Dataflow.' network: '- (Optional) The network to which VMs will be assigned. If it is not provided, "default" will be used.' on_delete: '- (Optional) One of "drain" or "cancel". Specifies behavior of deletion during terraform destroy. See above note.' - parameters: '- (Optional) Key/Value pairs to be passed to the Dataflow job (as used in the template).' + parameters: |- + - Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + case-sensitive based on the language on which the pipeline is coded, mostly Java. + Note: do not configure Dataflow options here in parameters. project: '- (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.' region: '- (Optional) The region in which the created job should run.' service_account_email: '- (Optional) The Service Account email used to create the job.' @@ -62613,7 +66481,7 @@ resources: name: google_dataform_repository title: "" examples: - - name: dataform_respository + - name: dataform_repository manifest: |- { "display_name": "dataform_repository", @@ -62621,7 +66489,7 @@ resources: { "authentication_token_secret_version": "${google_secret_manager_secret_version.secret_version.id}", "default_branch": "main", - "url": "${google_sourcerepo_repository.git_repository.url}" + "url": "https://github.com/OWNER/REPOSITORY.git" } ], "labels": { @@ -62640,7 +66508,6 @@ resources: } references: git_remote_settings.authentication_token_secret_version: google_secret_manager_secret_version.secret_version.id - git_remote_settings.url: google_sourcerepo_repository.git_repository.url npmrc_environment_variables_secret_version: google_secret_manager_secret_version.secret_version.id provider: google-beta dependencies: @@ -62662,65 +66529,6 @@ resources: "secret": "${google_secret_manager_secret.secret.id}", "secret_data": "secret-data" } - google_sourcerepo_repository.git_repository: |- - { - "name": "my/repository", - "provider": "${google-beta}" - } - - name: dataform_respository - manifest: |- - { - "git_remote_settings": [ - { - "default_branch": "main", - "ssh_authentication_config": [ - { - "host_public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAklOUpkDHrfHY17SbrmTIpNLTGK9Tjom/BWDSU", - "user_private_key_secret_version": "${google_secret_manager_secret_version.secret_version.id}" - } - ], - "url": "${google_sourcerepo_repository.git_repository.url}" - } - ], - "name": "dataform_repository", - "provider": "${google-beta}", - "service_account": "1234567890-compute@developer.gserviceaccount.com", - "workspace_compilation_overrides": [ - { - "default_database": "database", - "schema_suffix": "_suffix", - "table_prefix": "prefix_" - } - ] - } - references: - git_remote_settings.ssh_authentication_config.user_private_key_secret_version: google_secret_manager_secret_version.secret_version.id - git_remote_settings.url: google_sourcerepo_repository.git_repository.url - provider: google-beta - dependencies: - google_secret_manager_secret.secret: |- - { - "provider": "${google-beta}", - "replication": [ - { - "auto": [ - {} - ] - } - ], - "secret_id": "my-secret" - } - google_secret_manager_secret_version.secret_version: |- - { - "provider": "${google-beta}", - "secret": "${google_secret_manager_secret.secret.id}", - "secret_data": "secret-data" - } - google_sourcerepo_repository.git_repository: |- - { - "name": "my/repository", - "provider": "${google-beta}" - } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' @@ -62821,17 +66629,17 @@ resources: manifest: |- { "policy_data": "${data.google_iam_policy.admin.policy_data}", - "project": "${google_dataform_repository.dataform_respository.project}", + "project": "${google_dataform_repository.dataform_repository.project}", "provider": "${google-beta}", - "region": "${google_dataform_repository.dataform_respository.region}", - "repository": "${google_dataform_repository.dataform_respository.name}" + "region": "${google_dataform_repository.dataform_repository.region}", + "repository": "${google_dataform_repository.dataform_repository.name}" } references: policy_data: data.google_iam_policy.admin.policy_data - project: google_dataform_repository.dataform_respository.project + project: google_dataform_repository.dataform_repository.project provider: google-beta - region: google_dataform_repository.dataform_respository.region - repository: google_dataform_repository.dataform_respository.name + region: google_dataform_repository.dataform_repository.region + repository: google_dataform_repository.dataform_repository.name argumentDocs: etag: '- (Computed) The etag of the IAM policy.' google_dataform_repository_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.' @@ -66339,6 +70147,42 @@ resources: ], "service_id": "ms-dpms2sf" } + - name: backup + manifest: |- + { + "hive_metastore_config": [ + { + "version": "2.3.6" + } + ], + "labels": { + "env": "test" + }, + "location": "us-central1", + "maintenance_window": [ + { + "day_of_week": "SUNDAY", + "hour_of_day": 2 + } + ], + "port": 9080, + "scheduled_backup": [ + { + "backup_location": "gs://${google_storage_bucket.bucket.name}", + "cron_schedule": "0 0 * * *", + "enabled": true, + "time_zone": "UTC" + } + ], + "service_id": "backup", + "tier": "DEVELOPER" + } + dependencies: + google_storage_bucket.bucket: |- + { + "location": "us-central1", + "name": "backup" + } argumentDocs: artifact_gcs_uri: |- - @@ -66532,6 +70376,27 @@ resources: - (Optional) Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0. + scheduled_backup: |- + - + (Optional) + The configuration of scheduled backup for the metastore service. + Structure is documented below. + scheduled_backup.backup_location: |- + - + (Required) + A Cloud Storage URI of a folder, in the format gs:///. A sub-folder containing backup files will be stored below it. + scheduled_backup.cron_schedule: |- + - + (Optional) + The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups. + scheduled_backup.enabled: |- + - + (Optional) + Defines whether the scheduled backup is enabled. The default value is false. + scheduled_backup.time_zone: |- + - + (Optional) + Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC. service_id: |- - (Required) @@ -67428,6 +71293,9 @@ resources: - name: default manifest: |- { + "depends_on": [ + "${google_firestore_database.database}" + ], "kind": "foo", "properties": [ { @@ -67440,6 +71308,16 @@ resources: } ] } + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_DISABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "(default)", + "project": "my-project-name", + "type": "DATASTORE_MODE" + } argumentDocs: ancestor: |- - @@ -74111,12 +77989,12 @@ resources: argumentDocs: geo.health_checked_targets: |- - (Optional) For A and AAAA types only. The list of targets to be health checked. These can be specified along with rrdatas within this item. - Structure is document below. + Structure is documented below. geo.location: '- (Required) The location name defined in Google Cloud.' geo.rrdatas: '- (Optional) Same as rrdatas above.' health_checked_targets.internal_load_balancers: |- - (Required) The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. health_checked_targets.internal_load_balancers.ip_address: '- (Required) The frontend IP address of the load balancer.' health_checked_targets.internal_load_balancers.ip_protocol: '- (Required) The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: ["tcp", "udp"]' health_checked_targets.internal_load_balancers.load_balancer_type: '- (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]' @@ -74135,7 +78013,7 @@ resources: primary_backup.enable_geo_fencing_for_backups: '- (Optional) Specifies whether to enable fencing for backup geo queries.' primary_backup.primary: |- - (Required) The list of global primary targets to be health checked. - Structure is document below. + Structure is documented below. primary_backup.trickle_ratio: '- (Optional) Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.' project: |- - (Optional) The ID of the project in which the resource belongs. If it @@ -74147,13 +78025,13 @@ resources: routing_policy.enable_geo_fencing: '- (Optional) Specifies whether to enable fencing for geo queries.' routing_policy.geo: |- - (Optional) The configuration for Geolocation based routing policy. - Structure is document below. + Structure is documented below. routing_policy.primary_backup: |- - - (Optional) The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - Structure is document below. + - (Optional) The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + Structure is documented below. routing_policy.wrr: |- - (Optional) The configuration for Weighted Round Robin based routing policy. - Structure is document below. + Structure is documented below. rrdatas: |- - (Optional) The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \" \" inside the Terraform configuration string (e.g. "first255characters\" \"morecharacters"). @@ -74161,7 +78039,7 @@ resources: type: '- (Required) The DNS record set type.' wrr.health_checked_targets: |- - (Optional) The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. wrr.rrdatas: '- (Optional) Same as rrdatas above.' wrr.weight: '- (Required) The ratio of traffic routed to the target.' importStatements: [] @@ -74521,306 +78399,6 @@ resources: } references: project_number: data.google_project.project.number - - name: example_integer - manifest: |- - { - "display_name": "test-property-integer", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp1", - "integer_type_options": [ - {} - ], - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop1", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_float - manifest: |- - { - "display_name": "test-property-float", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp2", - "float_type_options": [ - {} - ], - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop2", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_property - manifest: |- - { - "display_name": "test-property-property", - "document_is_folder": false, - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp8", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop8", - "property_type_options": [ - { - "property_definitions": [ - { - "display_name": "propdisp8_nested", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop8_nested", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source_nested", - "processor_type": "dummy_processor_nested" - } - ], - "text_type_options": [ - {} - ] - } - ] - } - ], - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_property_enum - manifest: |- - { - "display_name": "test-property-property", - "document_is_folder": false, - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp8", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop8", - "property_type_options": [ - { - "property_definitions": [ - { - "display_name": "propdisp8_nested", - "enum_type_options": [ - { - "possible_values": [ - "M", - "F", - "X" - ], - "validation_check_disabled": false - } - ], - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop8_nested", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source_nested", - "processor_type": "dummy_processor_nested" - } - ] - } - ] - } - ], - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_enum - manifest: |- - { - "display_name": "test-property-enum", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp6", - "enum_type_options": [ - { - "possible_values": [ - "M", - "F", - "X" - ], - "validation_check_disabled": false - } - ], - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop6", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_map - manifest: |- - { - "display_name": "test-property-map", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp4", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "map_type_options": [ - {} - ], - "name": "prop4", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_datetime - manifest: |- - { - "display_name": "test-property-date_time", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "date_time_type_options": [ - {} - ], - "display_name": "propdisp7", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop7", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ] - } - ] - } - references: - project_number: data.google_project.project.number - - name: example_timestamp - manifest: |- - { - "display_name": "test-property-timestamp", - "location": "us", - "project_number": "${data.google_project.project.number}", - "property_definitions": [ - { - "display_name": "propdisp5", - "is_filterable": true, - "is_metadata": false, - "is_repeatable": false, - "is_required": false, - "is_searchable": true, - "name": "prop5", - "retrieval_importance": "HIGHEST", - "schema_sources": [ - { - "name": "dummy_source", - "processor_type": "dummy_processor" - } - ], - "timestamp_type_options": [ - {} - ] - } - ] - } - references: - project_number: data.google_project.project.number argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' @@ -76810,6 +80388,31 @@ resources: ], "tier": "BASIC_SSD" } + - name: instance + manifest: |- + { + "file_shares": [ + { + "capacity_gb": 1024, + "name": "share1" + } + ], + "location": "us-central1", + "name": "test-instance", + "networks": [ + { + "modes": [ + "MODE_IPV4" + ], + "network": "default" + } + ], + "protocol": "NFS_V4_1", + "provider": "${google-beta}", + "tier": "ENTERPRISE" + } + references: + provider: google-beta - name: instance manifest: |- { @@ -76938,6 +80541,15 @@ resources: networks.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + networks.protocol: |- + - + (Optional, Beta) + Either NFSv3, for using NFS version 3 as file sharing protocol, + or NFSv4.1, for using NFS version 4.1 as file sharing protocol. + NFSv4.1 can be used with HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE. + The default is NFSv3. + Default value is NFS_V3. + Possible values are: NFS_V3, NFS_V4_1. networks.reserved_ip_range: |- - (Optional) @@ -77203,8 +80815,8 @@ resources: projects/projectId/androidApps/appId package_name: |- - - (Optional) - Immutable. The canonical package name of the Android app as would appear in the Google Play + (Required) + The canonical package name of the Android app as would appear in the Google Play Developer Console. project: |- - (Optional) The ID of the project in which the resource belongs. @@ -77242,16 +80854,19 @@ resources: ] } ], - "project": "my-project-name" + "project": "my-project-name", + "provider": "${google-beta}" } references: app_id: google_firebase_apple_app.default.app_id + provider: google-beta dependencies: google_firebase_apple_app.default: |- { "bundle_id": "bundle.id.appattest", "display_name": "Apple app", "project": "my-project-name", + "provider": "${google-beta}", "team_id": "9987654321" } time_sleep.wait_30s: |- @@ -77279,16 +80894,19 @@ resources: } ], "project": "my-project-name", + "provider": "${google-beta}", "token_ttl": "7200s" } references: app_id: google_firebase_apple_app.default.app_id + provider: google-beta dependencies: google_firebase_apple_app.default: |- { "bundle_id": "bundle.id.appattest", "display_name": "Apple app", "project": "my-project-name", + "provider": "${google-beta}", "team_id": "9987654321" } time_sleep.wait_30s: |- @@ -77336,15 +80954,18 @@ resources: ], "display_name": "Debug Token", "project": "my-project-name", + "provider": "${google-beta}", "token": "00000000-AAAA-BBBB-CCCC-000000000000" } references: app_id: google_firebase_web_app.default.app_id + provider: google-beta dependencies: google_firebase_web_app.default: |- { "display_name": "Web App for debug token", - "project": "my-project-name" + "project": "my-project-name", + "provider": "${google-beta}" } time_sleep.wait_30s: |- { @@ -77386,6 +81007,90 @@ resources: Note: This property is sensitive and will not be displayed in the plan. update: '- Default is 20 minutes.' importStatements: [] + google_firebase_app_check_device_check_config: + subCategory: Firebase App Check + description: An app's DeviceCheck configuration object. + name: google_firebase_app_check_device_check_config + title: "" + examples: + - name: default + manifest: |- + { + "app_id": "${google_firebase_apple_app.default.app_id}", + "depends_on": [ + "${time_sleep.wait_30s}" + ], + "key_id": "Key ID", + "lifecycle": [ + { + "precondition": [ + { + "condition": "${google_firebase_apple_app.default.team_id != \"\"}", + "error_message": "Provide a Team ID on the Apple App to use App Check" + } + ] + } + ], + "private_key": "${file(\"path/to/private-key.p8\")}", + "project": "my-project-name", + "provider": "${google-beta}", + "token_ttl": "7200s" + } + references: + app_id: google_firebase_apple_app.default.app_id + provider: google-beta + dependencies: + google_firebase_apple_app.default: |- + { + "bundle_id": "bundle.id.devicecheck", + "display_name": "Apple app", + "project": "my-project-name", + "provider": "${google-beta}", + "team_id": "9987654321" + } + time_sleep.wait_30s: |- + { + "create_duration": "30s", + "depends_on": [ + "${google_firebase_apple_app.default}" + ] + } + argumentDocs: + app_id: |- + - + (Required) + The ID of an + Apple App. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/apps/{{app_id}}/deviceCheckConfig' + key_id: |- + - + (Required) + The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account. + name: |- + - + The relative resource name of the DeviceCheck configuration object + private_key: |- + - + (Required) + The contents of the private key (.p8) file associated with the key specified by keyId. + Note: This property is sensitive and will not be displayed in the plan. + private_key_set: |- + - + Whether the privateKey field was previously set. Since App Check will never return the + privateKey field, this field is the only way to find out whether it was previously set. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + token_ttl: |- + - + (Optional) + Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid. + If unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + update: '- Default is 20 minutes.' + importStatements: [] google_firebase_app_check_play_integrity_config: subCategory: Firebase App Check description: An app's Play Integrity configuration object. @@ -77409,16 +81114,19 @@ resources: ] } ], - "project": "my-project-name" + "project": "my-project-name", + "provider": "${google-beta}" } references: app_id: google_firebase_android_app.default.app_id + provider: google-beta dependencies: google_firebase_android_app.default: |- { "display_name": "Play Integrity app", "package_name": "package.name.playintegrity", "project": "my-project-name", + "provider": "${google-beta}", "sha1_hashes": [ "2145bdf698b8715039bd0e83f2069bed435ac21c" ], @@ -77426,6 +81134,13 @@ resources: "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" ] } + google_project_service.play_integrity: |- + { + "disable_on_destroy": false, + "project": "my-project-name", + "provider": "${google-beta}", + "service": "playintegrity.googleapis.com" + } time_sleep.wait_30s: |- { "create_duration": "30s", @@ -77451,16 +81166,19 @@ resources: } ], "project": "my-project-name", + "provider": "${google-beta}", "token_ttl": "7200s" } references: app_id: google_firebase_android_app.default.app_id + provider: google-beta dependencies: google_firebase_android_app.default: |- { "display_name": "Play Integrity app", "package_name": "package.name.playintegrity", "project": "my-project-name", + "provider": "${google-beta}", "sha1_hashes": [ "2145bdf698b8715039bd0e83f2069bed435ac21c" ], @@ -77468,6 +81186,13 @@ resources: "2145bdf698b8715039bd0e83f2069bed435ac21ca1b2c3d4e5f6123456789abc" ] } + google_project_service.play_integrity: |- + { + "disable_on_destroy": false, + "project": "my-project-name", + "provider": "${google-beta}", + "service": "playintegrity.googleapis.com" + } time_sleep.wait_30s: |- { "create_duration": "30s", @@ -77512,16 +81237,26 @@ resources: "${time_sleep.wait_30s}" ], "project": "my-project-name", + "provider": "${google-beta}", "site_key": "6LdpMXIpAAAAANkwWQPgEdjEhal7ugkH9RK9ytuw", "token_ttl": "7200s" } references: app_id: google_firebase_web_app.default.app_id + provider: google-beta dependencies: google_firebase_web_app.default: |- { "display_name": "Web App for reCAPTCHA Enterprise", - "project": "my-project-name" + "project": "my-project-name", + "provider": "${google-beta}" + } + google_project_service.recaptcha_enterprise: |- + { + "disable_on_destroy": false, + "project": "my-project-name", + "provider": "${google-beta}", + "service": "recaptchaenterprise.googleapis.com" } time_sleep.wait_30s: |- { @@ -77572,16 +81307,19 @@ resources: "${time_sleep.wait_30s}" ], "project": "my-project-name", + "provider": "${google-beta}", "site_secret": "6Lf9YnQpAAAAAC3-MHmdAllTbPwTZxpUw5d34YzX", "token_ttl": "7200s" } references: app_id: google_firebase_web_app.default.app_id + provider: google-beta dependencies: google_firebase_web_app.default: |- { "display_name": "Web App for reCAPTCHA V3", - "project": "my-project-name" + "project": "my-project-name", + "provider": "${google-beta}" } time_sleep.wait_30s: |- { @@ -77669,7 +81407,7 @@ resources: ], "enforcement_mode": "UNENFORCED", "project": "my-project-name", - "service_id": "firebasedatabase.googleapis.com" + "service_id": "identitytoolkit.googleapis.com" } dependencies: google_project_service.appcheck: |- @@ -78838,6 +82576,39 @@ resources: "provider": "${google-beta}", "site_id": "site-id" } + - name: default + manifest: |- + { + "config": [ + { + "rewrites": [ + { + "glob": "**", + "path": "/index.html" + } + ] + } + ], + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}" + } + references: + provider: google-beta + site_id: google_firebase_hosting_site.default.site_id + dependencies: + google_firebase_hosting_release.default: |- + { + "message": "Path Rewrite", + "provider": "${google-beta}", + "site_id": "${google_firebase_hosting_site.default.site_id}", + "version_name": "${google_firebase_hosting_version.default.name}" + } + google_firebase_hosting_site.default: |- + { + "project": "my-project-name", + "provider": "${google-beta}", + "site_id": "site-id" + } - name: default manifest: |- { @@ -79008,6 +82779,10 @@ resources: - (Optional) The user-supplied glob to match against the request URL path. + rewrites.path: |- + - + (Optional) + The URL path to rewrite the request to. rewrites.regex: |- - (Optional) @@ -79221,7 +82996,7 @@ resources: ] } ], - "name": "cloud.firestore", + "name": "cloud.firestore/database", "project": "my-project-name", "ruleset_name": "projects/my-project-name/rulesets/${google_firebaserules_ruleset.firestore.name}" } @@ -79408,7 +83183,7 @@ resources: ], "database": "${google_firestore_database.database.name}", "project": "my-project-name", - "retention": "604800s" + "retention": "8467200s" } references: database: google_firestore_database.database.name @@ -79451,7 +83226,7 @@ resources: daily_recurrence: |- - (Optional) - For a schedule that runs daily at a specified time. + For a schedule that runs daily. database: |- - (Optional) @@ -79470,12 +83245,12 @@ resources: (Required) At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days. A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". - For a daily backup recurrence, set this to a value up to 7 days. If you set a weekly backup recurrence, set this to a value up to 14 weeks. + You can set this to a value up to 14 weeks. update: '- Default is 20 minutes.' weekly_recurrence: |- - (Optional) - For a schedule that runs weekly on a specific day and time. + For a schedule that runs weekly on a specific day. Structure is documented below. weekly_recurrence.day: |- - @@ -79510,6 +83285,54 @@ resources: "project": "my-project-name", "type": "FIRESTORE_NATIVE" } + - name: database + manifest: |- + { + "app_engine_integration_mode": "DISABLED", + "cmek_config": [ + { + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "concurrency_mode": "OPTIMISTIC", + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "depends_on": [ + "${google_kms_crypto_key_iam_binding.firestore_cmek_keyuser}" + ], + "location_id": "nam5", + "name": "cmek-database-id", + "point_in_time_recovery_enablement": "POINT_IN_TIME_RECOVERY_ENABLED", + "project": "my-project-name", + "provider": "${google-beta}", + "type": "FIRESTORE_NATIVE" + } + references: + cmek_config.kms_key_name: google_kms_crypto_key.crypto_key.id + provider: google-beta + dependencies: + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "kms-key", + "provider": "${google-beta}", + "purpose": "ENCRYPT_DECRYPT" + } + google_kms_crypto_key_iam_binding.firestore_cmek_keyuser: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "members": [ + "serviceAccount:service-${data.google_project.project.number}@gcp-sa-firestore.iam.gserviceaccount.com" + ], + "provider": "${google-beta}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.key_ring: |- + { + "location": "us", + "name": "kms-key-ring", + "provider": "${google-beta}" + } - name: datastore_mode_database manifest: |- { @@ -79531,12 +83354,89 @@ resources: "project": "my-project-name", "type": "DATASTORE_MODE" } + - name: database + manifest: |- + { + "app_engine_integration_mode": "DISABLED", + "cmek_config": [ + { + "kms_key_name": "${google_kms_crypto_key.crypto_key.id}" + } + ], + "concurrency_mode": "OPTIMISTIC", + "delete_protection_state": "DELETE_PROTECTION_ENABLED", + "deletion_policy": "DELETE", + "depends_on": [ + "${google_kms_crypto_key_iam_binding.firestore_cmek_keyuser}" + ], + "location_id": "nam5", + "name": "cmek-database-id", + "point_in_time_recovery_enablement": "POINT_IN_TIME_RECOVERY_ENABLED", + "project": "my-project-name", + "provider": "${google-beta}", + "type": "DATASTORE_MODE" + } + references: + cmek_config.kms_key_name: google_kms_crypto_key.crypto_key.id + provider: google-beta + dependencies: + google_kms_crypto_key.crypto_key: |- + { + "key_ring": "${google_kms_key_ring.key_ring.id}", + "name": "kms-key", + "provider": "${google-beta}", + "purpose": "ENCRYPT_DECRYPT" + } + google_kms_crypto_key_iam_binding.firestore_cmek_keyuser: |- + { + "crypto_key_id": "${google_kms_crypto_key.crypto_key.id}", + "members": [ + "serviceAccount:service-${data.google_project.project.number}@gcp-sa-firestore.iam.gserviceaccount.com" + ], + "provider": "${google-beta}", + "role": "roles/cloudkms.cryptoKeyEncrypterDecrypter" + } + google_kms_key_ring.key_ring: |- + { + "location": "us", + "name": "kms-key-ring", + "provider": "${google-beta}" + } argumentDocs: app_engine_integration_mode: |- - (Optional) The App Engine integration mode to use for this database. Possible values are: ENABLED, DISABLED. + cmek_config: |- + - + (Optional, Beta) + The CMEK (Customer Managed Encryption Key) configuration for a Firestore + database. If not present, the database is secured by the default Google + encryption key. + Structure is documented below. + cmek_config.active_key_version: |- + - + (Output) + Currently in-use KMS key versions (https://cloud.google.com/kms/docs/resource-hierarchy#key_versions). + During key rotation (https://cloud.google.com/kms/docs/key-rotation), there can be + multiple in-use key versions. + The expected format is + projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}/cryptoKeyVersions/{key_version}. + cmek_config.kms_key_name: |- + - + (Required) + The resource ID of a Cloud KMS key. If set, the database created will + be a Customer-managed Encryption Key (CMEK) database encrypted with + this key. This feature is allowlist only in initial launch. + Only keys in the same location as this database are allowed to be used + for encryption. For Firestore's nam5 multi-region, this corresponds to Cloud KMS + multi-region us. For Firestore's eur3 multi-region, this corresponds to + Cloud KMS multi-region europe. See https://cloud.google.com/kms/docs/locations. + This value should be the KMS key resource ID in the format of + projects/{project_id}/locations/{kms_location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}. + How to retrive this resource ID is listed at + https://cloud.google.com/kms/docs/getting-resource-ids#getting_the_id_for_a_key_and_version. concurrency_mode: |- - (Optional) @@ -79833,7 +83733,7 @@ resources: id: '- an identifier for the resource with format {{name}}' name: |- - - A server defined name for this index. Format: + A server defined name for this document. Format: projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}} path: |- - @@ -80022,7 +83922,7 @@ resources: - name: my-index manifest: |- { - "collection": "${google_firestore_document.document.collection}", + "collection": "atestcollection", "database": "${google_firestore_database.database.name}", "fields": [ { @@ -80034,58 +83934,26 @@ resources: "order": "DESCENDING" } ], - "project": "${google_project.project.project_id}" + "project": "my-project-name" } references: - collection: google_firestore_document.document.collection database: google_firestore_database.database.name - project: google_project.project.project_id dependencies: google_firestore_database.database: |- { - "depends_on": [ - "${google_project_service.firestore}" - ], + "delete_protection_state": "DELETE_PROTECTION_DISABLED", + "deletion_policy": "DELETE", "location_id": "nam5", - "name": "(default)", - "project": "${google_project.project.project_id}", + "name": "database-id", + "project": "my-project-name", "type": "FIRESTORE_NATIVE" } - google_firestore_document.document: |- - { - "collection": "somenewcollection", - "database": "${google_firestore_database.database.name}", - "document_id": "", - "fields": "{\"something\":{\"mapValue\":{\"fields\":{\"akey\":{\"stringValue\":\"avalue\"}}}}}", - "project": "${google_project.project.project_id}" - } - google_project.project: |- - { - "name": "project-id", - "org_id": "123456789", - "project_id": "project-id" - } - google_project_service.firestore: |- - { - "depends_on": [ - "${time_sleep.wait_60_seconds}" - ], - "project": "${google_project.project.project_id}", - "service": "firestore.googleapis.com" - } - time_sleep.wait_60_seconds: |- - { - "create_duration": "60s", - "depends_on": [ - "${google_project.project}" - ] - } - name: my-index manifest: |- { "api_scope": "DATASTORE_MODE_API", - "collection": "chatrooms", - "database": "(default)", + "collection": "atestcollection", + "database": "${google_firestore_database.database.name}", "fields": [ { "field_path": "name", @@ -80099,6 +83967,58 @@ resources: "project": "my-project-name", "query_scope": "COLLECTION_RECURSIVE" } + references: + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_DISABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id-dm", + "project": "my-project-name", + "type": "DATASTORE_MODE" + } + - name: my-index + manifest: |- + { + "collection": "atestcollection", + "database": "${google_firestore_database.database.name}", + "fields": [ + { + "field_path": "field_name", + "order": "ASCENDING" + }, + { + "field_path": "__name__", + "order": "ASCENDING" + }, + { + "field_path": "description", + "vector_config": [ + { + "dimension": 128, + "flat": [ + {} + ] + } + ] + } + ], + "project": "my-project-name" + } + references: + database: google_firestore_database.database.name + dependencies: + google_firestore_database.database: |- + { + "delete_protection_state": "DELETE_PROTECTION_DISABLED", + "deletion_policy": "DELETE", + "location_id": "nam5", + "name": "database-id-vector", + "project": "my-project-name", + "type": "FIRESTORE_NATIVE" + } argumentDocs: collection: |- - @@ -80109,29 +84029,19 @@ resources: fields: |- - (Required) - The fields supported by this index. The last field entry is always for - the field path __name__. If, on creation, __name__ was not - specified as the last field, it will be added automatically with the - same direction as that of the last field defined. If the final field - in a composite index is not directional, the __name__ will be - ordered "ASCENDING" (unless explicitly specified otherwise). + The fields supported by this index. The last non-stored field entry is + always for the field path __name__. If, on creation, __name__ was not + specified as the last field, it will be added automatically with the same + direction as that of the last field defined. If the final field in a + composite index is not directional, the __name__ will be ordered + "ASCENDING" (unless explicitly specified otherwise). Structure is documented below. - fields.api_scope: |- - - - (Optional) - The API scope at which a query is run. - Default value is ANY_API. - Possible values are: ANY_API, DATASTORE_MODE_API. fields.array_config: |- - (Optional) - Indicates that this field supports operations on arrayValues. Only one of order and arrayConfig can - be specified. + Indicates that this field supports operations on arrayValues. Only one of order, arrayConfig, and + vectorConfig can be specified. Possible values are: CONTAINS. - fields.database: |- - - - (Optional) - The Firestore database id. Defaults to "(default)". fields.field_path: |- - (Optional) @@ -80140,22 +84050,47 @@ resources: - (Optional) Indicates that this field supports ordering by the specified order or comparing using =, <, <=, >, >=. - Only one of order and arrayConfig can be specified. + Only one of order, arrayConfig, and vectorConfig can be specified. Possible values are: ASCENDING, DESCENDING. - fields.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - fields.query_scope: |- + fields.vector_config: |- - (Optional) - The scope at which a query is run. - Default value is COLLECTION. - Possible values are: COLLECTION, COLLECTION_GROUP, COLLECTION_RECURSIVE. + Indicates that this field supports vector search operations. Only one of order, arrayConfig, and + vectorConfig can be specified. Vector Fields should come after the field path __name__. + Structure is documented below. id: '- an identifier for the resource with format {{name}}' name: |- - A server defined name for this index. Format: projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}} + vector_config.api_scope: |- + - + (Optional) + The API scope at which a query is run. + Default value is ANY_API. + Possible values are: ANY_API, DATASTORE_MODE_API. + vector_config.database: |- + - + (Optional) + The Firestore database id. Defaults to "(default)". + vector_config.dimension: |- + - + (Optional) + The resulting index will only include vectors of this dimension, and can be used for vector search + with the same dimension. + vector_config.flat: |- + - + (Optional) + Indicates the vector index is a flat index. + vector_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + vector_config.query_scope: |- + - + (Optional) + The scope at which a query is run. + Default value is COLLECTION. + Possible values are: COLLECTION, COLLECTION_GROUP, COLLECTION_RECURSIVE. importStatements: [] google_folder: subCategory: Cloud Platform @@ -80673,6 +84608,197 @@ resources: } ] } + - name: rpo_daily_window + manifest: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "backup_schedule": [ + { + "paused": true, + "rpo_config": [ + { + "exclusion_windows": [ + { + "daily": true, + "duration": "7200s", + "start_time": [ + { + "hours": 12 + } + ] + }, + { + "duration": "3600s", + "single_occurrence_date": [ + { + "day": 16, + "month": 3, + "year": 2024 + } + ], + "start_time": [ + { + "hours": 8, + "minutes": 40, + "nanos": 100, + "seconds": 1 + } + ] + } + ], + "target_rpo_minutes": 1440 + } + ] + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rpo-daily-window", + "retention_policy": [ + { + "backup_delete_lock_days": 30, + "backup_retain_days": 180 + } + ] + } + references: + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1", + "name": "rpo-daily-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } + - name: rpo_weekly_window + manifest: |- + { + "backup_config": [ + { + "all_namespaces": true, + "include_secrets": true, + "include_volume_data": true + } + ], + "backup_schedule": [ + { + "paused": true, + "rpo_config": [ + { + "exclusion_windows": [ + { + "days_of_week": [ + { + "days_of_week": [ + "MONDAY", + "THURSDAY" + ] + } + ], + "duration": "1800s", + "start_time": [ + { + "hours": 1, + "minutes": 23 + } + ] + }, + { + "duration": "3600s", + "single_occurrence_date": [ + { + "day": 17, + "month": 3, + "year": 2024 + } + ], + "start_time": [ + { + "hours": 12 + } + ] + }, + { + "duration": "600s", + "single_occurrence_date": [ + { + "day": 18, + "month": 3, + "year": 2024 + } + ], + "start_time": [ + { + "hours": 8, + "minutes": 40 + } + ] + } + ], + "target_rpo_minutes": 1440 + } + ] + } + ], + "cluster": "${google_container_cluster.primary.id}", + "location": "us-central1", + "name": "rpo-weekly-window", + "retention_policy": [ + { + "backup_delete_lock_days": 30, + "backup_retain_days": 180 + } + ] + } + references: + cluster: google_container_cluster.primary.id + dependencies: + google_container_cluster.primary: |- + { + "addons_config": [ + { + "gke_backup_agent_config": [ + { + "enabled": true + } + ] + } + ], + "deletion_protection": "true", + "initial_node_count": 1, + "location": "us-central1", + "name": "rpo-weekly-cluster", + "network": "default", + "subnetwork": "default", + "workload_identity_config": [ + { + "workload_pool": "my-project-name.svc.id.goog" + } + ] + } argumentDocs: backup_config: |- - @@ -80719,16 +84845,30 @@ resources: (Optional) A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. + This is mutually exclusive with the rpoConfig field since at most one + schedule can be defined for a BackupPlan. If this is defined, then backupRetainDays must also be defined. backup_schedule.paused: |- - (Optional) This flag denotes whether automatic Backup creation is paused for this BackupPlan. + backup_schedule.rpo_config: |- + - + (Optional) + Defines the RPO schedule configuration for this BackupPlan. This is mutually + exclusive with the cronSchedule field since at most one schedule can be defined + for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + Structure is documented below. cluster: |- - (Required) The source cluster from which Backups will be created via this BackupPlan. create: '- Default is 20 minutes.' + days_of_week.days_of_week: |- + - + (Optional) + A list of days of week. + Each value may be one of: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. deactivated: |- - (Optional) @@ -80754,6 +84894,35 @@ resources: in order to avoid race conditions: An etag is returned in the response to backupPlans.get, and systems are expected to put that etag in the request to backupPlans.patch or backupPlans.delete to ensure that their change will be applied to the same version of the resource. + exclusion_windows.daily: |- + - + (Optional) + The exclusion window occurs every day if set to "True". + Specifying this field to "False" is an error. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + exclusion_windows.days_of_week: |- + - + (Optional) + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + exclusion_windows.duration: |- + - + (Required) + Specifies duration of the window in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Restrictions for duration based on the + recurrence type to allow some time for backup to happen: + exclusion_windows.single_occurrence_date: |- + - + (Optional) + No recurrence. The exclusion window occurs only once and on this date in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + exclusion_windows.start_time: |- + - + (Required) + Specifies the start time of the window using time of the day in UTC. + Structure is documented below. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/backupPlans/{{name}}' labels: |- - @@ -80801,13 +84970,32 @@ resources: existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] + If cronSchedule is defined, then this must be <= 360 * the creation interval. + If rpo_config is defined, then this must be + <= 360 * targetRpoMinutes/(1440minutes/day) retention_policy.locked: |- - (Optional) This flag denotes whether the retention policy of this BackupPlan is locked. If set to True, no further update is allowed on this policy, including the locked field itself. + rpo_config.exclusion_windows: |- + - + (Optional) + User specified time windows during which backup can NOT happen for this BackupPlan. + Backups should start and finish outside of any given exclusion window. Note: backup + jobs will be scheduled to start and finish outside the duration of the window as + much as possible, but running jobs will not get canceled when it runs into the window. + All the time and date values in exclusionWindows entry in the API are in UTC. We + only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + restriction on number of single occurrence windows. + Structure is documented below. + rpo_config.target_rpo_minutes: |- + - + (Required) + Defines the target RPO for the BackupPlan in minutes, which means the target + maximum data loss in time that is acceptable for this BackupPlan. This must be + at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. selected_applications.namespaced_names: |- - (Required) @@ -80825,6 +85013,34 @@ resources: - (Required) A list of Kubernetes Namespaces. + single_occurrence_date.day: |- + - + (Optional) + Day of a month. + single_occurrence_date.month: |- + - + (Optional) + Month of a year. + single_occurrence_date.year: |- + - + (Optional) + Year of the date. + start_time.hours: |- + - + (Optional) + Hours of day in 24 hour format. + start_time.minutes: |- + - + (Optional) + Minutes of hour of day. + start_time.nanos: |- + - + (Optional) + Fractions of seconds in nanoseconds. + start_time.seconds: |- + - + (Optional) + Seconds of minutes of the time. state: |- - The State of the BackupPlan. @@ -82827,8 +87043,40 @@ resources: - (Optional) Version of ACM installed. + container_resources.limits: |- + - + (Optional) + Limits describes the maximum amount of compute resources allowed for use by the running container. + container_resources.requests: |- + - + (Optional) + Requests describes the amount of compute resources reserved for the container by the kube-scheduler. create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' + deployment_configs: |- + - + (Optional) + Map of deployment configs to deployments ("admission", "audit", "mutation"). + deployment_configs.component_name: |- + - + (Required) + The name of the component. One of admission audit or mutation + deployment_configs.container_resources: |- + - + (Optional) + Container resource requirements. + deployment_configs.pod_affinity: |- + - + (Optional) + Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY + deployment_configs.pod_tolerations: |- + - + (Optional) + Pod tolerations of node taints. + deployment_configs.replica_count: |- + - + (Optional) + Pod replica count. feature: |- - (Optional) @@ -82878,6 +87126,14 @@ resources: (Optional) Whether Hierarchy Controller is enabled in this cluster. id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/features/{{feature}}/membershipId/{{membership}}' + limits.cpu: |- + - + (Optional) + CPU requirement expressed in Kubernetes resource units. + limits.memory: |- + - + (Optional) + Memory requirement expressed in Kubernetes resource units. location: |- - (Optional) @@ -82921,12 +87177,29 @@ resources: - (Optional) Period in seconds(int64 format) between consecutive syncs. Default: 15. + pod_tolerations.effect: |- + - + (Optional) + Matches a taint effect. + pod_tolerations.key: |- + - + (Optional) + Matches a taint key (not necessarily unique). + pod_tolerations.operator: |- + - + (Optional) + Matches a taint operator. + pod_tolerations.value: |- + - + (Optional) + Matches a taint value. + policy_content.bundles: |- + - + (Optional) + map of bundle name to BundleInstallSpec. The bundle name maps to the bundleName key in the policycontroller.gke.io/constraintData annotation on a constraint. policy_content.template_library: |- (Optional) Configures the installation of the Template Library. Structure is documented below. - policy_content.template_library.installation: |- - (Optional) - Configures the manner in which the template library is installed on the cluster. Must be one of ALL, NOT_INSTALLED or INSTALLATION_UNSPECIFIED. Defaults to ALL. policy_controller.audit_interval_seconds: |- - (Optional) @@ -83010,6 +87283,25 @@ resources: - (Optional) The project of the feature + requests.cpu: |- + - + (Optional) + CPU requirement expressed in Kubernetes resource units. + requests.memory: |- + - + (Optional) + Memory requirement expressed in Kubernetes resource units. + template_library.bundle_name: |- + - + (Required) + The name of the bundle. + template_library.exempted_namespaces: |- + - + (Optional) + The set of namespaces to be exempted from the bundle. + template_library.installation: |- + (Optional) + Configures the manner in which the template library is installed on the cluster. Must be one of ALL, NOT_INSTALLED or INSTALLATION_UNSPECIFIED. Defaults to ALL. update: '- Default is 20 minutes.' importStatements: [] google_gke_hub_fleet: @@ -86177,6 +90469,7 @@ resources: } ], "description": "test cluster", + "disable_bundled_ingress": true, "enable_control_plane_v2": true, "load_balancer": [ { @@ -86225,7 +90518,8 @@ resources: ], "service_address_cidr_blocks": [ "10.96.0.0/12" - ] + ], + "vcenter_network": "test-vcenter-network" } ], "on_prem_version": "1.13.1-gke.35", @@ -86675,7 +90969,7 @@ resources: Structure is documented below. network_config.vcenter_network: |- - - (Output) + (Optional) vcenter_network specifies vCenter network name. Inherited from the admin cluster. on_prem_version: |- - @@ -86860,6 +91154,10 @@ resources: - (Optional) A human readable description of this VMware User Cluster. + vsphere_config.disable_bundled_ingress: |- + - + (Optional) + Disable bundled ingress. vsphere_config.effective_annotations: for all of the annotations present on the resource. vsphere_config.enable_control_plane_v2: |- - @@ -87312,6 +91610,18 @@ resources: Tags to apply to VMs. Structure is documented below. importStatements: [] + google_google_project_iam_member_remove: + subCategory: Cloud Platform + description: Ensures that a member:role pairing does not exist in a project's IAM policy. + name: google_google_project_iam_member_remove + title: "" + argumentDocs: + member: |- + - (Required) The IAM principal that should not have the target role. + Each entry can have one of the following values: + project: '- (Required) The project id of the target project.' + role: '- (Required) The target role that should be removed.' + importStatements: [] google_healthcare_consent_store: subCategory: Cloud Healthcare description: The Consent Management API is a tool for tracking user consents and the documentation associated with the consents. @@ -89654,6 +93964,113 @@ resources: Output only. Client secret of the OAuth client. Note: This property is sensitive and will not be displayed in the plan. importStatements: [] + google_iap_tunnel_dest_group: + subCategory: Identity-Aware Proxy + description: Tunnel destination groups represent resources that have the same tunnel access restrictions. + name: google_iap_tunnel_dest_group + title: "" + examples: + - name: dest_group + manifest: |- + { + "cidrs": [ + "10.1.0.0/16", + "192.168.10.0/24" + ], + "group_name": "testgroup", + "region": "us-central1" + } + argumentDocs: + cidrs: |- + - + (Optional) + List of CIDRs that this group applies to. + create: '- Default is 20 minutes.' + delete: '- Default is 20 minutes.' + fqdns: |- + - + (Optional) + List of FQDNs that this group applies to. + group_name: |- + - + (Required) + Unique tunnel destination group name. + id: '- an identifier for the resource with format projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{group_name}}' + name: |- + - + Full resource name. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The region of the tunnel group. Must be the same as the network resources in the group. + update: '- Default is 20 minutes.' + importStatements: [] + google_iap_tunnel_dest_group_iam_policy: + subCategory: Identity-Aware Proxy + description: Collection of resources to manage IAM policy for Identity-Aware Proxy TunnelDestGroup + name: google_iap_tunnel_dest_group_iam_policy + title: "" + examples: + - name: policy + manifest: |- + { + "dest_group": "${google_iap_tunnel_dest_group.dest_group.group_name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_iap_tunnel_dest_group.dest_group.project}", + "region": "${google_iap_tunnel_dest_group.dest_group.region}" + } + references: + dest_group: google_iap_tunnel_dest_group.dest_group.group_name + policy_data: data.google_iam_policy.admin.policy_data + project: google_iap_tunnel_dest_group.dest_group.project + region: google_iap_tunnel_dest_group.dest_group.region + - name: policy + manifest: |- + { + "dest_group": "${google_iap_tunnel_dest_group.dest_group.group_name}", + "policy_data": "${data.google_iam_policy.admin.policy_data}", + "project": "${google_iap_tunnel_dest_group.dest_group.project}", + "region": "${google_iap_tunnel_dest_group.dest_group.region}" + } + references: + dest_group: google_iap_tunnel_dest_group.dest_group.group_name + policy_data: data.google_iam_policy.admin.policy_data + project: google_iap_tunnel_dest_group.dest_group.project + region: google_iap_tunnel_dest_group.dest_group.region + argumentDocs: + condition: |- + - (Optional) An IAM Condition for a given binding. + Structure is documented below. + condition.description: '- (Optional) An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.' + condition.expression: '- (Required) Textual representation of an expression in Common Expression Language syntax.' + condition.title: '- (Required) A title for the expression, i.e. a short string describing its purpose.' + etag: '- (Computed) The etag of the IAM policy.' + google_iap_tunnel_dest_group_iam_binding: ': Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.' + google_iap_tunnel_dest_group_iam_member: ': Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.' + google_iap_tunnel_dest_group_iam_policy: ': Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.' + group_name: '- (Required) Unique tunnel destination group name. Used to find the parent resource to bind the IAM policy to' + member/members: |- + - (Required) Identities that will be granted the privilege in role. + Each entry can have one of the following values: + policy_data: |- + - (Required only by google_iap_tunnel_dest_group_iam_policy) The policy data generated by + a google_iam_policy data source. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + region: |- + - (Optional) The region of the tunnel group. Must be the same as the network resources in the group. + Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no + region is specified, it is taken from the provider configuration. + role: |- + - (Required) The role that should be applied. Only one + google_iap_tunnel_dest_group_iam_binding can be used per role. Note that custom roles must be of the format + [projects|organizations]/{parent-name}/roles/{role-name}. + importStatements: [] google_iap_tunnel_iam_policy: subCategory: Identity-Aware Proxy description: Collection of resources to manage IAM policy for Identity-Aware Proxy Tunnel @@ -91853,6 +96270,426 @@ resources: - Time the Namespace was updated in UTC. importStatements: [] + google_integrations_auth_config: + subCategory: Application Integration + description: The AuthConfig resource use to hold channels and connection config data. + name: google_integrations_auth_config + title: "" + examples: + - name: basic_example + manifest: |- + { + "decrypted_credential": [ + { + "credential_type": "USERNAME_AND_PASSWORD", + "username_and_password": [ + { + "password": "test-password", + "username": "test-username" + } + ] + } + ], + "depends_on": [ + "${google_integrations_client.client}" + ], + "description": "Test auth config created via terraform", + "display_name": "test-authconfig", + "location": "us-west1" + } + dependencies: + google_integrations_client.client: |- + { + "location": "us-west1" + } + argumentDocs: + auth_token.token: |- + - + (Optional) + The token for the auth type. + auth_token.type: |- + - + (Optional) + Authentication type, e.g. "Basic", "Bearer", etc. + certificate_id: |- + - + Certificate id for client certificate. + client_certificate: |- + - + (Optional) + Raw client certificate + Structure is documented below. + client_certificate.encrypted_private_key: |- + - + (Required) + The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. + client_certificate.passphrase: |- + - + (Optional) + 'passphrase' should be left unset if private key is not encrypted. + Note that 'passphrase' is not the password for web server, but an extra layer of security to protected private key. + client_certificate.ssl_certificate: |- + - + (Required) + The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines. + create: '- Default is 20 minutes.' + create_time: |- + - + The timestamp when the auth config is created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + creator_email: |- + - + The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call. + credential_type: |- + - + Credential type of the encrypted credential. + decrypted_credential: |- + - + (Optional) + Raw auth credentials. + Structure is documented below. + decrypted_credential.auth_token: |- + - + (Optional) + Auth token credential. + Structure is documented below. + decrypted_credential.credential_type: |- + - + (Required) + Credential type associated with auth configs. + decrypted_credential.jwt: |- + - + (Optional) + JWT credential. + Structure is documented below. + decrypted_credential.oauth2_authorization_code: |- + - + (Optional) + OAuth2 authorization code credential. + Structure is documented below. + decrypted_credential.oauth2_client_credentials: |- + - + (Optional) + OAuth2 client credentials. + Structure is documented below. + decrypted_credential.oidc_token: |- + - + (Optional) + Google OIDC ID Token. + Structure is documented below. + decrypted_credential.service_account_credentials: |- + - + (Optional) + Service account credential. + Structure is documented below. + decrypted_credential.username_and_password: |- + - + (Optional) + Username and password credential. + Structure is documented below. + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + A description of the auth config. + display_name: |- + - + (Required) + The name of the auth config. + encrypted_credential: |- + - + Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key. + A base64-encoded string. + expiry_notification_duration: |- + - + (Optional) + User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours. + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s". + id: '- an identifier for the resource with format {{name}}' + jwt.jwt: |- + - + (Output) + The token calculated by the header, payload and signature. + jwt.jwt_header: |- + - + (Optional) + Identifies which algorithm is used to generate the signature. + jwt.jwt_payload: |- + - + (Optional) + Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token. + jwt.secret: |- + - + (Optional) + User's pre-shared secret to sign the token. + key.literal_value: |- + - + (Optional) + Passing a literal value + Structure is documented below. + key.literal_value.string_value: |- + - + (Optional) + String. + last_modifier_email: |- + - + The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call. + location: |- + - + (Required) + Location in which client needs to be provisioned. + name: |- + - + Resource name of the auth config. + oauth2_authorization_code.auth_endpoint: |- + - + (Optional) + The auth url endpoint to send the auth code request to. + oauth2_authorization_code.client_id: |- + - + (Optional) + The client's id. + oauth2_authorization_code.client_secret: |- + - + (Optional) + The client's secret. + oauth2_authorization_code.scope: |- + - + (Optional) + A space-delimited list of requested scope permissions. + oauth2_authorization_code.token_endpoint: |- + - + (Optional) + The token url endpoint to send the token request to. + oauth2_client_credentials.client_id: |- + - + (Optional) + The client's ID. + oauth2_client_credentials.client_secret: |- + - + (Optional) + The client's secret. + oauth2_client_credentials.request_type: |- + - + (Optional) + Represent how to pass parameters to fetch access token + Possible values are: REQUEST_TYPE_UNSPECIFIED, REQUEST_BODY, QUERY_PARAMETERS, ENCODED_HEADER. + oauth2_client_credentials.scope: |- + - + (Optional) + A space-delimited list of requested scope permissions. + oauth2_client_credentials.token_endpoint: |- + - + (Optional) + The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. + oauth2_client_credentials.token_params: |- + - + (Optional) + Token parameters for the auth request. + Structure is documented below. + oidc_token.audience: |- + - + (Optional) + Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. + oidc_token.service_account_email: |- + - + (Optional) + The service account email to be used as the identity for the token. + oidc_token.token: |- + - + (Output) + ID token obtained for the service account. + oidc_token.token_expire_time: |- + - + (Output) + The approximate time until the token retrieved is valid. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + override_valid_time: |- + - + (Optional) + User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reason: |- + - + The reason / details of the current status. + service_account_credentials.scope: |- + - + (Optional) + A space-delimited list of requested scope permissions. + service_account_credentials.service_account: |- + - + (Optional) + Name of the service account that has the permission to make the request. + state: |- + - + The status of the auth config. + token_params.entries: |- + - + (Optional) + A list of parameter map entries. + Structure is documented below. + token_params.entries.key: |- + - + (Optional) + Key of the map entry. + Structure is documented below. + token_params.entries.value: |- + - + (Optional) + Value of the map entry. + Structure is documented below. + update: '- Default is 20 minutes.' + update_time: |- + - + The timestamp when the auth config is modified. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + username_and_password.password: |- + - + (Optional) + Password to be used. + username_and_password.username: |- + - + (Optional) + Username to be used. + valid_time: |- + - + The time until the auth config is valid. Empty or max value is considered the auth config won't expire. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + value.literal_value: |- + - + (Optional) + Passing a literal value + Structure is documented below. + value.literal_value.string_value: |- + - + (Optional) + String. + visibility: |- + - + (Optional) + The visibility of the auth config. + Possible values are: PRIVATE, CLIENT_VISIBLE. + importStatements: [] + google_integrations_client: + subCategory: Application Integration + description: Application Integration Client. + name: google_integrations_client + title: "" + examples: + - name: example + manifest: |- + { + "location": "us-central1" + } + - name: example + manifest: |- + { + "cloud_kms_config": [ + { + "key": "${google_kms_crypto_key.cryptokey.id}", + "key_version": "${google_kms_crypto_key_version.test_key.id}", + "kms_location": "us-east1", + "kms_project_id": "${data.google_project.test_project.project_id}", + "kms_ring": "${google_kms_key_ring.keyring.id}" + } + ], + "create_sample_integrations": true, + "location": "us-east1", + "run_as_service_account": "${google_service_account.service_account.email}" + } + references: + cloud_kms_config.key: google_kms_crypto_key.cryptokey.id + cloud_kms_config.key_version: google_kms_crypto_key_version.test_key.id + cloud_kms_config.kms_project_id: data.google_project.test_project.project_id + cloud_kms_config.kms_ring: google_kms_key_ring.keyring.id + run_as_service_account: google_service_account.service_account.email + dependencies: + google_kms_crypto_key.cryptokey: |- + { + "key_ring": "${google_kms_key_ring.keyring.id}", + "name": "crypto-key-example", + "rotation_period": "7776000s" + } + google_kms_crypto_key_version.test_key: |- + { + "crypto_key": "${google_kms_crypto_key.cryptokey.id}" + } + google_kms_key_ring.keyring: |- + { + "location": "us-east1", + "name": "my-keyring" + } + google_service_account.service_account: |- + { + "account_id": "service-account-id", + "display_name": "Service Account" + } + argumentDocs: + cloud_kms_config: |- + - + (Optional) + Cloud KMS config for AuthModule to encrypt/decrypt credentials. + Structure is documented below. + cloud_kms_config.key: |- + - + (Required) + A Cloud KMS key is a named object containing one or more key versions, along + with metadata for the key. A key exists on exactly one key ring tied to a + specific location. + cloud_kms_config.key_version: |- + - + (Optional) + Each version of a key contains key material used for encryption or signing. + A key's version is represented by an integer, starting at 1. To decrypt data + or verify a signature, you must use the same key version that was used to + encrypt or sign the data. + cloud_kms_config.kms_location: |- + - + (Required) + Location name of the key ring, e.g. "us-west1". + cloud_kms_config.kms_project_id: |- + - + (Optional) + The Google Cloud project id of the project where the kms key stored. If empty, + the kms key is stored at the same project as customer's project and ecrypted + with CMEK, otherwise, the kms key is stored in the tenant project and + encrypted with GMEK. + cloud_kms_config.kms_ring: |- + - + (Required) + A key ring organizes keys in a specific Google Cloud location and allows you to + manage access control on groups of keys. A key ring's name does not need to be + unique across a Google Cloud project, but must be unique within a given location. + create: '- Default is 20 minutes.' + create_sample_integrations: |- + - + (Optional) + Indicates if sample integrations should be created along with provisioning. + create_sample_workflows: |- + - + (Optional, Deprecated) + Indicates if sample workflow should be created along with provisioning. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/clients' + location: |- + - + (Required) + Location in which client needs to be provisioned. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + provision_gmek: |- + - + (Optional, Deprecated) + Indicates provision with GMEK or CMEK. + run_as_service_account: |- + - + (Optional) + User input run-as service account, if empty, will bring up a new default service account. + importStatements: [] google_kms_crypto_key: subCategory: Cloud Key Management Service description: A @@ -91906,6 +96743,11 @@ resources: } argumentDocs: create: '- Default is 20 minutes.' + crypto_key_backend: |- + - + (Optional) + The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. delete: '- Default is 20 minutes.' destroy_scheduled_duration: |- - @@ -92086,9 +96928,10 @@ resources: The attestation data provided by the HSM when the key operation was performed. attestation.external_protection_level_options: |- - - (Optional) + (Optional, Deprecated) ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. Structure is documented below. + attestation.externalProtectionLevelOptions: is being un-nested from the attestation field. Please use the top level externalProtectionLevelOptions field instead. attestation.format: |- - (Output) @@ -92112,6 +96955,11 @@ resources: The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' delete: '- Default is 20 minutes.' + external_protection_level_options: |- + - + (Optional) + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + Structure is documented below. external_protection_level_options.ekm_connection_key_path: |- - (Optional) @@ -92137,6 +96985,125 @@ resources: Possible values are: PENDING_GENERATION, ENABLED, DISABLED, DESTROYED, DESTROY_SCHEDULED, PENDING_IMPORT, IMPORT_FAILED. update: '- Default is 20 minutes.' importStatements: [] + google_kms_ekm_connection: + subCategory: Cloud Key Management Service + name: google_kms_ekm_connection + title: "" + examples: + - name: example-ekmconnection + manifest: |- + { + "key_management_mode": "MANUAL", + "location": "us-central1", + "name": "ekmconnection_example", + "service_resolvers": [ + { + "hostname": "example-ekm.goog", + "server_certificates": [ + { + "raw_der": "==HAwIBCCAr6gAwIBAgIUWR+EV4lqiV7Ql12VY==" + } + ], + "service_directory_service": "projects/project_id/locations/us-central1/namespaces/namespace_name/services/service_name" + } + ] + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. The time at which the EkmConnection was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/ekmConnections/{{name}}' + location: |- + - + (Required) + The location for the EkmConnection. + A full list of valid locations can be found by running gcloud kms locations list. + name: |- + - + (Required) + The resource name for the EkmConnection. + server_certificates.crypto_space_path: |- + - + (Optional) + Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS. + server_certificates.etag: |- + - + (Optional) + Optional. Etag of the currently stored EkmConnection. + server_certificates.issuer: |- + - + (Output) + Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true. + server_certificates.key_management_mode: |- + - + (Optional) + Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL + Default value is MANUAL. + Possible values are: MANUAL, CLOUD_KMS. + server_certificates.not_after_time: |- + - + (Output) + Output only. The certificate is not valid after this time. Only present if parsed is true. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + server_certificates.not_before_time: |- + - + (Output) + Output only. The certificate is not valid before this time. Only present if parsed is true. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + server_certificates.parsed: |- + - + (Output) + Output only. True if the certificate was parsed successfully. + server_certificates.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + server_certificates.raw_der: |- + - + (Required) + Required. The raw certificate bytes in DER format. A base64-encoded string. + server_certificates.serial_number: |- + - + (Output) + Output only. The certificate serial number as a hex string. Only present if parsed is true. + server_certificates.sha256_fingerprint: |- + - + (Output) + Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true. + server_certificates.subject: |- + - + (Output) + Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true. + server_certificates.subject_alternative_dns_names: |- + - + (Output) + Output only. The subject Alternative DNS names. Only present if parsed is true. + service_resolvers: |- + - + (Required) + A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported + Structure is documented below. + service_resolvers.endpoint_filter: |- + - + (Optional) + Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest. + service_resolvers.hostname: |- + - + (Required) + Required. The hostname of the EKM replica used at TLS and HTTP layers. + service_resolvers.server_certificates: |- + - + (Required) + Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported. + Structure is documented below. + service_resolvers.service_directory_service: |- + - + (Required) + Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects//locations//namespaces//services/ + update: '- Default is 20 minutes.' + importStatements: [] google_kms_key_ring: subCategory: Cloud Key Management Service description: A @@ -93624,7 +98591,7 @@ resources: "client_secret": "my-client-secret" } ], - "platform_edition": "LOOKER_CORE_STANDARD", + "platform_edition": "LOOKER_CORE_STANDARD_ANNUAL", "region": "us-central1" } - name: looker-instance @@ -93683,16 +98650,9 @@ resources: "client_secret": "my-client-secret" } ], - "platform_edition": "LOOKER_CORE_STANDARD", + "platform_edition": "LOOKER_CORE_STANDARD_ANNUAL", "public_ip_enabled": true, - "region": "us-central1", - "user_metadata": [ - { - "additional_developer_user_count": 10, - "additional_standard_user_count": 10, - "additional_viewer_user_count": 10 - } - ] + "region": "us-central1" } - name: looker-instance manifest: |- @@ -93809,7 +98769,7 @@ resources: "client_secret": "my-client-secret" } ], - "platform_edition": "LOOKER_CORE_STANDARD", + "platform_edition": "LOOKER_CORE_STANDARD_ANNUAL", "region": "us-central1" } argumentDocs: @@ -95497,6 +100457,7 @@ resources: - (Optional) Not more than one notification per period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". trigger.count: |- - (Optional) @@ -96708,6 +101669,11 @@ resources: { "path": "/some-path", "port": "443", + "service_agent_authentication": [ + { + "type": "OIDC_TOKEN" + } + ], "use_ssl": true, "validate_ssl": true } @@ -96874,7 +101840,7 @@ resources: http_check.auth_info: |- - (Optional) - The authentication information. Optional when creating an HTTP check; defaults to empty. + The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. Structure is documented below. http_check.body: |- - @@ -96916,6 +101882,11 @@ resources: The HTTP request method to use for the check. If set to METHOD_UNSPECIFIED then request_method defaults to GET. Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. + http_check.service_agent_authentication: |- + - + (Optional) + The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + Structure is documented below. http_check.use_ssl: |- - (Optional) @@ -96982,6 +101953,11 @@ resources: - (Optional) The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions. + service_agent_authentication.type: |- + - + (Optional) + The type of authentication to use. + Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. synthetic_monitor: |- - (Optional) @@ -98141,6 +103117,168 @@ resources: - Output only. The time the hub was last updated. importStatements: [] + google_network_connectivity_internal_range: + subCategory: Network Connectivity + description: The internal range resource for IPAM operations within a VPC network. + name: google_network_connectivity_internal_range + title: "" + examples: + - name: default + manifest: |- + { + "description": "Test internal range", + "ip_cidr_range": "10.0.0.0/24", + "labels": { + "label-a": "b" + }, + "name": "basic", + "network": "${google_compute_network.default.self_link}", + "peering": "FOR_SELF", + "usage": "FOR_VPC" + } + references: + network: google_compute_network.default.self_link + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "internal-ranges" + } + - name: default + manifest: |- + { + "name": "automatic-reservation", + "network": "${google_compute_network.default.id}", + "peering": "FOR_SELF", + "prefix_length": 24, + "target_cidr_range": [ + "192.16.0.0/16" + ], + "usage": "FOR_VPC" + } + references: + network: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "internal-ranges" + } + - name: default + manifest: |- + { + "ip_cidr_range": "172.16.0.0/24", + "labels": { + "external-reserved-range": "on-premises" + }, + "name": "external-ranges", + "network": "${google_compute_network.default.id}", + "peering": "FOR_SELF", + "usage": "EXTERNAL_TO_VPC" + } + references: + network: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "internal-ranges" + } + - name: default + manifest: |- + { + "depends_on": [ + "${google_compute_subnetwork.default}" + ], + "description": "Test internal range", + "ip_cidr_range": "10.0.0.0/30", + "name": "overlap-range", + "network": "${google_compute_network.default.id}", + "overlaps": [ + "OVERLAP_EXISTING_SUBNET_RANGE" + ], + "peering": "FOR_SELF", + "usage": "FOR_VPC" + } + references: + network: google_compute_network.default.id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "internal-ranges" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/24", + "name": "overlapping-subnet", + "network": "${google_compute_network.default.id}", + "region": "us-central1" + } + argumentDocs: + create: '- Default is 30 minutes.' + delete: '- Default is 30 minutes.' + description: |- + - + (Optional) + An optional description of this resource. + effective_labels: for all of the labels present on the resource. + id: '- an identifier for the resource with format projects/{{project}}/locations/global/internalRanges/{{name}}' + ip_cidr_range: |- + - + (Optional) + The IP range that this internal range defines. + labels: |- + - + (Optional) + User-defined labels. + name: |- + - + (Required) + The name of the policy based route. + network: |- + - + (Required) + Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network. + overlaps: |- + - + (Optional) + Optional. Types of resources that are allowed to overlap with the current internal range. + Each value may be one of: OVERLAP_ROUTE_RANGE, OVERLAP_EXISTING_SUBNET_RANGE. + peering: |- + - + (Required) + The type of peering set for this internal range. + Possible values are: FOR_SELF, FOR_PEER, NOT_SHARED. + prefix_length: |- + - + (Optional) + An alternate to ipCidrRange. Can be set when trying to create a reservation that automatically finds a free range of the given size. + If both ipCidrRange and prefixLength are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + target_cidr_range: |- + - + (Optional) + Optional. Can be set to narrow down or pick a different address space while searching for a free range. + If not set, defaults to the "10.0.0.0/8" address space. This can be used to search in other rfc-1918 address spaces like "172.16.0.0/12" and "192.168.0.0/16" or non-rfc-1918 address spaces used in the VPC. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 30 minutes.' + usage: |- + - + (Required) + The type of usage set for this InternalRange. + Possible values are: FOR_VPC, EXTERNAL_TO_VPC. + users: |- + - + Output only. The list of resources that refer to this internal range. + Resources that use the internal range for their range allocation are referred to as users of the range. + Other resources mark themselves as users while doing so by creating a reference to this internal range. Having a user, based on this reference, prevents deletion of the internal range referred to. Can be empty. + importStatements: [] google_network_connectivity_policy_based_route: subCategory: Network Connectivity description: Policy-based Routes are more powerful routes that route L4 network traffic based on not just destination IP, but also source IP, protocol and more. @@ -99444,6 +104582,7 @@ resources: - name: default manifest: |- { + "billing_project_id": "my-project-name", "labels": { "foo": "bar" }, @@ -99461,6 +104600,10 @@ resources: This is a projection of the FirewallEndpointAssociations pointing at this endpoint. A network will only appear in this list after traffic routing is fully configured. Format: projects/{project}/global/networks/{name}. + billing_project_id: |- + - + (Required) + Project to bill on endpoint uptime usage. create: '- Default is 60 minutes.' create_time: |- - @@ -99503,6 +104646,97 @@ resources: - Time the firewall endpoint was updated in UTC. importStatements: [] + google_network_security_firewall_endpoint_association: + subCategory: Network security + description: Firewall endpoint association links a firewall endpoint to a VPC network in the same zone. + name: google_network_security_firewall_endpoint_association + title: "" + examples: + - name: default_association + manifest: |- + { + "labels": { + "foo": "bar" + }, + "location": "us-central1-a", + "name": "my-firewall-endpoint-association", + "parent": "projects/my-project-name", + "provider": "${google-beta}" + } + references: + provider: google-beta + dependencies: + google_network_security_firewall_endpoint.default: |- + { + "labels": { + "foo": "bar" + }, + "location": "us-central1-a", + "name": "my-firewall-endpoint", + "parent": "organizations/123456789", + "provider": "${google-beta}" + } + argumentDocs: + create: '- Default is 20 minutes.' + create_time: |- + - + Time the firewall endpoint was created in UTC. + delete: '- Default is 20 minutes.' + disabled: |- + - + (Optional) + Whether the association is disabled. True indicates that traffic will not be intercepted. + ~> Note: The API will reject the request if this value is set to true when creating the resource, + otherwise on an update the association can be disabled. + effective_labels: for all of the labels present on the resource. + firewall_endpoint: |- + - + (Required) + The URL of the firewall endpoint that is being associated. + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}' + labels: |- + - + (Optional) + A map of key/value label pairs to assign to the resource. + location: |- + - + (Required) + The location (zone) of the firewall endpoint association. + name: |- + - + (Required) + The name of the firewall endpoint association resource. + network: |- + - + (Required) + The URL of the network that is being associated. + parent: |- + - + (Optional) + The name of the parent this firewall endpoint association belongs to. + Format: projects/{project_id}. + reconciling: |- + - + Whether reconciling is in progress, recommended per https://google.aip.dev/128. + self_link: |- + - + Server-defined URL of this resource. + state: |- + - + The current state of the endpoint. + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + tls_inspection_policy: |- + - + (Optional) + The URL of the TlsInspectionPolicy that is being associated. + update: '- Default is 20 minutes.' + update_time: |- + - + Time the firewall endpoint was updated in UTC. + importStatements: [] google_network_security_gateway_security_policy: subCategory: Network security description: The GatewaySecurityPolicy resource contains a collection of GatewaySecurityPolicyRules and associated metadata. @@ -104495,6 +109729,10 @@ resources: "https://www.googleapis.com/auth/userinfo.email" ], "subnet": "${data.google_compute_subnetwork.my_subnetwork.id}", + "tags": [ + "foo", + "bar" + ], "vm_image": [ { "image_family": "tf-latest-cpu", @@ -107916,6 +113154,143 @@ resources: (Required) The user email. importStatements: [] + google_parallelstore_instance: + subCategory: Parallelstore + description: A Parallelstore Instance. + name: google_parallelstore_instance + title: "" + examples: + - name: instance + manifest: |- + { + "capacity_gib": 12000, + "depends_on": [ + "${google_service_networking_connection.default}" + ], + "description": "test instance", + "instance_id": "instance", + "labels": { + "test": "value" + }, + "location": "us-central1-a", + "network": "${google_compute_network.network.name}", + "provider": "${google-beta}" + } + references: + network: google_compute_network.network.name + provider: google-beta + dependencies: + google_compute_global_address.private_ip_alloc: |- + { + "address_type": "INTERNAL", + "name": "address", + "network": "${google_compute_network.network.id}", + "prefix_length": 24, + "provider": "${google-beta}", + "purpose": "VPC_PEERING" + } + google_compute_network.network: |- + { + "auto_create_subnetworks": true, + "mtu": 8896, + "name": "network", + "provider": "${google-beta}" + } + google_service_networking_connection.default: |- + { + "network": "${google_compute_network.network.id}", + "provider": "${google-beta}", + "reserved_peering_ranges": [ + "${google_compute_global_address.private_ip_alloc.name}" + ], + "service": "servicenetworking.googleapis.com" + } + argumentDocs: + '[a-z0-9_-]{0,63}': . + a-z{0,62}: . + access_points: |- + - + List of access_points. + Contains a list of IPv4 addresses used for client side configuration. + capacity_gib: |- + - + (Required) + Immutable. Storage capacity of Parallelstore instance in Gibibytes (GiB). + create: '- Default is 20 minutes.' + create_time: |- + - + The time when the instance was created. + daos_version: |- + - + The version of DAOS software running in the instance + delete: '- Default is 20 minutes.' + description: |- + - + (Optional) + The description of the instance. 2048 characters or less. + effective_labels: for all of the labels present on the resource. + effective_reserved_ip_range: |- + - + Immutable. Contains the id of the allocated IP address range associated with the + private service access connection for example, "test-default" associated + with IP range 10.0.0.0/29. This field is populated by the service and + and contains the value currently used by the service. + id: '- an identifier for the resource with format projects/{{project}}/locations/{{location}}/instances/{{instance_id}}' + instance_id: |- + - + (Required) + The logical name of the Parallelstore instance in the user project with the following restrictions: + labels: |- + - + (Optional) + Cloud Labels are a flexible and lightweight mechanism for organizing cloud + resources into groups that reflect a customer's organizational needs and + deployment strategies. Cloud Labels can be used to filter collections of + resources. They can be used to control how resource metrics are aggregated. + And they can be used as arguments to policy management rules (e.g. route, + firewall, load balancing, etc.). + location: |- + - + (Required) + Part of parent. See documentation of projectsId. + name: |- + - + The resource name of the instance, in the format + projects/{project}/locations/{location}/instances/{instance_id} + network: |- + - + (Optional) + Immutable. The name of the Google Compute Engine + VPC network to which the + instance is connected. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + reserved_ip_range: |- + - + (Optional) + Immutable. Contains the id of the allocated IP address range associated with the + private service access connection for example, "test-default" associated + with IP range 10.0.0.0/29. If no range id is provided all ranges will be + considered. + state: |- + - + The instance state. + Possible values: + STATE_UNSPECIFIED + CREATING + ACTIVE + DELETING + FAILED + terraform_labels: |- + - + The combination of labels configured directly on the resource + and default labels configured on the provider. + update: '- Default is 20 minutes.' + update_time: |- + - + The time when the instance was updated. + importStatements: [] google_privateca_ca_pool: subCategory: Certificate Authority Service description: A CaPool represents a group of CertificateAuthorities that form a trust anchor. @@ -108679,7 +114054,276 @@ resources: ], "extended_key_usage": [ { - "server_auth": true + "server_auth": true + } + ] + } + ] + } + ] + } + ], + "deletion_protection": false, + "ignore_active_certificates_on_deletion": true, + "key_spec": [ + { + "algorithm": "RSA_PKCS1_4096_SHA256" + } + ], + "location": "us-central1", + "pool": "${google_privateca_ca_pool.default.name}", + "skip_grace_period": true + } + tls_private_key.cert_key: |- + { + "algorithm": "RSA" + } + - name: default + manifest: |- + { + "certificate_authority": "${google_privateca_certificate_authority.default.certificate_authority_id}", + "certificate_template": "${google_privateca_certificate_template.default.id}", + "lifetime": "860s", + "location": "us-central1", + "name": "my-certificate", + "pem_csr": "${file(\"test-fixtures/rsa_csr.pem\")}", + "pool": "${google_privateca_ca_pool.default.name}" + } + references: + certificate_authority: google_privateca_certificate_authority.default.certificate_authority_id + certificate_template: google_privateca_certificate_template.default.id + pool: google_privateca_ca_pool.default.name + dependencies: + google_privateca_ca_pool.default: |- + { + "location": "us-central1", + "name": "my-pool", + "tier": "ENTERPRISE" + } + google_privateca_certificate_authority.default: |- + { + "certificate_authority_id": "my-authority", + "config": [ + { + "subject_config": [ + { + "subject": [ + { + "common_name": "my-certificate-authority", + "organization": "HashiCorp" + } + ], + "subject_alt_name": [ + { + "dns_names": [ + "hashicorp.com" + ] + } + ] + } + ], + "x509_config": [ + { + "ca_options": [ + { + "is_ca": true + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": true, + "crl_sign": true + } + ], + "extended_key_usage": [ + { + "server_auth": false + } + ] + } + ] + } + ] + } + ], + "deletion_protection": false, + "ignore_active_certificates_on_deletion": true, + "key_spec": [ + { + "algorithm": "RSA_PKCS1_4096_SHA256" + } + ], + "location": "us-central1", + "pool": "${google_privateca_ca_pool.default.name}", + "skip_grace_period": true + } + google_privateca_certificate_template.default: |- + { + "description": "An updated sample certificate template", + "identity_constraints": [ + { + "allow_subject_alt_names_passthrough": true, + "allow_subject_passthrough": true, + "cel_expression": [ + { + "description": "Always true", + "expression": "true", + "location": "any.file.anywhere", + "title": "Sample expression" + } + ] + } + ], + "location": "us-central1", + "name": "my-certificate-template", + "passthrough_extensions": [ + { + "additional_extensions": [ + { + "object_id_path": [ + 1, + 6 + ] + } + ], + "known_extensions": [ + "EXTENDED_KEY_USAGE" + ] + } + ], + "predefined_values": [ + { + "additional_extensions": [ + { + "critical": true, + "object_id": [ + { + "object_id_path": [ + 1, + 6 + ] + } + ], + "value": "c3RyaW5nCg==" + } + ], + "aia_ocsp_servers": [ + "string" + ], + "ca_options": [ + { + "is_ca": false, + "max_issuer_path_length": 6 + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": false, + "content_commitment": true, + "crl_sign": false, + "data_encipherment": true, + "decipher_only": true, + "digital_signature": true, + "encipher_only": true, + "key_agreement": true, + "key_encipherment": true + } + ], + "extended_key_usage": [ + { + "client_auth": true, + "code_signing": true, + "email_protection": true, + "ocsp_signing": true, + "server_auth": true, + "time_stamping": true + } + ], + "unknown_extended_key_usages": [ + { + "object_id_path": [ + 1, + 6 + ] + } + ] + } + ], + "policy_ids": [ + { + "object_id_path": [ + 1, + 6 + ] + } + ] + } + ] + } + - name: default + manifest: |- + { + "certificate_authority": "${google_privateca_certificate_authority.default.certificate_authority_id}", + "lifetime": "860s", + "location": "us-central1", + "name": "my-certificate", + "pem_csr": "${file(\"test-fixtures/rsa_csr.pem\")}", + "pool": "${google_privateca_ca_pool.default.name}" + } + references: + certificate_authority: google_privateca_certificate_authority.default.certificate_authority_id + pool: google_privateca_ca_pool.default.name + dependencies: + google_privateca_ca_pool.default: |- + { + "location": "us-central1", + "name": "my-pool", + "tier": "ENTERPRISE" + } + google_privateca_certificate_authority.default: |- + { + "certificate_authority_id": "my-authority", + "config": [ + { + "subject_config": [ + { + "subject": [ + { + "common_name": "my-certificate-authority", + "organization": "HashiCorp" + } + ], + "subject_alt_name": [ + { + "dns_names": [ + "hashicorp.com" + ] + } + ] + } + ], + "x509_config": [ + { + "ca_options": [ + { + "is_ca": true + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": true, + "crl_sign": true + } + ], + "extended_key_usage": [ + { + "server_auth": false } ] } @@ -108699,208 +114343,67 @@ resources: "pool": "${google_privateca_ca_pool.default.name}", "skip_grace_period": true } - tls_private_key.cert_key: |- - { - "algorithm": "RSA" - } - name: default manifest: |- { - "certificate_authority": "${google_privateca_certificate_authority.default.certificate_authority_id}", - "certificate_template": "${google_privateca_certificate_template.default.id}", - "lifetime": "860s", - "location": "us-central1", - "name": "my-certificate", - "pem_csr": "${file(\"test-fixtures/rsa_csr.pem\")}", - "pool": "${google_privateca_ca_pool.default.name}" - } - references: - certificate_authority: google_privateca_certificate_authority.default.certificate_authority_id - certificate_template: google_privateca_certificate_template.default.id - pool: google_privateca_ca_pool.default.name - dependencies: - google_privateca_ca_pool.default: |- - { - "location": "us-central1", - "name": "my-pool", - "tier": "ENTERPRISE" - } - google_privateca_certificate_authority.default: |- - { - "certificate_authority_id": "my-authority", - "config": [ - { - "subject_config": [ - { - "subject": [ - { - "common_name": "my-certificate-authority", - "organization": "HashiCorp" - } - ], - "subject_alt_name": [ - { - "dns_names": [ - "hashicorp.com" - ] - } - ] - } - ], - "x509_config": [ - { - "ca_options": [ - { - "is_ca": true - } - ], - "key_usage": [ - { - "base_key_usage": [ - { - "cert_sign": true, - "crl_sign": true - } - ], - "extended_key_usage": [ - { - "server_auth": false - } - ] - } - ] - } - ] - } - ], - "deletion_protection": false, - "ignore_active_certificates_on_deletion": true, - "key_spec": [ - { - "algorithm": "RSA_PKCS1_4096_SHA256" - } - ], - "location": "us-central1", - "pool": "${google_privateca_ca_pool.default.name}", - "skip_grace_period": true - } - google_privateca_certificate_template.default: |- + "config": [ { - "description": "An updated sample certificate template", - "identity_constraints": [ + "public_key": [ { - "allow_subject_alt_names_passthrough": true, - "allow_subject_passthrough": true, - "cel_expression": [ - { - "description": "Always true", - "expression": "true", - "location": "any.file.anywhere", - "title": "Sample expression" - } - ] + "format": "PEM", + "key": "${filebase64(\"test-fixtures/rsa_public.pem\")}" } ], - "location": "us-central1", - "name": "my-certificate-template", - "passthrough_extensions": [ + "subject_config": [ { - "additional_extensions": [ + "subject": [ { - "object_id_path": [ - 1, - 6 - ] + "common_name": "san1.example.com", + "country_code": "us", + "locality": "mountain view", + "organization": "google", + "organizational_unit": "enterprise", + "postal_code": "94109", + "province": "california", + "street_address": "1600 amphitheatre parkway" } - ], - "known_extensions": [ - "EXTENDED_KEY_USAGE" ] } ], - "predefined_values": [ + "x509_config": [ { - "additional_extensions": [ - { - "critical": true, - "object_id": [ - { - "object_id_path": [ - 1, - 6 - ] - } - ], - "value": "c3RyaW5nCg==" - } - ], - "aia_ocsp_servers": [ - "string" - ], "ca_options": [ { - "is_ca": false, - "max_issuer_path_length": 6 + "is_ca": false } ], "key_usage": [ { "base_key_usage": [ { - "cert_sign": false, - "content_commitment": true, - "crl_sign": false, - "data_encipherment": true, - "decipher_only": true, - "digital_signature": true, - "encipher_only": true, - "key_agreement": true, - "key_encipherment": true + "crl_sign": true } ], "extended_key_usage": [ { - "client_auth": true, - "code_signing": true, - "email_protection": true, - "ocsp_signing": true, - "server_auth": true, - "time_stamping": true - } - ], - "unknown_extended_key_usages": [ - { - "object_id_path": [ - 1, - 6 - ] + "server_auth": true } ] } - ], - "policy_ids": [ - { - "object_id_path": [ - 1, - 6 - ] - } ] } ] } - - name: default - manifest: |- - { - "certificate_authority": "${google_privateca_certificate_authority.default.certificate_authority_id}", + ], + "depends_on": [ + "${google_privateca_certificate_authority.default}" + ], "lifetime": "860s", "location": "us-central1", "name": "my-certificate", - "pem_csr": "${file(\"test-fixtures/rsa_csr.pem\")}", "pool": "${google_privateca_ca_pool.default.name}" } references: - certificate_authority: google_privateca_certificate_authority.default.certificate_authority_id pool: google_privateca_ca_pool.default.name dependencies: google_privateca_ca_pool.default: |- @@ -108943,12 +114446,13 @@ resources: "base_key_usage": [ { "cert_sign": true, - "crl_sign": true + "crl_sign": true, + "digital_signature": true } ], "extended_key_usage": [ { - "server_auth": false + "server_auth": true } ] } @@ -108964,6 +114468,7 @@ resources: "algorithm": "RSA_PKCS1_4096_SHA256" } ], + "lifetime": "86400s", "location": "us-central1", "pool": "${google_privateca_ca_pool.default.name}", "skip_grace_period": true @@ -108995,6 +114500,11 @@ resources: ] } ], + "subject_key_id": [ + { + "key_id": "4cf3372289b1d411b999dbb9ebcd44744b6b2fca" + } + ], "x509_config": [ { "ca_options": [ @@ -109249,6 +114759,11 @@ resources: (Required) Specifies some of the values in a certificate that are related to the subject. Structure is documented below. + config.subject_key_id: |- + - + (Optional) + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. config.x509_config: |- - (Required) @@ -109538,8 +115053,8 @@ resources: Structure is documented below. subject_key_id.key_id: |- - - (Output) - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + (Optional) + The value of the KeyId in lowercase hexidecimal. terraform_labels: |- - The combination of labels configured directly on the resource @@ -109930,6 +115445,81 @@ resources: { "service": "privateca.googleapis.com" } + - name: default + manifest: |- + { + "certificate_authority_id": "my-certificate-authority", + "config": [ + { + "subject_config": [ + { + "subject": [ + { + "common_name": "my-certificate-authority", + "organization": "HashiCorp" + } + ], + "subject_alt_name": [ + { + "dns_names": [ + "hashicorp.com" + ] + } + ] + } + ], + "subject_key_id": [ + { + "key_id": "4cf3372289b1d411b999dbb9ebcd44744b6b2fca" + } + ], + "x509_config": [ + { + "ca_options": [ + { + "is_ca": true, + "max_issuer_path_length": 10 + } + ], + "key_usage": [ + { + "base_key_usage": [ + { + "cert_sign": true, + "content_commitment": true, + "crl_sign": true, + "data_encipherment": true, + "decipher_only": true, + "digital_signature": true, + "key_agreement": true, + "key_encipherment": false + } + ], + "extended_key_usage": [ + { + "client_auth": false, + "code_signing": true, + "email_protection": true, + "server_auth": true, + "time_stamping": true + } + ] + } + ] + } + ] + } + ], + "deletion_protection": "true", + "key_spec": [ + { + "cloud_kms_key_version": "projects/keys-project/locations/us-central1/keyRings/key-ring/cryptoKeys/crypto-key/cryptoKeyVersions/1" + } + ], + "lifetime": "86400s", + "location": "us-central1", + "pool": "ca-pool" + } argumentDocs: access_urls: |- - @@ -110030,6 +115620,11 @@ resources: (Required) Specifies some of the values in a certificate that are related to the subject. Structure is documented below. + config.subject_key_id: |- + - + (Optional) + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. config.x509_config: |- - (Required) @@ -110313,6 +115908,10 @@ resources: (Optional) The subject alternative name fields. Structure is documented below. + subject_key_id.key_id: |- + - + (Optional) + The value of the KeyId in lowercase hexidecimal. subordinate_config.certificate_authority: |- - (Optional) @@ -110751,6 +116350,242 @@ resources: google_privateca_certificate_template_iam_binding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}. importStatements: [] + google_privileged_access_manager_entitlement: + subCategory: Privileged Access Manager + description: An Entitlement defines the eligibility of a set of users to obtain a predefined access for some time possibly after going through an approval workflow. + name: google_privileged_access_manager_entitlement + title: "" + examples: + - name: tfentitlement + manifest: |- + { + "additional_notification_targets": [ + { + "admin_email_recipients": [ + "user@example.com" + ], + "requester_email_recipients": [ + "user@example.com" + ] + } + ], + "approval_workflow": [ + { + "manual_approvals": [ + { + "require_approver_justification": true, + "steps": [ + { + "approvals_needed": 1, + "approver_email_recipients": [ + "user@example.com" + ], + "approvers": [ + { + "principals": [ + "group:test@google.com" + ] + } + ] + } + ] + } + ] + } + ], + "eligible_users": [ + { + "principals": [ + "group:test@google.com" + ] + } + ], + "entitlement_id": "example-entitlement", + "location": "global", + "max_request_duration": "43200s", + "parent": "projects/my-project-name", + "privileged_access": [ + { + "gcp_iam_access": [ + { + "resource": "//cloudresourcemanager.googleapis.com/projects/my-project-name", + "resource_type": "cloudresourcemanager.googleapis.com/Project", + "role_bindings": [ + { + "condition_expression": "request.time \u003c timestamp(\"2024-04-23T18:30:00.000Z\")", + "role": "roles/storage.admin" + } + ] + } + ] + } + ], + "provider": "${google-beta}", + "requester_justification_config": [ + { + "unstructured": [ + {} + ] + } + ] + } + references: + provider: google-beta + argumentDocs: + additional_notification_targets.admin_email_recipients: |- + - + (Optional) + Optional. Additional email addresses to be notified when a principal(requester) is granted access. + additional_notification_targets.requester_email_recipients: |- + - + (Optional) + Optional. Additional email address to be notified about an eligible entitlement. + approval_workflow.manual_approvals: |- + - + (Required) + A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for an Grant. + The workflow can consist of multiple serial steps where each step defines who can act as Approver in that step and how many of those users should approve before the workflow moves to the next step. + This can be used to create approval workflows such as + approval_workflow.manual_approvals.require_approver_justification: |- + - + (Optional) + Optional. Do the approvers need to provide a justification for their actions? + approval_workflow.manual_approvals.steps: |- + - + (Required) + List of approval steps in this workflow. These steps would be followed in the specified order sequentially. 1 step is supported for now. + Structure is documented below. + approvers: |- + ACL for multiple steps in this workflow but they can only approve once and that approval will only be considered to satisfy the approval step at which it was granted. + Structure is documented below. + approvers.principals: |- + - + (Required) + Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at: https://cloud.google.com/iam/docs/principal-identifiers#v1 + create: '- Default is 20 minutes.' + create_time: |- + - + Output only. Create time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z" + delete: '- Default is 20 minutes.' + eligible_users: |- + - + (Required) + Who can create Grants using Entitlement. This list should contain at most one entry + Structure is documented below. + eligible_users.principals: |- + - + (Required) + Users who are being allowed for the operation. Each entry should be a valid v1 IAM Principal Identifier. Format for these is documented at "https://cloud.google.com/iam/docs/principal-identifiers#v1" + entitlement_id: |- + - + (Required) + The ID to use for this Entitlement. This will become the last part of the resource name. + This value should be 4-63 characters, and valid characters are "[a-z]", "[0-9]", and "-". The first character should be from [a-z]. + This value should be unique among all other Entitlements under the specified parent. + etag: |- + - + For Resource freshness validation (https://google.aip.dev/154) + id: '- an identifier for the resource with format {{parent}}/locations/{{location}}/entitlements/{{entitlement_id}}' + location: |- + - + (Required) + The region of the Entitlement resource. + max_request_duration: |- + - + (Required) + The maximum amount of time for which access would be granted for a request. + A requester can choose to ask for access for less than this duration but never more. + Format: calculate the time in seconds and concatenate it with 's' i.e. 2 hours = "7200s", 45 minutes = "2700s" + name: |- + - + Output Only. The entitlement's name follows a hierarchical structure, comprising the organization, folder, or project, alongside the region and a unique entitlement ID. + Formats: organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}, folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}, and projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}. + parent: |- + - + (Required) + Format: project/{project_id} or organization/{organization_number} or folder/{folder_number} + privileged_access: |- + - + (Required) + Privileged access that this service can be used to gate. + Structure is documented below. + privileged_access.gcp_iam_access: |- + - + (Required) + GcpIamAccess represents IAM based access control on a GCP resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM. + Structure is documented below. + privileged_access.gcp_iam_access.resource: |- + - + (Required) + Name of the resource. + privileged_access.gcp_iam_access.resource_type: |- + - + (Required) + The type of this resource. + privileged_access.gcp_iam_access.role_bindings: |- + - + (Required) + Role bindings to be created on successful grant. + Structure is documented below. + requester_justification_config: |- + - + (Required) + Defines the ways in which a requester should provide the justification while requesting for access. + Structure is documented below. + requester_justification_config.additional_notification_targets: |- + - + (Optional) + AdditionalNotificationTargets includes email addresses to be notified. + Structure is documented below. + requester_justification_config.approval_workflow: |- + - + (Optional) + The approvals needed before access will be granted to a requester. + No approvals will be needed if this field is null. Different types of approval workflows that can be used to gate privileged access granting. + Structure is documented below. + requester_justification_config.not_mandatory: |- + - + (Optional) + The justification is not mandatory but can be provided in any of the supported formats. + requester_justification_config.unstructured: |- + - + (Optional) + The requester has to provide a justification in the form of free flowing text. + role_bindings.condition_expression: |- + - + (Optional) + The expression field of the IAM condition to be associated with the role. If specified, a user with an active grant for this entitlement would be able to access the resource only if this condition evaluates to true for their request. + https://cloud.google.com/iam/docs/conditions-overview#attributes. + role_bindings.role: |- + - + (Required) + IAM role to be granted. https://cloud.google.com/iam/docs/roles-overview. + state: |- + - + Output only. The current state of the Entitlement. + steps.approvals_needed: |- + - + (Optional) + How many users from the above list need to approve. + If there are not enough distinct users in the list above then the workflow + will indefinitely block. Should always be greater than 0. Currently 1 is the only + supported value. + steps.approver_email_recipients: |- + - + (Optional) + Optional. Additional email addresses to be notified when a grant is pending approval. + steps.approvers: |- + - + (Required) + The potential set of approvers in this step. This list should contain at only one entry. + Structure is documented below. + update: '- Default is 20 minutes.' + update_time: |- + - + Output only. Update time stamp. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + importStatements: [] google_project: subCategory: Cloud Platform description: Allows management of a Google Cloud Platform project. @@ -112263,11 +118098,61 @@ resources: "name": "example", "type": "AVRO" } + - name: example + manifest: |- + { + "ingestion_data_source_settings": [ + { + "aws_kinesis": [ + { + "aws_role_arn": "arn:aws:iam::111111111111:role/fake-role-name", + "consumer_arn": "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name/consumer/consumer-1:1111111111", + "gcp_service_account": "fake-service-account@fake-gcp-project.iam.gserviceaccount.com", + "stream_arn": "arn:aws:kinesis:us-west-2:111111111111:stream/fake-stream-name" + } + ] + } + ], + "name": "example-topic" + } argumentDocs: create: '- Default is 20 minutes.' delete: '- Default is 20 minutes.' effective_labels: for all of the labels present on the resource. id: '- an identifier for the resource with format projects/{{project}}/topics/{{name}}' + ingestion_data_source_settings: |- + - + (Optional) + Settings for ingestion from a data source into this topic. + Structure is documented below. + ingestion_data_source_settings.aws_kinesis: |- + - + (Optional) + Settings for ingestion from Amazon Kinesis Data Streams. + Structure is documented below. + ingestion_data_source_settings.aws_kinesis.aws_role_arn: |- + - + (Required) + AWS role ARN to be used for Federated Identity authentication with + Kinesis. Check the Pub/Sub docs for how to set up this role and the + required permissions that need to be attached to it. + ingestion_data_source_settings.aws_kinesis.consumer_arn: |- + - + (Required) + The Kinesis consumer ARN to used for ingestion in + Enhanced Fan-Out mode. The consumer must be already + created and ready to be used. + ingestion_data_source_settings.aws_kinesis.gcp_service_account: |- + - + (Required) + The GCP service account to be used for Federated Identity authentication + with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + role). The awsRoleArn must be set up with accounts.google.com:sub + equals to this service account number. + ingestion_data_source_settings.aws_kinesis.stream_arn: |- + - + (Required) + The Kinesis stream ARN to ingest data from. kms_key_name: |- - (Optional) @@ -112629,11 +118514,15 @@ resources: } ], "name": "ha-cluster", + "node_type": "REDIS_SHARED_CORE_NANO", "psc_configs": [ { "network": "${google_compute_network.producer_net.id}" } ], + "redis_configs": { + "maxmemory-policy": "volatile-ttl" + }, "region": "us-central1", "replica_count": 1, "shard_count": 3, @@ -112703,6 +118592,9 @@ resources: (Required) Unique name of the resource in this scope including project and location using the form: projects/{projectId}/locations/{locationId}/clusters/{clusterId} + precise_size_gb: |- + - + Output only. Redis memory precise size in GB for the entire cluster. psc_config.network: |- - (Optional) @@ -112728,9 +118620,21 @@ resources: Required. The consumer network where the network address of the discovery endpoint will be reserved, in the form of projects/{network_project_id_or_number}/global/networks/{network_id}. + psc_configs.node_type: |- + - + (Optional) + The nodeType for the Redis cluster. + If not provided, REDIS_HIGHMEM_MEDIUM will be used as default + Possible values are: REDIS_SHARED_CORE_NANO, REDIS_HIGHMEM_MEDIUM, REDIS_HIGHMEM_XLARGE, REDIS_STANDARD_SMALL. psc_configs.project: |- - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. + psc_configs.redis_configs: |- + - + (Optional) + Configure Redis Cluster behavior using a subset of native Redis configuration parameters. + Please check Memorystore documentation for the list of supported parameters: + https://cloud.google.com/memorystore/docs/cluster/supported-instance-configurations psc_configs.region: |- - (Optional) @@ -114453,6 +120357,19 @@ resources: ], "secret_id": "secret" } + - name: secret-with-version-destroy-ttl + manifest: |- + { + "replication": [ + { + "auto": [ + {} + ] + } + ], + "secret_id": "secret", + "version_destroy_ttl": "2592000s" + } - name: secret-with-automatic-cmek manifest: |- { @@ -114562,6 +120479,14 @@ resources: 'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + customer_managed_encryption.version_destroy_ttl: |- + - + (Optional) + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. delete: '- Default is 20 minutes.' effective_annotations: |- - @@ -115362,7 +121287,7 @@ resources: "policy_set_id": "sha_policy_set" } ], - "posture_id": "posture_1", + "posture_id": "posture_example", "state": "ACTIVE" } argumentDocs: @@ -115701,15 +121626,15 @@ resources: "location": "global", "parent": "organizations/123456789", "posture_deployment_id": "posture_deployment_1", - "posture_id": "${google_securityposture_posture.posture1.name}", - "posture_revision_id": "${google_securityposture_posture.posture1.revision_id}", + "posture_id": "${google_securityposture_posture.posture_1.name}", + "posture_revision_id": "${google_securityposture_posture.posture_1.revision_id}", "target_resource": "projects/1111111111111" } references: - posture_id: google_securityposture_posture.posture1.name - posture_revision_id: google_securityposture_posture.posture1.revision_id + posture_id: google_securityposture_posture.posture_1.name + posture_revision_id: google_securityposture_posture.posture_1.revision_id dependencies: - google_securityposture_posture.posture1: |- + google_securityposture_posture.posture_1: |- { "description": "a new posture", "location": "global", @@ -117396,6 +123321,7 @@ resources: settings.disk_size: '- (Optional) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.' settings.disk_type: '- (Optional) The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.' settings.edition: '- (Optional) The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.' + settings.enable_google_ml_integration: '- (Optional) Enables Cloud SQL instances to connect to Vertex AI and pass requests for real-time predictions and insights. Defaults to false.' settings.insights_config.query_insights_enabled: '- True if Query Insights feature is enabled.' settings.insights_config.query_plans_per_minute: '- Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.' settings.insights_config.query_string_length: '- Maximum query length stored in bytes. Between 256 and 4500. Default to 1024. Higher query lengths are more useful for analytical queries, but they also require more memory. Changing the query length requires you to restart the instance. You can still add tags to queries that exceed the length limit.' @@ -117895,6 +123821,9 @@ resources: retention_policy.retention_period: '- (Required) The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 2,147,483,647 seconds.' rpo: '- (Optional) The recovery point objective for cross-region replication of the bucket. Applicable only for dual and multi-region buckets. "DEFAULT" sets default replication. "ASYNC_TURBO" value enables turbo replication, valid for dual-region buckets only. See Turbo Replication for more information. If rpo is not specified at bucket creation, it defaults to "DEFAULT" for dual and multi-region buckets. NOTE If used with single-region bucket, It will throw an error.' self_link: '- The URI of the created resource.' + soft_delete_policy: '- (Optional, Computed) The bucket''s soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If the block is not provided, Server side value will be kept which means removal of block won''t generate any terraform change. Structure is documented below.' + soft_delete_policy.effective_time: '- (Computed) Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.' + soft_delete_policy.retention_duration_seconds: '- (Optional, Default: 604800) The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800. The value must be in between 604800(7 days) and 7776000(90 days). Note: To disable the soft delete policy on a bucket, This field must be set to 0.' storage_class: '- (Optional, Default: ''STANDARD'') The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.' uniform_bucket_level_access: '- (Optional, Default: false) Enables Uniform bucket-level access access to a bucket.' update: '- Default is 4 minutes.' @@ -118807,8 +124736,9 @@ resources: aws_s3_data_source.bucket_name: '- (Required) S3 Bucket name.' aws_s3_data_source.path: '- (Optional) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' aws_s3_data_source.role_arn: '- (Optional) The Amazon Resource Name (ARN) of the role to support temporary credentials via ''AssumeRoleWithWebIdentity''. For more information about ARNs, see IAM ARNs. When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a ''AssumeRoleWithWebIdentity'' call for the provided role using the [GoogleServiceAccount][] for this project.' - azure_blob_storage_data_source.azure_credentials: '- (Required) Credentials used to authenticate API requests to Azure block.' + azure_blob_storage_data_source.azure_credentials: '- (Required in GA, Optional in Beta) Credentials used to authenticate API requests to Azure block.' azure_blob_storage_data_source.container: '- (Required) The container to transfer from the Azure Storage account.`' + azure_blob_storage_data_source.credentials_secret: '- (Optional, Beta) Full Resource name of a secret in Secret Manager containing SAS Credentials in JSON form. Service Agent for Storage Transfer must have permissions to access secret. If credentials_secret is specified, do not specify azure_credentials.`,' azure_blob_storage_data_source.path: '- (Required) Root path to transfer objects. Must be an empty string or full path name that ends with a ''/''. This field is treated as an object prefix. As such, it should generally not begin with a ''/''.' azure_blob_storage_data_source.storage_account: '- (Required) The name of the Azure Storage account.' azure_credentials.sas_token: '- (Required) Azure shared access signature. See Grant limited access to Azure Storage resources using shared access signatures (SAS).' @@ -119732,6 +125662,99 @@ resources: - The timestamp of when the dataset was last updated in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. importStatements: [] + google_vertex_ai_deployment_resource_pool: + subCategory: Vertex AI + description: '''DeploymentResourcePool can be shared by multiple deployed models, whose underlying specification consists of dedicated resources.' + name: google_vertex_ai_deployment_resource_pool + title: "" + examples: + - name: deployment_resource_pool + manifest: |- + { + "dedicated_resources": [ + { + "autoscaling_metric_specs": [ + { + "metric_name": "aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle", + "target": 60 + } + ], + "machine_spec": [ + { + "accelerator_count": 1, + "accelerator_type": "NVIDIA_TESLA_K80", + "machine_type": "n1-standard-4" + } + ], + "max_replica_count": 2, + "min_replica_count": 1 + } + ], + "name": "example-deployment-resource-pool", + "region": "us-central1" + } + argumentDocs: + autoscaling_metric_specs.metric_name: |- + - + (Required) + The resource metric name. Supported metrics: For Online Prediction: * aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle * aiplatform.googleapis.com/prediction/online/cpu/utilization + autoscaling_metric_specs.target: |- + - + (Optional) + The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided. + create: '- Default is 20 minutes.' + create_time: |- + - + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + dedicated_resources: |- + - + (Optional) + The underlying dedicated resources that the deployment resource pool uses. + Structure is documented below. + dedicated_resources.autoscaling_metric_specs: |- + - + (Optional) + A list of the metric specifications that overrides a resource utilization metric. + Structure is documented below. + dedicated_resources.machine_spec: |- + - + (Required) + The specification of a single machine used by the prediction + Structure is documented below. + dedicated_resources.max_replica_count: |- + - + (Optional) + The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type). + dedicated_resources.min_replica_count: |- + - + (Required) + The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed. + delete: '- Default is 20 minutes.' + id: '- an identifier for the resource with format projects/{{project}}/locations/{{region}}/deploymentResourcePools/{{name}}' + machine_spec.accelerator_count: |- + - + (Optional) + The number of accelerators to attach to the machine. + machine_spec.accelerator_type: |- + - + (Optional) + The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values here. + machine_spec.machine_type: |- + - + (Optional) + The type of the machine. See the list of machine types supported for prediction. + name: |- + - + (Required) + The resource name of deployment resource pool. The maximum length is 63 characters, and valid characters are /^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/. + project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + region: |- + - + (Optional) + The region of deployment resource pool. eg us-central1 + importStatements: [] google_vertex_ai_endpoint: subCategory: Vertex AI description: Models are deployed into it, and afterwards Endpoint is called to obtain predictions and explanations. @@ -122811,6 +128834,11 @@ resources: The map of cluster node types in this cluster, where the key is canonical identifier of the node type (corresponds to the NodeType). Structure is documented below. + management_cluster.stretched_cluster_config: |- + - + (Optional) + The stretched cluster configuration for the private cloud. + Structure is documented below. name: |- - (Required) @@ -122851,23 +128879,11 @@ resources: This number must always be one of nodeType.availableCustomCoreCounts. If zero is provided max value from nodeType.availableCustomCoreCounts will be used. This cannot be changed once the PrivateCloud is created. - node_type_configs.description: |- - - - (Optional) - User-provided description for this private cloud. node_type_configs.node_count: |- - (Required) The number of nodes of this type in the cluster. node_type_configs.node_type_id: '- (Required) The identifier for this object. Format specified above.' - node_type_configs.project: |- - - (Optional) The ID of the project in which the resource belongs. - If it is not provided, the provider project is used. - node_type_configs.type: |- - - - (Optional) - Initial type of the private cloud. - Possible values are: STANDARD, TIME_LIMITED. nsx: |- - Details about a NSX Manager appliance. @@ -122892,6 +128908,26 @@ resources: state: |- - State of the resource. New values may be added to this enum when appropriate. + stretched_cluster_config.description: |- + - + (Optional) + User-provided description for this private cloud. + stretched_cluster_config.preferred_location: |- + - + (Optional) + Zone that will remain operational when connection between the two zones is lost. + stretched_cluster_config.project: |- + - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + stretched_cluster_config.secondary_location: |- + - + (Optional) + Additional zone for a higher level of availability and load balancing. + stretched_cluster_config.type: |- + - + (Optional) + Initial type of the private cloud. + Possible values are: STANDARD, TIME_LIMITED, STRETCHED. uid: |- - System-generated unique identifier for the resource. @@ -123086,19 +129122,26 @@ resources: max_instances: |- - (Optional) - Maximum value of instances in autoscaling group underlying the connector. + Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + higher than the value specified by min_instances. max_throughput: |- - (Optional) - Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. + Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + max_throughput is discouraged in favor of max_instances. min_instances: |- - (Optional) - Minimum value of instances in autoscaling group underlying the connector. + Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + lower than the value specified by max_instances. min_throughput: |- - (Optional) - Minimum throughput of the connector in Mbps. Default and min is 200. + Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. name: |- - (Required) @@ -123177,8 +129220,8 @@ resources: "machine_type": "n1-standard-1", "vm_image": [ { - "family": "tf-latest-gpu", - "project": "deeplearning-platform-release" + "family": "workbench-instances", + "project": "cloud-notebooks-managed" } ] } @@ -124043,6 +130086,10 @@ resources: - (Output) Human readable message indicating details about the current status. + control_plane_ip: |- + - + The private IP address of the control plane for this workstation cluster. + Workstation VMs need access to this IP address to work with the service, so make sure that your firewall rules allow egress from the workstation VMs to this address. create: '- Default is 60 minutes.' create_time: |- - @@ -124518,6 +130565,73 @@ resources: "subnetwork": "${google_compute_subnetwork.default.id}", "workstation_cluster_id": "workstation-cluster" } + - name: default + manifest: |- + { + "host": [ + { + "gce_instance": [ + { + "boost_configs": [ + { + "accelerators": [ + { + "count": "1", + "type": "nvidia-tesla-t4" + } + ], + "id": "boost-1", + "machine_type": "n1-standard-2" + }, + { + "id": "boost-1", + "machine_type": "e2-standard-2" + } + ], + "boot_disk_size_gb": 35, + "disable_public_ip_addresses": true, + "machine_type": "e2-standard-4" + } + ] + } + ], + "location": "us-central1", + "provider": "${google-beta}", + "workstation_cluster_id": "${google_workstations_workstation_cluster.default.workstation_cluster_id}", + "workstation_config_id": "workstation-config" + } + references: + provider: google-beta + workstation_cluster_id: google_workstations_workstation_cluster.default.workstation_cluster_id + dependencies: + google_compute_network.default: |- + { + "auto_create_subnetworks": false, + "name": "workstation-cluster", + "provider": "${google-beta}" + } + google_compute_subnetwork.default: |- + { + "ip_cidr_range": "10.0.0.0/24", + "name": "workstation-cluster", + "network": "${google_compute_network.default.name}", + "provider": "${google-beta}", + "region": "us-central1" + } + google_workstations_workstation_cluster.default: |- + { + "annotations": { + "label-one": "value-one" + }, + "labels": { + "label": "key" + }, + "location": "us-central1", + "network": "${google_compute_network.default.id}", + "provider": "${google-beta}", + "subnetwork": "${google_compute_subnetwork.default.id}", + "workstation_cluster_id": "workstation-cluster" + } - name: default manifest: |- { @@ -124616,6 +130730,19 @@ resources: Client-specified annotations. This is distinct from labels. Note: This field is non-authoritative, and will only manage the annotations present in your configuration. Please refer to the field effective_annotations for all of the annotations present on the resource. + boost_configs.accelerators: |- + - + (Optional) + An accelerator card attached to the boost instance. + Structure is documented below. + boost_configs.id: |- + - + (Required) + The id to be used for the boost config. + boost_configs.machine_type: |- + - + (Optional) + The type of machine that boosted VM instances will use—for example, e2-standard-4. For more information about machine types that Cloud Workstations supports, see the list of available machine types https://cloud.google.com/workstations/docs/available-machine-types. Defaults to e2-standard-4. conditions: |- - Status conditions describing the current resource state. @@ -124708,6 +130835,20 @@ resources: - (Required) The service account to use with the specified KMS key. + ephemeral_directories: |- + - + (Optional) + Ephemeral directories which won't persist across workstation sessions. + Structure is documented below. + ephemeral_directories.gce_pd: |- + - + (Optional) + An EphemeralDirectory backed by a Compute Engine persistent disk. + Structure is documented below. + ephemeral_directories.mount_path: |- + - + (Optional) + Location of this directory in the running workstation. etag: |- - Checksum computed by the server. @@ -124720,6 +130861,10 @@ resources: - (Optional) Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if sourceSnapshot is set. Defaults to ext4. + gce_pd.read_only: |- + - + (Optional) + Whether the disk is read only. If true, the disk may be shared by multiple VMs and sourceSnapshot must be set. gce_pd.reclaim_policy: |- - (Optional) @@ -124730,6 +130875,12 @@ resources: (Optional) The GB capacity of a persistent home directory for each workstation created with this configuration. Must be empty if sourceSnapshot is set. Valid values are 10, 50, 100, 200, 500, or 1000. Defaults to 200. If less than 200 GB, the diskType must be pd-balanced or pd-ssd. + gce_pd.source_image: |- + - + (Optional) + Name of the disk image to use as the source for the disk. + Must be empty sourceSnapshot is set. + Updating sourceImage will update content in the ephemeral directory after the workstation is restarted. gce_pd.source_snapshot: |- - (Optional) @@ -124749,6 +130900,11 @@ resources: (Optional) An accelerator card attached to the instance. Structure is documented below. + host.gce_instance.boost_configs: |- + - + (Optional) + A list of the boost configurations that workstations created using this workstation configuration are allowed to use. + Structure is documented below. host.gce_instance.boot_disk_size_gb: |- - (Optional) diff --git a/config/schema.json b/config/schema.json index a156c7d9e..8aeb946b6 100644 --- a/config/schema.json +++ b/config/schema.json @@ -1 +1 @@ -{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"add_terraform_attribution_label":{"type":"bool","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"biglake_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"blockchain_node_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddomains_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"core_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_pipeline_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"default_labels":{"type":["map","string"],"description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"discovery_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgecontainer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgenetwork_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebase_app_check_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkehub_feature_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkeonprem_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"integration_connectors_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"migration_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"netapp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secure_source_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"securityposture_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_insights_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"terraform_attribution_label_addition_strategy":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"universe_domain":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vmwareengine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workbench_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: {policy_id}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: organizations/{organization_id}","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: folders/{{folder_id}} or projects/{{project_id}}","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of email address. The email address should\nrepresent individual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"set","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"A list of identities that are allowed access through this ingress policy.\nShould be in the format of email address. The email address should represent\nindividual user or service account only.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"cluster_uid":{"type":"string","description":"Output only. The system-generated UID of the cluster which was used to create this resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Delete time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Backup.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"expiry_quantity":{"type":["list",["object",{"retention_count":"number","total_retention_count":"number"}]],"description":"Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy.\nOnce the expiry quantity is over retention, the backup is eligible to be garbage collected.","description_kind":"plain","computed":true},"expiry_time":{"type":"string","description":"Output only. The time at which after the backup is eligible to be garbage collected.\nIt is the duration specified by the backup's retention policy, added to the backup's createTime.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"size_bytes":{"type":"string","description":"Output only. The size of the backup in bytes.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the backup.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The backup type, which suggests the trigger for the backup. Possible values: [\"TYPE_UNSPECIFIED\", \"ON_DEMAND\", \"AUTOMATED\", \"CONTINUOUS\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"cluster_type":{"type":"string","description":"The type of cluster. If not set, defaults to PRIMARY. Default value: \"PRIMARY\" Possible values: [\"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nDeleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.\nDeleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = \"FORCE\" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation).\nSet to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current serving state of the cluster.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: \"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true}},"description":"Metadata related to network configuration.","description_kind":"plain"},"max_items":1},"restore_backup_source":{"nesting_mode":"list","block":{"attributes":{"backup_name":{"type":"string","description":"The name of the backup that this cluster is restored from.","description_kind":"plain","required":true}},"description":"The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"restore_continuous_backup_source":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The name of the source cluster that this cluster is restored from.","description_kind":"plain","required":true},"point_in_time":{"type":"string","description":"The point in time that this cluster is restored to, in RFC 3339 format.","description_kind":"plain","required":true}},"description":"The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"secondary_config":{"nesting_mode":"list","block":{"attributes":{"primary_cluster_name":{"type":"string","description":"Name of the primary cluster must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true}},"description":"Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance.\nIf the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the 'depends_on' meta-data attribute.\nIf the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.\nExample: {instance_type = google_alloydb_cluster.\u003csecondary_cluster_name\u003e.cluster_type} instead of {instance_type = SECONDARY}\nIf the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.\nUse deletion_policy = \"FORCE\" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.\nUsers can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. Possible values: [\"PRIMARY\", \"READ_POOL\", \"SECONDARY\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_connection_config":{"nesting_mode":"list","block":{"attributes":{"require_connectors":{"type":"bool","description":"Configuration to enforce connectors only (ex: AuthProxy) connections to the database.","description_kind":"plain","optional":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ssl_mode":{"type":"string","description":"SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: [\"ENCRYPTED_ONLY\", \"ALLOW_UNENCRYPTED_AND_ENCRYPTED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"SSL config option for this instance.","description_kind":"plain"},"max_items":1}},"description":"Client connection specific configurations.","description_kind":"plain"},"max_items":1},"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"query_insights_config":{"nesting_mode":"list","block":{"attributes":{"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.","description_kind":"plain","optional":true},"query_string_length":{"type":"number","description":"Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"Record application tags for an instance. This flag is turned \"on\" by default.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"Record client address for an instance. Client address is PII information. This flag is turned \"on\" by default.","description_kind":"plain","optional":true}},"description":"Configuration for query insights.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_user":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"database_roles":{"type":["list","string"],"description":"List of database roles this database user has.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Password for this database user.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"The database role name of the user.","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"type":{"type":"string","description":"Types that can be selected for an Environment. Each of the types are\nlimited by capability and capacity. Refer to Apigee's public documentation\nto understand about each of these types in details.\nAn Apigee org can support heterogeneous Environments. Possible values: [\"ENVIRONMENT_TYPE_UNSPECIFIED\", \"BASE\", \"INTERMEDIATE\", \"COMPREHENSIVE\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_target_server":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of this TargetServer.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"host":{"type":"string","description":"The host name this target connects to. Value must be a valid hostname as described by RFC-1123.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_enabled":{"type":"bool","description":"Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive.","description_kind":"plain","required":true},"protocol":{"type":"string","description":"Immutable. The protocol used by this TargetServer. Possible values: [\"HTTP\", \"HTTP2\", \"GRPC_TARGET\", \"GRPC\", \"EXTERNAL_CALLOUT\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"s_sl_info":{"nesting_mode":"list","block":{"attributes":{"ciphers":{"type":["list","string"],"description":"The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3.","description_kind":"plain","optional":true},"client_auth_enabled":{"type":"bool","description":"Enables two-way TLS.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables TLS. If false, neither one-way nor two-way TLS will be enabled.","description_kind":"plain","required":true},"ignore_validation_errors":{"type":"bool","description":"If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.","description_kind":"plain","optional":true},"key_alias":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert.","description_kind":"plain","optional":true},"key_store":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID of the keystore.","description_kind":"plain","optional":true},"protocols":{"type":["list","string"],"description":"The TLS versioins to be used.","description_kind":"plain","optional":true},"trust_store":{"type":"string","description":"The resource ID of the truststore.","description_kind":"plain","optional":true}},"block_types":{"common_name":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The TLS Common Name string of the certificate.","description_kind":"plain","optional":true},"wildcard_match":{"type":"bool","description":"Indicates whether the cert should be matched against as a wildcard cert.","description_kind":"plain","optional":true}},"description":"The TLS Common Name of the certificate.","description_kind":"plain"},"max_items":1}},"description":"Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"cleanup_policies":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Policy action. Possible values: [\"DELETE\", \"KEEP\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"newer_than":{"type":"string","description":"Match versions newer than a duration.","description_kind":"plain","optional":true},"older_than":{"type":"string","description":"Match versions older than a duration.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_prefixes":{"type":["list","string"],"description":"Match versions by tag prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_state":{"type":"string","description":"Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"]","description_kind":"plain","optional":true},"version_name_prefixes":{"type":["list","string"],"description":"Match versions by version name prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for matching versions.","description_kind":"plain"},"max_items":1},"most_recent_versions":{"nesting_mode":"list","block":{"attributes":{"keep_count":{"type":"number","description":"Minimum number of versions to keep.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.","description_kind":"plain"},"max_items":1}},"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain"}},"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true}},"block_types":{"apt_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Apt, e.g. '\"debian/dists/buster\"' Possible values: [\"DEBIAN\", \"UBUNTU\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base.","description_kind":"plain","required":true}},"description":"One of the publicly available Apt repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Apt remote repository.","description_kind":"plain"},"max_items":1},"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1},"upstream_credentials":{"nesting_mode":"list","block":{"block_types":{"username_password_credentials":{"nesting_mode":"list","block":{"attributes":{"password_secret_version":{"type":"string","description":"The Secret Manager key version that holds the password to access the\nremote repository. Must be in the format of\n'projects/{project}/secrets/{secret}/versions/{version}'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to access the remote repository.","description_kind":"plain","optional":true}},"description":"Use username and password to access the remote repository.","description_kind":"plain"},"max_items":1}},"description":"The credentials used to access the remote repository.","description_kind":"plain"},"max_items":1},"yum_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Yum. Possible values: [\"CENTOS\", \"CENTOS_DEBUG\", \"CENTOS_VAULT\", \"CENTOS_STREAM\", \"ROCKY\", \"EPEL\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base, e.g. '\"centos/8-stream/BaseOS/x86_64/os\"'","description_kind":"plain","required":true}},"description":"One of the publicly available Yum repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Yum remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","optional":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT","description_kind":"plain","required":true},"compliance_status":{"type":["list",["object",{"acknowledged_violation_count":["list","number"],"active_violation_count":["list","number"]}]],"description":"Output only. Count of active Violations in the Workload.","description_kind":"plain","computed":true},"compliant_but_disallowed_services":{"type":["list","string"],"description":"Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"ekm_provisioning_response":{"type":["list",["object",{"ekm_provisioning_error_domain":"string","ekm_provisioning_error_mapping":"string","ekm_provisioning_state":"string"}]],"description":"Optional. Represents the Ekm Provisioning State of the given workload.","description_kind":"plain","computed":true},"enable_sovereign_controls":{"type":"bool","description":"Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kaj_enrollment_state":{"type":"string","description":"Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"partner":{"type":"string","description":"Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN","description_kind":"plain","optional":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true},"saa_enrollment_response":{"type":["list",["object",{"setup_errors":["list","string"],"setup_status":"string"}]],"description":"Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"violation_notifications_enabled":{"type":"bool","description":"Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"**DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.","description_kind":"plain"},"max_items":1},"partner_permissions":{"nesting_mode":"list","block":{"attributes":{"assured_workloads_monitoring":{"type":"bool","description":"Optional. Allow partner to view violation alerts.","description_kind":"plain","optional":true},"data_logs_viewer":{"type":"bool","description":"Allow the partner to view inspectability logs and monitoring violations.","description_kind":"plain","optional":true},"service_access_approver":{"type":"bool","description":"Optional. Allow partner to view access approval logs.","description_kind":"plain","optional":true}},"description":"Optional. Permissions granted to the AW Partner SA account for the customer workload","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"User-assigned resource display name. If not empty it will be used to create a resource with the specified name.","description_kind":"plain","optional":true},"resource_id":{"type":"string","description":"Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_catalog":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the catalog. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the catalog. Only set after the catalog\nis deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this catalog is considered expired. Only set\nafter the catalog is deleted. Only set after the catalog is deleted.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the Catalog should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the Catalog. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last modification time of the catalog. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_database":{"version":0,"block":{"attributes":{"catalog":{"type":"string","description":"The parent catalog.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation time of the database. A timestamp in RFC3339\nUTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the database. Only set after the\ndatabase is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this database is considered expired. Only set\nafter the database is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the database.","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last modification time of the database. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"location_uri":{"type":"string","description":"Cloud Storage folder URI where the database data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Stores user supplied Hive database parameters. An object containing a\nlist of\"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"description":"Options of a Hive database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_table":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the table. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"database":{"type":"string","description":"The id of the parent database.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the table. Only set after the\ntable is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The checksum of a table object computed by the server based on the value\nof other fields. It may be sent on update requests to ensure the client\nhas an up-to-date value before proceeding. It is only checked for update\ntable operations.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this table is considered expired. Only set\nafter the table is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The name of the Table. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type. Possible values: [\"HIVE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last modification time of the table. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"parameters":{"type":["map","string"],"description":"Stores user supplied Hive table parameters. An object containing a\nlist of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"table_type":{"type":"string","description":"Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.","description_kind":"plain","optional":true}},"block_types":{"storage_descriptor":{"nesting_mode":"list","block":{"attributes":{"input_format":{"type":"string","description":"The fully qualified Java class name of the input format.","description_kind":"plain","optional":true},"location_uri":{"type":"string","description":"Cloud Storage folder URI where the table data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The fully qualified Java class name of the output format.","description_kind":"plain","optional":true}},"description":"Stores physical storage information on the data.","description_kind":"plain"},"max_items":1}},"description":"Options of a Hive table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"restricted_export_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, enable restricted export.","description_kind":"plain","optional":true},"restrict_query_result":{"type":"bool","description":"If true, restrict export of query result derived from restricted linked dataset table.","description_kind":"plain","optional":true}},"description":"If set, restricted export configuration will be propagated and enforced on the linked dataset.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_bi_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"LOCATION_DESCRIPTION","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the singleton BI reservation. Reservation names have the form 'projects/{projectId}/locations/{locationId}/biReservation'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"Size of a reservation, in bytes.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The last update timestamp of a reservation.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"preferred_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset in the above project.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The assigned project ID of the project.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"The ID of the table in the above dataset.","description_kind":"plain","optional":true}},"description":"Preferred tables to use BI capacity for.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'.","description_kind":"plain","required":true},"database_role":{"type":"string","description":"Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as 'SELECT' and 'INSERT'. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about.","description_kind":"plain","optional":true},"max_parallelism":{"type":"number","description":"Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. 'useParallelism' and 'useDataBoost' must be set when setting max parallelism.","description_kind":"plain","optional":true},"use_data_boost":{"type":"bool","description":"If set, the request will be executed via Spanner independent compute resources. 'use_parallelism' must be set when using data boost.","description_kind":"plain","optional":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner.","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. 'useParallelism' must be set when using serverless analytics.","description_kind":"plain","deprecated":true,"optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"block_types":{"metastore_service_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId].","description_kind":"plain","optional":true}},"description":"Dataproc Metastore Service configuration for the connection.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name].","description_kind":"plain","optional":true}},"description":"Spark History Server configuration for the connection.","description_kind":"plain"},"max_items":1}},"description":"Container for connection properties to execute stored procedures for Apache Spark. resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}\nor projects/{projectId}/transferConfigs/{configId},\nwhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: the granularity should be at least 8 hours, or less frequent.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","required":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"multi_region_auxiliary":{"type":"bool","description":"Applicable only for reservations located within one of the BigQuery multi-regions (US or EU).\nIf set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\", \"PYTHON\", \"JAVA\", \"SCALA\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","required":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"remote_function_options":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"Fully qualified name of the user-provided connection object which holds\nthe authentication information to send requests to the remote service.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Endpoint of the user-provided remote service, e.g.\n'https://us-east1-my_gcf_project.cloudfunctions.net/remote_add'","description_kind":"plain","optional":true},"max_batching_rows":{"type":"string","description":"Max number of rows in each batch sent to the remote service. If absent or if 0,\nBigQuery dynamically decides the number of rows in a batch.","description_kind":"plain","optional":true},"user_defined_context":{"type":["map","string"],"description":"User-defined context as a set of key/value pairs, which will be sent as function\ninvocation context together with batched arguments in the requests to the remote\nservice. The total number of bytes of keys and values must be less than 8KB.\n\nAn object containing a list of \"key\": value pairs. Example:\n'{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote function specific options.","description_kind":"plain"},"max_items":1},"spark_options":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"connection":{"type":"string","description":"Fully qualified name of the user-provided Spark connection object.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Custom container image for the runtime environment.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"jar_uris":{"type":["list","string"],"description":"JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"main_class":{"type":"string","description":"The fully qualified name of a class in jarUris, for example, com.example.wordcount.\nExactly one of mainClass and main_jar_uri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"main_file_uri":{"type":"string","description":"The main file/jar URI of the Spark application.\nExactly one of the definitionBody field and the mainFileUri field must be set for Python.\nExactly one of mainClass and mainFileUri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Configuration properties as a set of key/value pairs, which will be passed on to the Spark application.\nFor more information, see Apache Spark and the procedure option list.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"py_file_uris":{"type":["list","string"],"description":"Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"runtime_version":{"type":"string","description":"Runtime version. If not specified, the default runtime version is used.","description_kind":"plain","optional":true}},"description":"Optional. If language is one of \"PYTHON\", \"JAVA\", \"SCALA\", this field stores the options for spark stored procedure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"max_staleness":{"type":"string","description":"The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of [SQL IntervalValue type](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-types#interval_type).","description_kind":"plain","optional":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".","description_kind":"plain","optional":true},"file_set_spec_type":{"type":"string","description":"Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":" Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20\"","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.\"","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.\"","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"allow_non_incremental_definition":{"type":"bool","description":"Allow non incremental materialized view definition. The default value is false.","description_kind":"plain","optional":true},"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"table_constraints":{"nesting_mode":"list","block":{"block_types":{"foreign_keys":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Set only if the foreign key constraint is named.","description_kind":"plain","optional":true}},"block_types":{"column_references":{"nesting_mode":"list","block":{"attributes":{"referenced_column":{"type":"string","description":"The column in the primary key that are referenced by the referencingColumn.","description_kind":"plain","required":true},"referencing_column":{"type":"string","description":"The column that composes the foreign key.","description_kind":"plain","required":true}},"description":"The pair of the foreign key column and primary key column.","description_kind":"plain"},"min_items":1,"max_items":1},"referenced_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.","description_kind":"plain","required":true}},"description":"The table that holds the primary key and is referenced by this foreign key.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Present only if the table has a foreign key. The foreign key is not enforced.","description_kind":"plain"}},"primary_key":{"nesting_mode":"list","block":{"attributes":{"columns":{"type":["list","string"],"description":"The columns that are composed of the primary key constraint.","description_kind":"plain","required":true}},"description":"Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.","description_kind":"plain"},"max_items":1}},"description":"Defines the primary key and foreign keys.","description_kind":"plain"},"max_items":1},"table_replication_info":{"nesting_mode":"list","block":{"attributes":{"replication_interval_ms":{"type":"number","description":"The interval at which the source materialized view is polled for updates. The default is 300000.","description_kind":"plain","optional":true},"source_dataset_id":{"type":"string","description":"The ID of the source dataset.","description_kind":"plain","required":true},"source_project_id":{"type":"string","description":"The ID of the source project.","description_kind":"plain","required":true},"source_table_id":{"type":"string","description":"The ID of the source materialized view.","description_kind":"plain","required":true}},"description":"Replication info of a table created using \"AS REPLICA\" DDL like: \"CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv\".","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","deprecated":true,"optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"standard_isolation":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"string","description":"The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"]","description_kind":"plain","required":true}},"description":"The standard options used for isolating this app profile's traffic from other use cases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the cluster","description_kind":"plain","computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"resource_ancestors":{"type":["set","string"],"description":"A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId},\nspecifying that usage from only this set of folders and organizations should be included in the budget.\nIf omitted, the budget includes all usage that the billing account pays for. If the folder or organization\ncontains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_project_info":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The ID of the billing account associated with the project, if\nany. Set to empty string to disable billing for the project.\nFor example, '\"012345-567890-ABCDEF\"' or '\"\"'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_blockchain_node_engine_blockchain_nodes":{"version":0,"block":{"attributes":{"blockchain_node_id":{"type":"string","description":"ID of the requesting object.","description_kind":"plain","required":true},"blockchain_type":{"type":"string","description":"User-provided key-value pairs Possible values: [\"ETHEREUM\"]","description_kind":"plain","optional":true},"connection_info":{"type":["list",["object",{"endpoint_info":["list",["object",{"json_rpc_api_endpoint":"string","websockets_api_endpoint":"string"}]],"service_attachment":"string"}]],"description":"The connection information through which to interact with a blockchain node.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp at which the blockchain node was first created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-provided key-value pairs\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Blockchain Node being created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which the blockchain node was last updated.","description_kind":"plain","computed":true}},"block_types":{"ethereum_details":{"nesting_mode":"list","block":{"attributes":{"additional_endpoints":{"type":["list",["object",{"beacon_api_endpoint":"string","beacon_prometheus_metrics_api_endpoint":"string","execution_client_prometheus_metrics_api_endpoint":"string"}]],"description":"User-provided key-value pairs","description_kind":"plain","computed":true},"api_enable_admin":{"type":"bool","description":"Enables JSON-RPC access to functions in the admin namespace. Defaults to false.","description_kind":"plain","optional":true},"api_enable_debug":{"type":"bool","description":"Enables JSON-RPC access to functions in the debug namespace. Defaults to false.","description_kind":"plain","optional":true},"consensus_client":{"type":"string","description":"The consensus client Possible values: [\"CONSENSUS_CLIENT_UNSPECIFIED\", \"LIGHTHOUSE\"]","description_kind":"plain","optional":true},"execution_client":{"type":"string","description":"The execution client Possible values: [\"EXECUTION_CLIENT_UNSPECIFIED\", \"GETH\", \"ERIGON\"]","description_kind":"plain","optional":true},"network":{"type":"string","description":"The Ethereum environment being accessed. Possible values: [\"MAINNET\", \"TESTNET_GOERLI_PRATER\", \"TESTNET_SEPOLIA\"]","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"The type of Ethereum node. Possible values: [\"LIGHT\", \"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"block_types":{"geth_details":{"nesting_mode":"list","block":{"attributes":{"garbage_collection_mode":{"type":"string","description":"Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. Possible values: [\"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"validator_config":{"nesting_mode":"list","block":{"attributes":{"mev_relay_urls":{"type":["list","string"],"description":"URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client.","description_kind":"plain","optional":true}},"description":"Configuration for validator-related parameters on the beacon client, and for any managed validator client.","description_kind":"plain"},"max_items":1}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.\nSee https://cloud.google.com/vpc/docs/edge-locations.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nSee https://cloud.google.com/compute/docs/regions-zones","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_trust_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a trust config.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the trust config.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The trust config location.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the trust config. Trust config names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trust_stores":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM intermediate certificate used for building up paths for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Set of intermediate CA certificates used for the path building phase of chain validation.\nThe field is currently not supported if trust config is used for the workload certificate feature.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM root certificate of the PKI used for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"List of Trust Anchors to be used while performing validation against a given TrustStore.","description_kind":"plain"}}},"description":"Set of trust stores to perform validation against.\nThis field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"additional_group_keys":{"type":["list",["object",{"id":"string","namespace":"string"}]],"description":"Additional group keys associated with the Group","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"block_types":{"expiry_detail":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time at which the MembershipRole will expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.\n\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"The MembershipRole expiry details, only supported for MEMBER role.\nOther roles cannot be accompanied with MEMBER role having expiry.","description_kind":"plain"},"max_items":1}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":1,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. Values are:\n- '0' thread-safe, the system should manage the max concurrency. This is\n the default value.\n- '1' not-thread-safe. Single concurrency\n- '2-N' thread-safe, max concurrency of N","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run job.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"depends_on":{"type":["list","string"],"description":"Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the exposed port of the container, which\nis the value of container.ports[0].containerPort.","description_kind":"plain","required":true}},"description":"TCPSocketAction describes an action based on opening a socket","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU is only allocated during requests. True by default if the parent 'resources' field is not set. However, if\n'resources' is set, this field must be explicitly set to true to preserve the default behavior.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["set","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"GCS Bucket name","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the GCS bucket as read-only","description_kind":"plain","optional":true}},"description":"Represents a GCS Bucket mounted as a volume.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server","description_kind":"plain","required":true}},"description":"Represents an NFS mount.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run service.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"maven_artifacts":{"nesting_mode":"list","block":{"attributes":{"artifact_id":{"type":"string","description":"Maven artifactId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"Maven groupId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY\"\n\nArtifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Maven version value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true}},"description":"A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"npm_packages":{"nesting_mode":"list","block":{"attributes":{"package_path":{"type":"string","description":"Path to the package.json. e.g. workspace/path/to/package","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY\"\n\nNpm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Npm package to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1},"python_packages":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY\"\n\nFiles in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the 'api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum 'read_api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_automation":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash ('/'). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ('[a-z0-9A-Z]') with dashes ('-'), underscores ('_'), dots ('.'), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots('.'), not longer than 253 characters in total, followed by a slash ('/'). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"delivery_pipeline":{"type":"string","description":"The delivery_pipeline for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the 'Automation'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The weak etag of the 'Automation' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 63 characters.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'Automation'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources.","description_kind":"plain","required":true},"suspended":{"type":"bool","description":"Optional. When Suspended, automation is deactivated from execution.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the 'Automation'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"block_types":{"advance_rollout_rule":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"source_phases":{"type":["list","string"],"description":"Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'.","description_kind":"plain","optional":true},"wait":{"type":"string","description":"Optional. How long to wait after a rollout is finished.","description_kind":"plain","optional":true}},"description":"Optional. The 'AdvanceRolloutRule' will automatically advance a successful Rollout.","description_kind":"plain"},"max_items":1},"promote_release_rule":{"nesting_mode":"list","block":{"attributes":{"destination_phase":{"type":"string","description":"Optional. The starting phase of the rollout created by this operation. Default to the first phase.","description_kind":"plain","optional":true},"destination_target_id":{"type":"string","description":"Optional. The ID of the stage in the pipeline to which this 'Release' is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence.","description_kind":"plain","optional":true},"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"wait":{"type":"string","description":"Optional. How long the release need to be paused until being promoted to the next target.","description_kind":"plain","optional":true}},"description":"Optional. 'PromoteReleaseRule' will automatically promote a release from the current target to a specified target.","description_kind":"plain"},"max_items":1}},"description":"Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution.","description_kind":"plain"},"min_items":1},"selector":{"nesting_mode":"list","block":{"block_types":{"targets":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"ID of the 'Target'. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Target labels.","description_kind":"plain","optional":true,"computed":true}},"description":"Contains attributes about a target.","description_kind":"plain"},"min_items":1}},"description":"Required. Selected resources to which the automation will be applied.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time at which the 'CustomTargetType' was created.","description_kind":"plain","computed":true},"custom_target_type_id":{"type":"string","description":"Resource id of the 'CustomTargetType'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the 'CustomTargetType'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The weak etag of the 'CustomTargetType' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the source.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'CustomTargetType'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Unique identifier of the 'CustomTargetType'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time at which the 'CustomTargetType' was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_actions":{"nesting_mode":"list","block":{"attributes":{"deploy_action":{"type":"string","description":"The Skaffold custom action responsible for deploy operations.","description_kind":"plain","required":true},"render_action":{"type":"string","description":"The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via 'skaffold render'.","description_kind":"plain","optional":true}},"block_types":{"include_skaffold_modules":{"nesting_mode":"list","block":{"attributes":{"configs":{"type":["list","string"],"description":"The Skaffold Config modules to use from the specified source.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Git ref the package should be cloned from.","description_kind":"plain","optional":true},"repo":{"type":"string","description":"Git repository the package should be cloned from.","description_kind":"plain","required":true}},"description":"Remote git repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_storage":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the source to the Skaffold file.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Cloud Storage source paths to copy recursively. For example, providing 'gs://my-bucket/dir/configs/*' will result in Skaffold copying all files within the 'dir/configs' directory in the bucket 'my-bucket'.","description_kind":"plain","required":true}},"description":"Cloud Storage bucket containing Skaffold Config modules.","description_kind":"plain"},"max_items":1}},"description":"List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose.","description_kind":"plain"}}},"description":"Configures render and deploy for the 'CustomTargetType' using Skaffold custom actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true},"canary_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the canary revision while the canary phase is in progress.","description_kind":"plain","optional":true},"prior_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the prior revision while the canary phase is in progress.","description_kind":"plain","optional":true},"stable_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the final stable revision when the stable phase is applied.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"route_update_wait_time":{"type":"string","description":"Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true},"stable_cutback_duration":{"type":"string","description":"Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time.","description_kind":"plain","optional":true}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"multi_target":{"nesting_mode":"list","block":{"attributes":{"target_ids":{"type":["list","string"],"description":"Required. The target_ids of this multiTarget.","description_kind":"plain","required":true}},"description":"Information specifying a multiTarget.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddomains_registration":{"version":0,"block":{"attributes":{"contact_notices":{"type":["list","string"],"description":"The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"domain_name":{"type":"string","description":"Required. The domain name. Unicode domain names must be expressed in Punycode format.","description_kind":"plain","required":true},"domain_notices":{"type":["list","string"],"description":"The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issues":{"type":["list","string"],"description":"Output only. The set of issues with the Registration that require attention.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the Registration.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/\u003cdomain_name\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"register_failure_reason":{"type":"string","description":"Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Registration.","description_kind":"plain","computed":true},"supported_privacy":{"type":["list","string"],"description":"Output only. Set of options for the contactSettings.privacy field that this Registration supports.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"contact_settings":{"nesting_mode":"list","block":{"attributes":{"privacy":{"type":"string","description":"Required. Privacy setting for the contacts associated with the Registration.\nValues are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA","description_kind":"plain","required":true}},"block_types":{"admin_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"registrant_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"technical_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Settings for contact information linked to the Registration.","description_kind":"plain"},"min_items":1,"max_items":1},"dns_settings":{"nesting_mode":"list","block":{"block_types":{"custom_dns":{"nesting_mode":"list","block":{"attributes":{"name_servers":{"type":["list","string"],"description":"Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain\nname, with Unicode domain names expressed in Punycode format.","description_kind":"plain","required":true}},"block_types":{"ds_records":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm used to generate the referenced DNSKEY.","description_kind":"plain","optional":true},"digest":{"type":"string","description":"The digest generated from the referenced DNSKEY.","description_kind":"plain","optional":true},"digest_type":{"type":"string","description":"The hash function used to generate the digest of the referenced DNSKEY.","description_kind":"plain","optional":true},"key_tag":{"type":"number","description":"The key tag of the record. Must be set in range 0 -- 65535.","description_kind":"plain","optional":true}},"description":"The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide\nthe values to set here. If this field is empty, DNSSEC is disabled.","description_kind":"plain"}}},"description":"Configuration for an arbitrary DNS provider.","description_kind":"plain"},"max_items":1},"glue_records":{"nesting_mode":"list","block":{"attributes":{"host_name":{"type":"string","description":"Required. Domain name of the host in Punycode format.","description_kind":"plain","required":true},"ipv4_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true},"ipv6_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true}},"description":"The list of glue records for this Registration. Commonly empty.","description_kind":"plain"}}},"description":"Settings controlling the DNS configuration of the Registration.","description_kind":"plain"},"max_items":1},"management_settings":{"nesting_mode":"list","block":{"attributes":{"preferred_renewal_method":{"type":"string","description":"The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice.\nIf unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL.\nYou cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration\nresource has state ACTIVE or SUSPENDED.\n\nWhen preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of\nproblems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After\nthe problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","optional":true,"computed":true},"renewal_method":{"type":"string","description":"Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL,\nthe actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account\nor reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the\nrenewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","computed":true},"transfer_lock_state":{"type":"string","description":"Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings for management of the Registration, including renewal, billing, and transfer","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"yearly_price":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The three-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode is \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from\nregistrations.retrieveRegisterParameters or registrations.searchDomains calls.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true,"computed":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Optional. The email of the trigger's service account. The service account\nmust have permission to invoke Cloud Run services. If empty, defaults to the\nCompute Engine default service account: {project_number}-compute@developer.gserviceaccount.com.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_retention_config":{"nesting_mode":"list","block":{"block_types":{"task_logs_retention_config":{"nesting_mode":"list","block":{"attributes":{"storage_mode":{"type":"string","description":"Whether logs in cloud logging only is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4 and newer.","description_kind":"plain","optional":true}},"description":"Optional. The configuration setting for Task Logs.","description_kind":"plain"},"min_items":1}},"description":"The configuration setting for Airflow data retention mechanism. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4. or newer","description_kind":"plain"},"max_items":1},"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. Cloud SQL database preferred zone.","description_kind":"plain","optional":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"connection_type":{"type":"string","description":"Mode of internal communication within the Composer environment. Must be one of \"VPC_PEERING\" or \"PRIVATE_SERVICE_CONNECT\".","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"Network-level access control policy for the Airflow web server.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"triggerer":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of triggerers.","description_kind":"plain","required":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true}},"description":"Configuration for resources used by Airflow triggerers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Optional. Name of an existing Cloud Storage bucket to be used by the environment.","description_kind":"plain","required":true}},"description":"Configuration options for storage used by Composer environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","required":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","required":true}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service_directory_region":{"type":"string","description":"[Optional] Service Directory region to register this global forwarding rule under.\nDefault to \"us-central1\". Only used for PSC for Google APIs. All PSC for\nGoogle APIs Forwarding Rules on the same network should use the same Service\nDirectory region.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","optional":true,"computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"access_config":{"type":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain","optional":true,"computed":true},"alias_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"description":"An array of alias IP ranges for this network interface.","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. If neither is set, defaults to 1","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. If neither is set, defaults to 1.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"An instance being added to the InstanceGroup","description_kind":"plain","required":true},"instance_group":{"type":"string","description":"Represents an Instance Group resource name that the instance belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the instance group resides.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\n\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\n\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\n\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this interconnect attachment to identify whether the IPv6\nfeature is enabled or not. If not specified, IPV4_ONLY will be used.\n\nThis field can be both set at interconnect attachments creation and update\ninterconnect attachment operations. Possible values: [\"IPV4_IPV6\", \"IPV4_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"numeric_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.\n\nOne of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"CONNECTION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of network endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true},"region_network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nAt least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.\nsslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the Region SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT.\neg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true,"computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","optional":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"md5_authentication_key":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Value of the key.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"[REQUIRED] Name used to identify the key.\nMust be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.","description_kind":"plain","required":true}},"description":"Present if MD5 authentication is enabled for the peering. Must be the name\nof one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true},"user_ip_request_headers":{"type":["set","string"],"description":"An optional list of case-insensitive request header names to use for resolving the callers client IP address.","description_kind":"plain","optional":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"endpoint":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a forwarding rule that represents the service identified by\nthis service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"set","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.","description_kind":"plain","required":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description":"The internal IPv6 address range that is assigned to this subnetwork.","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.","description_kind":"plain","required":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', 'PRIVATE_SERVICE_CONNECT' or 'PRIVATE_NAT'([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nA subnetwork with purpose set to 'PRIVATE_NAT' is used as source range for Private NAT gateways.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list\nof zero objects you must use the following syntax:\n'example=[]'\nFor more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value).","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates can not be defined together.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this VpnTunnel.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\".","description_kind":"plain","required":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_groups":{"type":["list","string"],"description":"Groups that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the groups. Up to ten admin groups can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true},"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization configuration.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"block_types":{"kubernetes_secret":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Namespace of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true}},"description":"The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.","description_kind":"plain"},"max_items":1}},"description":"Support for proxy configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_settings":{"nesting_mode":"list","block":{"block_types":{"surge_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Settings for surge update.","description_kind":"plain"},"max_items":1}},"description":"Optional. Update settings control the speed and disruption of the node pool update.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"autoscaling_profile":{"type":"string","description":"Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Full resource name of the registered fleet membership of the cluster.","description_kind":"plain","computed":true},"membership_id":{"type":"string","description":"Short name of the fleet membership, for example \"member-1\".","description_kind":"plain","computed":true},"membership_location":{"type":"string","description":"Location of the fleet membership, for example \"us-central1\".","description_kind":"plain","computed":true},"pre_registered":{"type":"bool","description":"Whether the cluster has been registered via the fleet API.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The Fleet host project of the cluster.","description_kind":"plain","optional":true}},"description":"Fleet configuration of the cluster.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"identity_service_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable the Identity Service component.","description_kind":"plain","optional":true}},"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"additional_pod_ranges_config":{"nesting_mode":"list","block":{"attributes":{"pod_range_names":{"type":["set","string"],"description":"Name for pod secondary ipv4 range which has the actual range defined ahead.","description_kind":"plain","required":true}},"description":"AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether master is accessbile via Google Compute Engine Public IP addresses.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_datapath_observability_config":{"nesting_mode":"list","block":{"attributes":{"enable_metrics":{"type":"bool","description":"Whether or not the advanced datapath metrics are enabled.","description_kind":"plain","required":true},"enable_relay":{"type":"bool","description":"Whether or not Relay is enabled.","description_kind":"plain","optional":true},"relay_mode":{"type":"string","description":"Mode used to make Relay available.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"description":"Configuration of Advanced Datapath Observability features.","description_kind":"plain"},"max_items":1},"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_auto_config":{"nesting_mode":"list","block":{"block_types":{"network_tags":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"List of network tags applied to auto-provisioned node pools.","description_kind":"plain","optional":true}},"description":"Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.","description_kind":"plain"},"max_items":1}},"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain"},"max_items":1},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with exterenal ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nThe taxonomy display name must be unique within an organization.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","required":true}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in [attribute-as-blocks mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html).","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger or the timespan endTime\nused in the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Specification of the field containing the timestamp of scanned items.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the timespan of the items to include in scanning","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_pipeline_pipeline":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the pipeline was initially created. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_count":{"type":"number","description":"Number of jobs.","description_kind":"plain","computed":true},"last_update_time":{"type":"string","description":"The timestamp when the pipeline was last modified. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"\"The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID.\"\n\"- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects.\"\n\"LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions.\"\n\"PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location.\"","description_kind":"plain","required":true},"pipeline_sources":{"type":["map","string"],"description":"The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region","description_kind":"plain","optional":true},"scheduler_service_account_email":{"type":"string","description":"Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state Possible values: [\"STATE_UNSPECIFIED\", \"STATE_RESUMING\", \"STATE_ACTIVE\", \"STATE_STOPPING\", \"STATE_ARCHIVED\", \"STATE_PAUSED\"]","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype Possible values: [\"PIPELINE_TYPE_UNSPECIFIED\", \"PIPELINE_TYPE_BATCH\", \"PIPELINE_TYPE_STREAMING\"]","description_kind":"plain","required":true}},"block_types":{"schedule_info":{"nesting_mode":"list","block":{"attributes":{"next_job_time":{"type":"string","description":"When the next Scheduler job is going to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"schedule":{"type":"string","description":"Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed.","description_kind":"plain","optional":true}},"description":"Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload":{"nesting_mode":"list","block":{"block_types":{"dataflow_flex_template_request":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The regional endpoint to which to direct the request. For example, us-central1, us-west1.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description":"If true, the request is validated but not actually executed. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"launch_parameter":{"nesting_mode":"list","block":{"attributes":{"container_spec_gcs_path":{"type":"string","description":"Cloud Storage path to a file with a JSON-serialized ContainerSpec as content.","description_kind":"plain","optional":true},"job_name":{"type":"string","description":"The job name to use for the created job. For an update job request, the job name should be the same as the existing running job.","description_kind":"plain","required":true},"launch_options":{"type":["map","string"],"description":"Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"'The parameters for the Flex Template. Example: {\"numWorkers\":\"5\"}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mappings":{"type":["map","string"],"description":"'Use this to pass transform name mappings for streaming update jobs. Example: {\"oldTransformName\":\"newTransformName\",...}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"flexrs_goal":{"type":"string","description":"Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal Possible values: [\"FLEXRS_UNSPECIFIED\", \"FLEXRS_SPEED_OPTIMIZED\", \"FLEXRS_COST_OPTIMIZED\"]","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the Flex Template job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"Parameter to launch a job from a Flex Template.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the flex launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest","description_kind":"plain"},"max_items":1},"dataflow_launch_template_request":{"nesting_mode":"list","block":{"attributes":{"gcs_path":{"type":"string","description":"A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The regional endpoint to which to direct the request.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"launch_parameters":{"nesting_mode":"list","block":{"attributes":{"job_name":{"type":"string","description":"The job name to use for the created job.","description_kind":"plain","required":true},"parameters":{"type":["map","string"],"description":"The runtime parameters to pass to the job.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mapping":{"type":["map","string"],"description":"Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"bypass_temp_dir_validation":{"type":"bool","description":"Whether to bypass the safety checks for the job's temporary directory. Use with caution.","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true,"computed":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"The parameters of the template to launch. This should be part of the body of the POST request.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters","description_kind":"plain"},"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the standard launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest","description_kind":"plain"},"max_items":1}},"description":"Workload information for creating new jobs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the given Cloud SQL instance. Possible values: [\"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"database_service":{"type":"string","description":"Required. Database service for the Oracle connection.","description_kind":"plain","required":true},"host":{"type":"string","description":"Required. The IP or hostname of the source Oracle database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source Oracle database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Required. Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"Input only. SSH password. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel, default value is 22.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"Input only. SSH private key. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Required. Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"Required. The resource name (URI) of the private connection.","description_kind":"plain","required":true}},"description":"Configuration for using a private network to communicate with the source database","description_kind":"plain"},"max_items":1},"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"static_service_ip_connectivity":{"nesting_mode":"list","block":{"description":"This object has no nested fields.\n\nStatic IP address connectivity configured on service project.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for Oracle databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc_name":{"type":"string","description":"Fully qualified name of the VPC that Database Migration Service will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween databasemigrationservice and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataflow_job":{"version":1,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"read_access_mode":{"type":"string","description":"Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"exclude_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to exclude from data profile.\nIf specified, the fields will be excluded from data profile, regardless of 'include_fields' value.","description_kind":"plain"},"max_items":1},"include_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to include in data profile.\nIf not specified, all fields at the time of profile scan job execution are included, except for ones listed in 'exclude_fields'.","description_kind":"plain"},"max_items":1},"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataProfileScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataQualityScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the rule.\nThe maximum length is 1,024 characters.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A mutable name for the rule.\nThe name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-).\nThe maximum length is 63 characters.\nMust start with a letter.\nMust end with a number or a letter.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"Row-level rule which evaluates whether each column value is unique.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of the labels (key/value pairs) configured on the resource and to be applied to instances in the cluster.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"auxiliary_node_groups":{"nesting_mode":"list","block":{"attributes":{"node_group_id":{"type":"string","description":"A node group ID. Generated if not specified. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of from 3 to 33 characters.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The Node group resource name.","description_kind":"plain","computed":true},"roles":{"type":["list","string"],"description":"Node group roles.","description_kind":"plain","required":true}},"block_types":{"node_group_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of auxiliary node group instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the auxiliary node group. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of auxiliary nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The node group instance group configuration.","description_kind":"plain"},"max_items":1}},"description":"Node group configuration.","description_kind":"plain"},"min_items":1}},"description":"The node group settings.","description_kind":"plain"}},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's master instance.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"attributes":{"instance_selection_results":{"type":["list",["object",{"machine_type":"string","vm_count":"number"}]],"description":"A list of instance selection results in the group.","description_kind":"plain","computed":true}},"block_types":{"instance_selection_list":{"nesting_mode":"list","block":{"attributes":{"machine_types":{"type":["list","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\".","description_kind":"plain","optional":true,"computed":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.","description_kind":"plain","optional":true,"computed":true}},"description":"List of instance selection options that the group will use when creating new VMs.","description_kind":"plain"}}},"description":"Instance flexibility Policy allowing a mixture of VM shapes and provisioning models.","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"min_num_instances":{"type":"number","description":"The minimum number of primary worker instances to create.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's worker instances.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"endpoint_protocol":{"type":"string","description":"The protocol to use for the metastore service endpoint. If unspecified, defaults to 'THRIFT'. Default value: \"THRIFT\" Possible values: [\"THRIFT\", \"GRPC\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"auxiliary_versions":{"nesting_mode":"set","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides.\nIf keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence.","description_kind":"plain","optional":true},"key":{"type":"string","description_kind":"plain","required":true},"version":{"type":"string","description":"The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version.","description_kind":"plain","required":true}},"description":"A mapping of Hive metastore version to the auxiliary version configuration.\nWhen specified, a secondary Hive metastore service is created along with the primary service.\nAll auxiliary versions must be less than the service's primary version.\nThe key is the auxiliary service name and it must match the regular expression a-z?.\nThis means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.","description_kind":"plain"}},"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"metadata_integration":{"nesting_mode":"list","block":{"block_types":{"data_catalog_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog.","description_kind":"plain","required":true}},"description":"The integration config for the Data Catalog service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"scaling_config":{"nesting_mode":"list","block":{"attributes":{"instance_size":{"type":"string","description":"Metastore instance sizes. Possible values: [\"EXTRA_SMALL\", \"SMALL\", \"MEDIUM\", \"LARGE\", \"EXTRA_LARGE\"]","description_kind":"plain","optional":true},"scaling_factor":{"type":"number","description":"Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0.","description_kind":"plain","optional":true}},"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastore_index":{"version":0,"block":{"attributes":{"ancestor":{"type":"string","description":"Policy for including ancestors in the index. Default value: \"NONE\" Possible values: [\"NONE\", \"ALL_ANCESTORS\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_id":{"type":"string","description":"The index id.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"The entity kind which the index applies to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"direction":{"type":"string","description":"The direction the index should optimize for sorting. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The property name to index.","description_kind":"plain","required":true}},"description":"An ordered list of properties to index on.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"git_integration_settings":{"nesting_mode":"list","block":{"block_types":{"github_settings":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"string","description":"The access token used to authenticate the access to the GitHub repository.","description_kind":"plain","optional":true,"sensitive":true},"branches":{"type":["list","string"],"description":"A list of branches configured to be used from Dialogflow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The unique repository display name for the GitHub repository.","description_kind":"plain","optional":true},"repository_uri":{"type":"string","description":"The GitHub repository URI related to the agent.","description_kind":"plain","optional":true},"tracking_branch":{"type":"string","description":"The branch of the GitHub repository tracked for this agent.","description_kind":"plain","optional":true}},"description":"Settings of integration with GitHub.","description_kind":"plain"},"max_items":1}},"description":"Git integration settings for this agent.","description_kind":"plain"},"max_items":1},"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"text_to_speech_settings":{"nesting_mode":"list","block":{"attributes":{"synthesize_speech_configs":{"type":"string","description":"Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig).\nThese settings affect:\n* The phone gateway synthesize configuration set via Agent.text_to_speech_settings.\n* How speech is synthesized when invoking session APIs. 'Agent.text_to_speech_settings' only applies if 'OutputAudioConfig.synthesize_speech_config' is not specified.","description_kind":"plain","optional":true}},"description":"Settings related to speech synthesizing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_start_flow":{"type":"bool","description":"Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically.\nThe Default Start Flow cannot be deleted; deleting the 'google_dialogflow_cx_flow' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_flow' resources linked to the same agent with 'is_default_start_flow = true' because they will compete to control a single Default Start Flow resource in GCP.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_negative_intent":{"type":"bool","description":"Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically.\nThe Default Negative Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_negative_intent = true' because they will compete to control a single Default Negative Intent resource in GCP.","description_kind":"plain","optional":true},"is_default_welcome_intent":{"type":"bool","description":"Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically.\nThe Default Welcome Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_welcome_intent = true' because they will compete to control a single Default Welcome Intent resource in GCP.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.\nTo manage the fallback intent, set 'is_default_negative_intent = true'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"default_value":{"type":"string","description":"The default value of an optional parameter. If the parameter is required, the default value will be ignored.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1},"reprompt_event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are:\n* sys.no-match-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-match-default\n* sys.no-input-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-input-default\n* sys.invalid-parameter\n[initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter.\nIf the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on.\nA sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed.\nA sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt.\nIf the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted.","description_kind":"plain"}}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_security_settings":{"version":0,"block":{"attributes":{"deidentify_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.\nNote: deidentifyTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the security settings, unique within the location.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.\nNote: inspectTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location these settings are located in. Settings can only be applied to an agent in the same location.\nSee [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the settings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purge_data_types":{"type":["list","string"],"description":"List of types of data to remove when retention settings triggers purge. Possible values: [\"DIALOGFLOW_HISTORY\"]","description_kind":"plain","optional":true},"redaction_scope":{"type":"string","description":"Defines what types of data to redact. If not set, defaults to not redacting any kind of data.\n* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. Possible values: [\"REDACT_DISK_STORAGE\"]","description_kind":"plain","optional":true},"redaction_strategy":{"type":"string","description":"Defines how we redact data. If not set, defaults to not redacting.\n* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. Possible values: [\"REDACT_WITH_SERVICE\"]","description_kind":"plain","optional":true},"retention_strategy":{"type":"string","description":"Defines how long we retain persisted data that contains sensitive info. Only one of 'retention_window_days' and 'retention_strategy' may be set.\n* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends. Possible values: [\"REMOVE_AFTER_CONVERSATION\"]","description_kind":"plain","optional":true},"retention_window_days":{"type":"number","description":"Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.\nOnly one of 'retention_window_days' and 'retention_strategy' may be set.","description_kind":"plain","optional":true}},"block_types":{"audio_export_settings":{"nesting_mode":"list","block":{"attributes":{"audio_export_pattern":{"type":"string","description":"Filename pattern for exported audio.","description_kind":"plain","optional":true},"audio_format":{"type":"string","description":"File format for exported audio file. Currently only in telephony recordings.\n* MULAW: G.711 mu-law PCM with 8kHz sample rate.\n* MP3: MP3 file format.\n* OGG: OGG Vorbis. Possible values: [\"MULAW\", \"MP3\", \"OGG\"]","description_kind":"plain","optional":true},"enable_audio_redaction":{"type":"bool","description":"Enable audio redaction if it is true.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.","description_kind":"plain","optional":true}},"description":"Controls audio export settings for post-conversation analytics when ingesting audio to conversations.\nIf retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.\nIf audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.\nThis setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).","description_kind":"plain"},"max_items":1},"insights_export_settings":{"nesting_mode":"list","block":{"attributes":{"enable_insights_export":{"type":"bool","description":"If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.","description_kind":"plain","required":true}},"description":"Controls conversation exporting settings to Insights after conversation is completed.\nIf retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_test_case":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the test was created. A timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The human-readable name of the test case, unique within the agent. Limit of 200 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_test_result":{"type":["list",["object",{"conversation_turns":["list",["object",{"user_input":["list",["object",{"enable_sentiment_analysis":"bool","injected_parameters":"string","input":["list",["object",{"dtmf":["list",["object",{"digits":"string","finish_digit":"string"}]],"event":["list",["object",{"event":"string"}]],"language_code":"string","text":["list",["object",{"text":"string"}]]}]],"is_webhook_enabled":"bool"}]],"virtual_agent_output":["list",["object",{"current_page":["list",["object",{"display_name":"string","name":"string"}]],"differences":["list",["object",{"description":"string","type":"string"}]],"session_parameters":"string","status":["list",["object",{"code":"number","details":"string","message":"string"}]],"text_responses":["list",["object",{"text":["list","string"]}]],"triggered_intent":["list",["object",{"display_name":"string","name":"string"}]]}]]}]],"environment":"string","name":"string","test_result":"string","test_time":"string"}]],"description":"The latest test result.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the test case.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/testCases/\u003cTestCase ID\u003e.","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Additional freeform notes about the test case. Limit of 400 characters.","description_kind":"plain","optional":true},"parent":{"type":"string","description":"The agent to create the test case for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags are short descriptions that users may apply to test cases for organizational and filtering purposes.\nEach tag should start with \"#\" and has a limit of 30 characters","description_kind":"plain","optional":true}},"block_types":{"test_case_conversation_turns":{"nesting_mode":"list","block":{"block_types":{"user_input":{"nesting_mode":"list","block":{"attributes":{"enable_sentiment_analysis":{"type":"bool","description":"Whether sentiment analysis is enabled.","description_kind":"plain","optional":true},"injected_parameters":{"type":"string","description":"Parameters that need to be injected into the conversation during intent detection.","description_kind":"plain","optional":true},"is_webhook_enabled":{"type":"bool","description":"If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled.","description_kind":"plain","optional":true}},"block_types":{"input":{"nesting_mode":"list","block":{"attributes":{"language_code":{"type":"string","description":"The language of the input. See [Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes.\nNote that queries in the same session do not necessarily need to specify the same language.","description_kind":"plain","optional":true}},"block_types":{"dtmf":{"nesting_mode":"list","block":{"attributes":{"digits":{"type":"string","description":"The dtmf digits.","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The finish digit (if any).","description_kind":"plain","optional":true}},"description":"The DTMF event to be handled.","description_kind":"plain"},"max_items":1},"event":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"Name of the event.","description_kind":"plain","required":true}},"description":"The event to be triggered.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"The natural language text to be processed. Text length must not exceed 256 characters.","description_kind":"plain","required":true}},"description":"The natural language text to be processed.","description_kind":"plain"},"max_items":1}},"description":"User input. Supports text input, event input, dtmf input in the test case.","description_kind":"plain"},"max_items":1}},"description":"The user input.","description_kind":"plain"},"max_items":1},"virtual_agent_output":{"nesting_mode":"list","block":{"attributes":{"session_parameters":{"type":"string","description":"The session parameters available to the bot at this point.","description_kind":"plain","optional":true}},"block_types":{"current_page":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Page](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages#Page) on which the utterance was spoken.","description_kind":"plain"},"max_items":1},"text_responses":{"nesting_mode":"list","block":{"attributes":{"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text responses from the agent for the turn.","description_kind":"plain"}},"triggered_intent":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Intent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents#Intent) that triggered the response.","description_kind":"plain"},"max_items":1}},"description":"The virtual agent output.","description_kind":"plain"},"max_items":1}},"description":"The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly.","description_kind":"plain"}},"test_config":{"nesting_mode":"list","block":{"attributes":{"flow":{"type":"string","description":"Flow name to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"page":{"type":"string","description":"The page to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"tracking_parameters":{"type":["list","string"],"description":"Session parameters to be compared when calculating differences.","description_kind":"plain","optional":true}},"description":"Config for the test case.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_chat_engine":{"version":0,"block":{"attributes":{"chat_engine_metadata":{"type":["list",["object",{"dialogflow_agent":"string"}]],"description":"Additional information of the Chat Engine.","description_kind":"plain","computed":true},"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be 'SOLUTION_TYPE_CHAT'. Adding or removing data stores will force recreation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"The ID to use for chat engine.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the chat engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"chat_engine_config":{"nesting_mode":"list","block":{"block_types":{"agent_creation_config":{"nesting_mode":"list","block":{"attributes":{"business":{"type":"string","description":"Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes.","description_kind":"plain","required":true},"location":{"type":"string","description":"Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of the agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris.","description_kind":"plain","required":true}},"description":"The configuration to generate the Dialogflow agent that is associated to this Engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configurations for a chat Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_data_store":{"version":0,"block":{"attributes":{"content_config":{"type":"string","description":"The content config of the data store. Possible values: [\"NO_CONTENT\", \"CONTENT_REQUIRED\", \"PUBLIC_WEBSITE\"]","description_kind":"plain","required":true},"create_advanced_site_search":{"type":"bool","description":"If true, an advanced data store for site search will be created. If the\ndata store is not configured as site search (GENERIC vertical and\nPUBLIC_WEBSITE contentConfig), this flag will be ignored.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Timestamp when the DataStore was created.","description_kind":"plain","computed":true},"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"default_schema_id":{"type":"string","description":"The id of the default Schema associated with this data store.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the data store. This field must be a UTF-8 encoded\nstring with a length limit of 128 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the data store registers. Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the data store. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"solution_types":{"type":["list","string"],"description":"The solutions that the data store enrolls. Possible values: [\"SOLUTION_TYPE_RECOMMENDATION\", \"SOLUTION_TYPE_SEARCH\", \"SOLUTION_TYPE_CHAT\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_search_engine":{"version":0,"block":{"attributes":{"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"Unique ID to use for Search Engine App.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the search engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"search_engine_config":{"nesting_mode":"list","block":{"attributes":{"search_add_ons":{"type":["list","string"],"description":"The add-on that this search engine enables. Possible values: [\"SEARCH_ADD_ON_LLM\"]","description_kind":"plain","optional":true},"search_tier":{"type":"string","description":"The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. Default value: \"SEARCH_TIER_STANDARD\" Possible values: [\"SEARCH_TIER_STANDARD\", \"SEARCH_TIER_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Configurations for a Search Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"}}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_cluster":{"version":0,"block":{"attributes":{"cluster_ca_certificate":{"type":"string","description":"The PEM-encoded public certificate of the cluster's CA.","description_kind":"plain","computed":true,"sensitive":true},"control_plane_version":{"type":"string","description":"The control plane release version.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of the Kubernetes API server.","description_kind":"plain","computed":true},"external_load_balancer_ipv4_address_pools":{"type":["list","string"],"description":"Address pools for cluster data plane external load balancing.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the edgecloud cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"maintenance_events":{"type":["list",["object",{"create_time":"string","end_time":"string","operation":"string","schedule":"string","start_time":"string","state":"string","target_version":"string","type":"string","update_time":"string","uuid":"string"}]],"description":"All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The GDCE cluster name.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the Kubernetes API server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"]","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Indicates the status of the cluster.","description_kind":"plain","computed":true},"target_version":{"type":"string","description":"The target cluster version. For example: \"1.5.0\".","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"An active Google username.","description_kind":"plain","required":true}},"description":"User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"RBAC policy that will be applied and managed by GEC.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"local":{"nesting_mode":"list","block":{"attributes":{"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\u003cname\u003e\",\nand is documented here: [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.","description_kind":"plain","optional":true,"computed":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true},"shared_deployment_policy":{"type":"string","description":"Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Local control plane configuration.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote control plane configuration.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the cluster control plane.","description_kind":"plain"},"max_items":1},"control_plane_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g.\nprojects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}\nto use for protecting control plane disks. If not specified, a\nGoogle-managed key will be used instead.","description_kind":"plain","optional":true,"computed":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.","description_kind":"plain","computed":true},"kms_status":{"type":["list",["object",{"code":"number","message":"string"}]],"description":"Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.","description_kind":"plain","computed":true}},"description":"Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The name of the Fleet host project where this cluster will be registered.\nProject names are formatted as\n'projects/\u003cproject-number\u003e'.","description_kind":"plain","required":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"window":{"nesting_mode":"list","block":{"block_types":{"recurring_window":{"nesting_mode":"list","block":{"attributes":{"recurrence":{"type":"string","description":"An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Represents an arbitrary window of time that recurs.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the maintenance window in which maintenance may be performed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Cluster-wide maintenance policy configuration.","description_kind":"plain"},"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"cluster_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.","description_kind":"plain","computed":true},"services_ipv4_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"services_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"system_addons_config":{"nesting_mode":"list","block":{"block_types":{"ingress":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Whether Ingress is disabled.","description_kind":"plain","optional":true,"computed":true},"ipv4_vip":{"type":"string","description":"Ingress VIP.","description_kind":"plain","optional":true,"computed":true}},"description":"Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.","description_kind":"plain"},"max_items":1}},"description":"Config that customers are allowed to define for GDCE system add-ons.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_node_pool":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The name of the target Distributed Cloud Edge Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the node pool was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\u003cname\u003e\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the node pool.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"The number of nodes in the pool.","description_kind":"plain","required":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the node pool was last updated.","description_kind":"plain","computed":true}},"block_types":{"local_disk_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks.\nIf not specified, a Google-managed key will be used instead.","description_kind":"plain","optional":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.","description_kind":"plain","computed":true}},"description":"Local disk encryption options. This field is only used when enabling CMEK support.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"\"The Kubernetes node labels\"","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for each node in the NodePool","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_vpn_connection":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the VPN connection was created.","description_kind":"plain","computed":true},"details":{"type":["list",["object",{"cloud_router":["list",["object",{"name":"string"}]],"cloud_vpns":["list",["object",{"gateway":"string"}]],"error":"string","state":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_high_availability":{"type":"bool","description":"Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Google Cloud Platform location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of VPN connection","description_kind":"plain","required":true},"nat_gateway_ip":{"type":"string","description":"NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The VPN connection Cloud Router name.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the VPN connection was last updated.","description_kind":"plain","computed":true},"vpc":{"type":"string","description":"The network ID of VPC to connect to.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_project":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project of the VPC to connect to. If not specified, it is the same as the cluster project.","description_kind":"plain","optional":true}},"description":"Project detail of the VPC network. Required if VPC is in a different project than the cluster project.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_edgenetwork_network":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"mtu":{"type":"number","description":"IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","computed":true},"network_id":{"type":"string","description":"A unique ID that identifies this network.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgenetwork_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_cidr":{"type":["list","string"],"description":"The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"ipv6_cidr":{"type":["list","string"],"description":"The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"The ID of the network to which this router belongs.\nMust be of the form: 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current stage of the resource to the device by config push.","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"A unique ID that identifies this subnet.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID for this subnetwork. If not specified, one is assigned automatically.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value.","description_kind":"plain","computed":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1},"http_endpoint":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS.","description_kind":"plain","required":true}},"description":"An HTTP endpoint destination described by an URI.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`","description_kind":"plain","required":true}},"description":"Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","optional":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_app_attest_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the App Attest configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_debug_token":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of a\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id),\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id),\nor [Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id)","description_kind":"plain","required":true},"debug_token_id":{"type":"string","description":"The last segment of the resource name of the debug token.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A human readable display name used to identify this debug token.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token":{"type":"string","description":"The secret token itself. Must be provided during creation, and must be a UUID4,\ncase insensitive. You may use a method of your choice such as random/random_uuid\nto generate the token.\n\nThis field is immutable once set, and cannot be updated. You can, however, delete\nthis debug token to revoke it.\n\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_play_integrity_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the Play Integrity configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_enterprise_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA Enterprise configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_key":{"type":"string","description":"The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application.\n\n**Important**: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key.","description_kind":"plain","required":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_v3_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA V3 configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_secret":{"type":"string","description":"The site secret used to identify your service for reCAPTCHA v3 verification.\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true},"site_secret_set":{"type":"bool","description":"Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_service_config":{"version":0,"block":{"attributes":{"enforcement_mode":{"type":"string","description":"The App Check enforcement mode for a service supported by App Check. Valid values are\n\n(Unset)\nFirebase App Check is not enforced for the service, nor are App Check metrics collected.\nThough the service is not protected by App Check in this mode, other applicable protections,\nsuch as user authorization, are still enforced. An unconfigured service is in this mode by default.\nThis is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the\nenforcement to OFF for this service.\n\nUNENFORCED\nFirebase App Check is not enforced for the service. App Check metrics are collected to help you\ndecide when to turn on enforcement for the service. Though the service is not protected by App Check\nin this mode, other applicable protections, such as user authorization, are still enforced.\n\nENFORCED\nFirebase App Check is enforced for the service. The service will reject any request that attempts to\naccess your project's resources if it does not have valid App Check token attached, with some exceptions\ndepending on the service; for example, some services will still allow requests bearing the developer's\nprivileged service account credentials without an App Check token. App Check metrics continue to be\ncollected to help you detect issues with your App Check integration and monitor the composition of your\ncallers. While the service is protected by App Check, other applicable protections, such as user\nauthorization, continue to be enforced at the same time.\n\nUse caution when choosing to enforce App Check on a Firebase service. If your users have not updated\nto an App Check capable version of your app, their apps will no longer be able to use your Firebase\nservices that are enforcing App Check. App Check metrics can help you decide whether to enforce App\nCheck on your Firebase services.\n\nIf your app has not launched yet, you should enable enforcement immediately, since there are no outdated\nclients in use. Possible values: [\"UNENFORCED\", \"ENFORCED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The fully-qualified resource name of the service enforcement configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The identifier of the service to configure enforcement. Currently, the following service IDs are supported:\n firebasestorage.googleapis.com (Cloud Storage for Firebase)\n firebasedatabase.googleapis.com (Firebase Realtime Database)\n firestore.googleapis.com (Cloud Firestore)\n identitytoolkit.googleapis.com (Authentication)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique backup schedule identifier across all locations and databases for the given project. Format:\n'projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".\n\nFor a daily backup recurrence, set this to a value up to 7 days. If you set a weekly backup recurrence, set this to a value up to 14 weeks.","description_kind":"plain","required":true}},"block_types":{"daily_recurrence":{"nesting_mode":"list","block":{"description":"For a schedule that runs daily at a specified time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"weekly_recurrence":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"The day of week to run. Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"For a schedule that runs weekly on a specific day and time.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The timestamp at which this database was created.","description_kind":"plain","computed":true},"delete_protection_state":{"type":"string","description":"State of delete protection for the database.\nWhen delete protection is enabled, this database cannot be deleted.\nThe default value is 'DELETE_PROTECTION_STATE_UNSPECIFIED', which is currently equivalent to 'DELETE_PROTECTION_DISABLED'.\n**Note:** Additionally, to delete this database using 'terraform destroy', 'deletion_policy' must be set to 'DELETE'. Possible values: [\"DELETE_PROTECTION_STATE_UNSPECIFIED\", \"DELETE_PROTECTION_ENABLED\", \"DELETE_PROTECTION_DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Deletion behavior for this database.\nIf the deletion policy is 'ABANDON', the database will be removed from Terraform state but not deleted from Google Cloud upon destruction.\nIf the deletion policy is 'DELETE', the database will both be removed from Terraform state and deleted from Google Cloud upon destruction.\nThe default value is 'ABANDON'.\nSee also 'delete_protection'.","description_kind":"plain","optional":true},"earliest_version_time":{"type":"string","description":"Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod.\nThis value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available locations are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"point_in_time_recovery_enablement":{"type":"string","description":"Whether to enable the PITR feature on this database.\nIf 'POINT_IN_TIME_RECOVERY_ENABLED' is selected, reads are supported on selected versions of the data from within the past 7 days.\nversionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour\nand reads against 1-minute snapshots beyond 1 hour and within 7 days.\nIf 'POINT_IN_TIME_RECOVERY_DISABLED' is selected, reads are supported on any version of the data from within the past 1 hour. Default value: \"POINT_IN_TIME_RECOVERY_DISABLED\" Possible values: [\"POINT_IN_TIME_RECOVERY_ENABLED\", \"POINT_IN_TIME_RECOVERY_DISABLED\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The system-generated UUID4 for this Database.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp at which this database was most recently updated.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"Output only. The period during which past versions of data are retained in the database.\nAny read or query can specify a readTime within this window, and will read the state of the database at that time.\nIf the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of TTL (time-to-live) configuration for documents that have this Field set.","description_kind":"plain","computed":true}},"description":"The TTL configuration for this Field. If set to an empty block (i.e. 'ttl_config {}'), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource).","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"api_scope":{"type":"string","description":"The API scope at which a query is run. Default value: \"ANY_API\" Possible values: [\"ANY_API\", \"DATASTORE_MODE_API\"]","description_kind":"plain","optional":true},"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\", \"COLLECTION_RECURSIVE\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"description":"The fields supported by this index. The last field entry is always for\nthe field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the\nsame direction as that of the last field defined. If the final field\nin a composite index is not directional, the '__name__' will be\nordered '\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":2},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.]","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan":{"version":0,"block":{"attributes":{"backup_plan":{"type":"string","description":"A reference to the BackupPlan from which Backups may be used\nas the source for Restores created via this RestorePlan.","description_kind":"plain","required":true},"cluster":{"type":"string","description":"The source cluster from which Restores will be created via this RestorePlan.","description_kind":"plain","required":true},"description":{"type":"string","description":"User specified descriptive string for this RestorePlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Restore Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The State of the RestorePlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why RestorePlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"restore_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, restore all namespaced resources in the Backup.\nSetting this field to False will result in an error.","description_kind":"plain","optional":true},"cluster_resource_conflict_policy":{"type":"string","description":"Defines the behavior for handling the situation where cluster-scoped resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED'\nif 'clusterResourceRestoreScope' is anyting other than 'noGroupKinds'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy\nfor more information on each policy option. Possible values: [\"USE_EXISTING_VERSION\", \"USE_BACKUP_VERSION\"]","description_kind":"plain","optional":true},"namespaced_resource_restore_mode":{"type":"string","description":"Defines the behavior for handling the situation where sets of namespaced resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode\nfor more information on each mode. Possible values: [\"DELETE_AND_RESTORE\", \"FAIL_ON_CONFLICT\"]","description_kind":"plain","optional":true},"no_namespaces":{"type":"bool","description":"Do not restore any namespaced resources if set to \"True\".\nSpecifying this field to \"False\" is not allowed.","description_kind":"plain","optional":true},"volume_data_restore_policy":{"type":"string","description":"Specifies the mechanism to be used to restore volume data.\nThis should be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nIf not specified, it will be treated as 'NO_VOLUME_DATA_RESTORATION'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","optional":true}},"block_types":{"cluster_resource_restore_scope":{"nesting_mode":"list","block":{"attributes":{"all_group_kinds":{"type":"bool","description":"If True, all valid cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true},"no_group_kinds":{"type":"bool","description":"If True, no cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true}},"block_types":{"excluded_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to NOT restore from the backup.\nIf specified, all valid cluster-scoped resources will be restored except\nfor those specified in the list.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain"}},"selected_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to restore from the backup.\nIf specified, only the selected resources will be restored.\nMutually exclusive to any other field in the 'clusterResourceRestoreScope'.","description_kind":"plain"}}},"description":"Identifies the cluster-scoped resources to restore from the Backup.","description_kind":"plain"},"max_items":1},"excluded_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces excluded from restoration.\nAll namespaces except those in this list will be restored.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of selected ProtectedApplications to restore.\nThe listed ProtectedApplications and all the resources\nto which they refer will be restored.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces to restore from the Backup.\nThe listed Namespaces and all resources contained in them will be restored.","description_kind":"plain"},"max_items":1},"transformation_rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description is a user specified string description\nof the transformation rule.","description_kind":"plain","optional":true}},"block_types":{"field_actions":{"nesting_mode":"list","block":{"attributes":{"from_path":{"type":"string","description":"A string containing a JSON Pointer value that references the\nlocation in the target document to move the value from.","description_kind":"plain","optional":true},"op":{"type":"string","description":"Specifies the operation to perform. Possible values: [\"REMOVE\", \"MOVE\", \"COPY\", \"ADD\", \"TEST\", \"REPLACE\"]","description_kind":"plain","required":true},"path":{"type":"string","description":"A string containing a JSON-Pointer value that references a\nlocation within the target document where the operation is performed.","description_kind":"plain","optional":true},"value":{"type":"string","description":"A string that specifies the desired value in string format\nto use for transformation.","description_kind":"plain","optional":true}},"description":"A list of transformation rule actions to take against candidate\nresources. Actions are executed in order defined - this order\nmatters, as they could potentially interfere with each other and\nthe first operation could affect the outcome of the second operation.","description_kind":"plain"},"min_items":1},"resource_filter":{"nesting_mode":"list","block":{"attributes":{"json_path":{"type":"string","description":"This is a JSONPath expression that matches specific fields of\ncandidate resources and it operates as a filtering parameter\n(resources that are not matched with this expression will not\nbe candidates for transformation).","description_kind":"plain","optional":true},"namespaces":{"type":["list","string"],"description":"(Filtering parameter) Any resource subject to transformation must\nbe contained within one of the listed Kubernetes Namespace in the\nBackup. If this field is not provided, no namespace filtering will\nbe performed (all resources in all Namespaces, including all\ncluster-scoped resources, will be candidates for transformation).\nTo mix cluster-scoped and namespaced resources in the same rule,\nuse an empty string (\"\") as one of the target namespaces.","description_kind":"plain","optional":true}},"block_types":{"group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"(Filtering parameter) Any resource subject to transformation must\nbelong to one of the listed \"types\". If this field is not provided,\nno type filtering will be performed\n(all resources of all types matching previous filtering parameters\nwill be candidates for transformation).","description_kind":"plain"}}},"description":"This field is used to specify a set of fields that should be used to\ndetermine which resources in backup should be acted upon by the\nsupplied transformation rule actions, and this will ensure that only\nspecific resources are affected by transformation rule actions.","description_kind":"plain"},"max_items":1}},"description":"A list of transformation rules to be applied against Kubernetes\nresources as they are selected for restoration from a Backup.\nRules are executed in order defined - this order matters,\nas changes made by a rule may impact the filtering logic of subsequent\nrules. An empty list means no transformation will occur.","description_kind":"plain"}}},"description":"Defines the configuration of Restores created via this RestorePlan.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"fleet_default_member_config":{"nesting_mode":"list","block":{"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","optional":true}},"block_types":{"config_sync":{"nesting_mode":"list","block":{"attributes":{"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in hierarchical or unstructured mode","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS Proxy to be used when communicating with the Git repo","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true}},"description":"Git repo configuration for the cluster","description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","deprecated":true,"optional":true}},"description":"OCI repo configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"ConfigSync configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"Config Management spec","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Whether to automatically manage Service Mesh Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","required":true}},"description":"Service Mesh spec","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Configures the version of Policy Controller","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation Possible values: [\"INSTALL_SPEC_UNSPECIFIED\", \"INSTALL_SPEC_NOT_INSTALLED\", \"INSTALL_SPEC_ENABLED\", \"INSTALL_SPEC_SUSPENDED\", \"INSTALL_SPEC_DETACHED\"]","description_kind":"plain","required":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component":{"type":"string","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: [\"AFFINITY_UNSPECIFIED\", \"NO_AFFINITY\", \"ANTI_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_toleration":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":"Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: [\"MONITORING_BACKEND_UNSPECIFIED\", \"PROMETHEUS\", \"CLOUD_MONITORING\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Monitoring specifies the configuration of monitoring Policy Controller.","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle":{"type":"string","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"Configures which bundles to install and their corresponding install specs.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: [\"INSTALATION_UNSPECIFIED\", \"NOT_INSTALLED\", \"ALL\"]","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Configuration of Policy Controller","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller spec","description_kind":"plain"},"max_items":1}},"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"clusterupgrade":{"nesting_mode":"list","block":{"attributes":{"upstream_fleets":{"type":["list","string"],"description":"Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id.","description_kind":"plain","required":true}},"block_types":{"gke_upgrade_overrides":{"nesting_mode":"list","block":{"block_types":{"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"min_items":1,"max_items":1},"upgrade":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the upgrade, e.g., \"k8s_control_plane\". It should be a valid upgrade name. It must not exceet 99 characters.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the upgrade, e.g., \"1.22.1-gke.100\". It should be a valid version. It must not exceet 99 characters.","description_kind":"plain","required":true}},"description":"Which upgrade to override.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration overrides for individual upgrades.","description_kind":"plain"}},"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"max_items":1}},"description":"Clusterupgrade feature spec.","description_kind":"plain"},"max_items":1},"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_membership":{"version":0,"block":{"attributes":{"feature":{"type":"string","description":"The name of the feature","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the feature","description_kind":"plain","required":true},"membership":{"type":"string","description":"The name of the membership","description_kind":"plain","required":true},"membership_location":{"type":"string","description":"The location of the membership","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project of the feature","description_kind":"plain","optional":true,"computed":true}},"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of ACM to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binauthz":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether binauthz is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.","description_kind":"plain"},"max_items":1},"config_sync":{"nesting_mode":"list","block":{"attributes":{"metrics_gcp_service_account_email":{"type":"string","description":"The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secretType is gcpServiceAccount.","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS proxy to be used when communicating with the Git repo.","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth.","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. ","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds(int64 format) between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"Config Sync configuration for the cluster.","description_kind":"plain"},"max_items":1},"hierarchy_controller":{"nesting_mode":"list","block":{"attributes":{"enable_hierarchical_resource_quota":{"type":"bool","description":"Whether hierarchical resource quota is enabled in this cluster.","description_kind":"plain","optional":true},"enable_pod_tree_labels":{"type":"bool","description":"Whether pod tree labels are enabled in this cluster.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether Hierarchy Controller is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"Hierarchy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1},"policy_controller":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"string","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true},"template_library_installed":{"type":"bool","description":"Installs the default template library along with Policy Controller.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1}},"description":"Config Management-specific spec.","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"control_plane":{"type":"string","description":"**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL","description_kind":"plain","deprecated":true,"optional":true},"management":{"type":"string","description":"Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL","description_kind":"plain","optional":true}},"description":"Manage Mesh Features","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of Policy Controller to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation. Possible values: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller-specific spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_fleet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the fleet was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the fleet was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"The state of the fleet resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource. This is unique across all\nFleet resources. If a Fleet resource is deleted and another\nresource with the same name is created, it gets a different uid.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the fleet was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"default_cluster_config":{"nesting_mode":"list","block":{"block_types":{"binary_authorization_config":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. Possible values: [\"DISABLED\", \"POLICY_BINDINGS\"]","description_kind":"plain","optional":true}},"block_types":{"policy_bindings":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The relative resource name of the binauthz platform policy to audit. GKE\nplatform policies have the following format:\n'projects/{project_number}/platforms/gke/policies/{policy_id}'.","description_kind":"plain","optional":true}},"description":"Binauthz policies that apply to this cluster.","description_kind":"plain"}}},"description":"Enable/Disable binary authorization features for the cluster.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets which mode to use for Security Posture features. Possible values: [\"DISABLED\", \"BASIC\"]","description_kind":"plain","optional":true},"vulnerability_mode":{"type":"string","description":"Sets which mode to use for vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_BASIC\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Enable/Disable Security Posture features for the cluster.","description_kind":"plain"},"max_items":1}},"description":"The default cluster configurations to apply across the fleet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership.\nThe default value is 'global'.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster' (must be 'locations' rather than 'zones'). If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_namespace":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Namespace was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Namespace.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the namespace","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Namespace-level cluster namespace labels. These labels are applied\nto the related namespace of the member clusters bound to the parent\nScope. Scope-level labels ('namespace_labels' in the Fleet Scope\nresource) take precedence over Namespace-level labels if they share\na key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The name of the Scope instance.","description_kind":"plain","required":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_namespace_id":{"type":"string","description":"The client-provided identifier of the namespace.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the namespace resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Scope was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Scope was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Scope.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the scope","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Scope-level cluster namespace labels. For the member clusters bound\nto the Scope, these labels are applied to each namespace under the\nScope. Scope-level labels take precedence over Namespace-level\nlabels ('namespace_labels' in the Fleet Namespace resource) if they\nshare a key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"The client-provided identifier of the scope.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the scope resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Scope was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_hub_scope_rbac_role_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the RBAC Role Binding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the RBAC Role Binding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\ngroup is the group, as seen by the kubernetes cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this ScopeRBACRoleBinding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the RBAC Role Binding","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_rbac_role_binding_id":{"type":"string","description":"The client-provided identifier of the RBAC Role Binding.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the RBAC Role Binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the RBAC Role Binding was updated in UTC.","description_kind":"plain","computed":true},"user":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\nuser is the name of the user as seen by the kubernetes cluster, example\n\"alice\" or \"alice@domain.tld\"","description_kind":"plain","optional":true}},"block_types":{"role":{"nesting_mode":"list","block":{"attributes":{"predefined_role":{"type":"string","description":"PredefinedRole is an ENUM representation of the default Kubernetes Roles Possible values: [\"UNKNOWN\", \"ADMIN\", \"EDIT\", \"VIEW\"]","description_kind":"plain","optional":true}},"description":"Role to bind to the principal.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_admin_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Admin Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal Admin Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Admin Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal admin cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal Admin Cluster.","description_kind":"plain","computed":true}},"block_types":{"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the Admin Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The Admin Cluster this Bare Metal User Cluster belongs to.\nThis is the full resource name of the Admin Cluster's hub membership.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. If unspecified,\ndefaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization related configurations.","description_kind":"plain"},"max_items":1},"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the User Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"bgp_lb_config":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) of the cluster.\nThis field can be updated after cluster creation.","description_kind":"plain","required":true}},"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"string","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"bgp_peer_configs":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) for the network that contains the\nexternal peer device.","description_kind":"plain","required":true},"control_plane_nodes":{"type":["list","string"],"description":"The IP address of the control plane node that connects to the external\npeer.\nIf you don't specify any control plane nodes, all control plane nodes\ncan connect to the external peer. If you specify one or more IP addresses,\nonly the nodes specified participate in peering sessions.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the external peer device.","description_kind":"plain","required":true}},"description":"The list of BGP peers that the cluster will connect to.\nAt least one peer must be configured for each control plane node.\nControl plane nodes will connect to these peers to advertise the control\nplane VIP. The Services load balancer also uses these peers by default.\nThis field can be updated after cluster creation.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"registry_burst":{"type":"number","description":"The maximum size of bursty pulls, temporarily allows pulls to burst to this\nnumber, while still not exceeding registry_pull_qps.\nThe value must not be a negative number.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 10.","description_kind":"plain","optional":true},"registry_pull_qps":{"type":"number","description":"The limit of registry pulls per second.\nSetting this value to 0 means no limit.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 5.","description_kind":"plain","optional":true},"serialize_image_pulls_disabled":{"type":"bool","description":"Prevents the Kubelet from pulling multiple images at a time.\nWe recommend *not* changing the default value on nodes that run docker\ndaemon with version \u003c 1.9 or an Another Union File System (Aufs) storage\nbackend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has\nmore details.","description_kind":"plain","optional":true}},"description":"The modifiable kubelet configurations for the baremetal machines.","description_kind":"plain"},"max_items":1},"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the node pool running data plane load balancing. L2 connectivity\nis required among nodes in this pool. If missing, the control plane node\npool is used for data plane load balancing.","description_kind":"plain"},"max_items":1}},"description":"Configuration for BGP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the load balancer's node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.","description_kind":"plain","required":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enables the use of advanced Anthos networking features, such as Bundled\nLoad Balancing with BGP or the egress NAT gateway.\nSetting configuration for advanced networking features will automatically\nset this flag.","description_kind":"plain","optional":true}},"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"multiple_network_interfaces_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable multiple network interfaces for your pods.\nWhen set network_config.advanced_networking is automatically\nset to true.","description_kind":"plain","optional":true}},"description":"Configuration for multiple network interfaces.","description_kind":"plain"},"max_items":1},"sr_iov_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to install the SR-IOV operator.","description_kind":"plain","optional":true}},"description":"Configuration for SR-IOV.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"container_runtime":{"type":"string","description":"The available runtimes that can be used to run containers in a Bare Metal User Cluster. Possible values: [\"CONTAINER_RUNTIME_UNSPECIFIED\", \"DOCKER\", \"CONTAINERD\"]","description_kind":"plain","optional":true,"computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"os_environment_config":{"nesting_mode":"list","block":{"attributes":{"package_repo_excluded":{"type":"bool","description":"Whether the package repo should not be included when initializing\nbare metal machines.","description_kind":"plain","required":true}},"description":"OS environment related configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies which upgrade policy to use. Possible values: [\"SERIAL\", \"CONCURRENT\"]","description_kind":"plain","optional":true}},"description":"The cluster upgrade policy.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Bare Metal Node Pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal node pool name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed node pool status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Node Pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"},"min_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"Node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_vmware_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The admin cluster this VMware User Cluster belongs to.\nThis is the full resource name of the admin cluster's hub membership.\nIn the future, references to other resource types might be allowed if\nadmin clusters are modeled as their own resources.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the VMware User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which VMware User Cluster was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time at which VMware User Cluster was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this VMware User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_control_plane_v2":{"type":"bool","description":"Enable control plane V2. Default to false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The DNS name of VMware User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet configuration for the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the VMware OnPremUserCluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\n\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The VMware cluster name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"The Anthos clusters on the VMware version for your user cluster.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the VMware User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the VMware User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which VMware User Cluster was last updated.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"ValidationCheck represents the result of the preflight check job.","description_kind":"plain","computed":true},"vm_tracking_enabled":{"type":"bool","description":"Enable VM tracking.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"anti_affinity_groups":{"nesting_mode":"list","block":{"attributes":{"aag_config_disabled":{"type":"bool","description":"Spread nodes across at least three physical hosts (requires at least three\nhosts).\nEnabled by default.","description_kind":"plain","required":true}},"description":"AAGConfig specifies whether to spread VMware User Cluster nodes across at\nleast three physical hosts in the datacenter.","description_kind":"plain"},"max_items":1},"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster.","description_kind":"plain"}}},"description":"RBAC policy that will be applied and managed by GKE On-Prem.","description_kind":"plain"},"max_items":1},"auto_repair_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether auto repair is enabled.","description_kind":"plain","required":true}},"description":"Configuration for auto repairing.","description_kind":"plain"},"max_items":1},"control_plane_node":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"number","description":"The number of CPUs for each admin cluster node that serve as control planes\nfor this VMware User Cluster. (default: 4 CPUs)","description_kind":"plain","optional":true},"memory":{"type":"number","description":"The megabytes of memory for each admin cluster node that serves as a\ncontrol plane for this VMware User Cluster (default: 8192 MB memory).","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of control plane nodes for this VMware User Cluster.\n(default: 1 replica).","description_kind":"plain","optional":true},"vsphere_config":{"type":["list",["object",{"datastore":"string","storage_policy_name":"string"}]],"description":"Vsphere-specific config.","description_kind":"plain","computed":true}},"block_types":{"auto_resize_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable control plane node auto resizing.","description_kind":"plain","required":true}},"description":"AutoResizeConfig provides auto resizing configurations.","description_kind":"plain"},"max_items":1}},"description":"VMware User Cluster control plane nodes must have either 1 or 3 replicas.","description_kind":"plain"},"min_items":1,"max_items":1},"dataplane_v2":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enable advanced networking which requires dataplane_v2_enabled to be set true.","description_kind":"plain","optional":true},"dataplane_v2_enabled":{"type":"bool","description":"Enables Dataplane V2.","description_kind":"plain","optional":true},"windows_dataplane_v2_enabled":{"type":"bool","description":"Enable Dataplane V2 for clusters with Windows nodes.","description_kind":"plain","optional":true}},"description":"VmwareDataplaneV2Config specifies configuration for Dataplane V2.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"f5_config":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The load balancer's IP address.","description_kind":"plain","optional":true},"partition":{"type":"string","description":"he preexisting partition to be used by the load balancer. T\nhis partition is usually created for the admin cluster for example:\n'my-f5-admin-partition'.","description_kind":"plain","optional":true},"snat_pool":{"type":"string","description":"The pool name. Only necessary, if using SNAT.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for F5 Big IP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_node_port":{"type":"number","description":"NodePort for control plane service. The Kubernetes API server in the admin\ncluster is implemented as a Service of type NodePort (ex. 30968).","description_kind":"plain","optional":true,"computed":true},"ingress_http_node_port":{"type":"number","description":"NodePort for ingress service's http. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 32527).","description_kind":"plain","optional":true,"computed":true},"ingress_https_node_port":{"type":"number","description":"NodePort for ingress service's https. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 30139).","description_kind":"plain","optional":true,"computed":true},"konnectivity_server_node_port":{"type":"number","description":"NodePort for konnectivity server service running as a sidecar in each\nkube-apiserver pod (ex. 30564).","description_kind":"plain","optional":true,"computed":true}},"description":"Manually configured load balancers.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address\nmust be either in the CIDR form (1.2.3.0/24) or range\nform (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for\nthose special IP addresses.","description_kind":"plain","optional":true,"computed":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true,"computed":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1}},"description":"Configuration for MetalLB typed load balancers.","description_kind":"plain"},"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this cluster.","description_kind":"plain","optional":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this cluster.","description_kind":"plain","optional":true}},"description":"The VIPs used by the load balancer.","description_kind":"plain"},"max_items":1}},"description":"Load Balancer configuration.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges.\nOnly a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address\nfrom these ranges. Only a single range is supported.. This field\ncannot be changed after creation.","description_kind":"plain","required":true},"vcenter_network":{"type":"string","description":"vcenter_network specifies vCenter network name. Inherited from the admin cluster.","description_kind":"plain","computed":true}},"block_types":{"control_plane_v2_config":{"nesting_mode":"list","block":{"block_types":{"control_plane_ip_block":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","optional":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","optional":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","optional":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"}}},"description":"Static IP addresses for the control plane nodes.","description_kind":"plain"},"max_items":1}},"description":"Configuration for control plane V2 mode.","description_kind":"plain"},"max_items":1},"dhcp_ip_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"enabled is a flag to mark if DHCP IP allocation is\nused for VMware user clusters.","description_kind":"plain","required":true}},"description":"Configuration settings for a DHCP IP configuration.","description_kind":"plain"},"max_items":1},"host_config":{"nesting_mode":"list","block":{"attributes":{"dns_search_domains":{"type":["list","string"],"description":"DNS search domains.","description_kind":"plain","optional":true},"dns_servers":{"type":["list","string"],"description":"DNS servers.","description_kind":"plain","optional":true},"ntp_servers":{"type":["list","string"],"description":"NTP servers.","description_kind":"plain","optional":true}},"description":"Represents common network settings irrespective of the host's IP address.","description_kind":"plain"},"max_items":1},"static_ip_config":{"nesting_mode":"list","block":{"block_types":{"ip_blocks":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","required":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","required":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","required":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"},"min_items":1}},"description":"Represents the configuration values for static IP allocation to nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration settings for a static IP configuration.","description_kind":"plain"},"max_items":1}},"description":"The VMware User Cluster network configuration.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"attributes":{"vsphere_csi_disabled":{"type":"bool","description":"Whether or not to deploy vSphere CSI components in the VMware User Cluster.\nEnabled by default.","description_kind":"plain","required":true}},"description":"Storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"control_plane_only":{"type":"bool","description":"Controls whether the upgrade applies to the control plane only.","description_kind":"plain","optional":true}},"description":"Specifies upgrade policy for the cluster.","description_kind":"plain"},"max_items":1},"vcenter":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The vCenter IP address.","description_kind":"plain","computed":true},"ca_cert_data":{"type":"string","description":"Contains the vCenter CA certificate public key for SSL verification.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The name of the vCenter cluster for the user cluster.","description_kind":"plain","optional":true},"datacenter":{"type":"string","description":"The name of the vCenter datacenter for the user cluster.","description_kind":"plain","optional":true},"datastore":{"type":"string","description":"The name of the vCenter datastore for the user cluster.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The name of the vCenter folder for the user cluster.","description_kind":"plain","optional":true},"resource_pool":{"type":"string","description":"The name of the vCenter resource pool for the user cluster.","description_kind":"plain","optional":true},"storage_policy_name":{"type":"string","description":"The name of the vCenter storage policy for the user cluster.","description_kind":"plain","optional":true}},"description":"VmwareVCenterConfig specifies vCenter config for the user cluster.\nInherited from the admin cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_vmware_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the node pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The vmware node pool name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"Anthos version for the node pool. Defaults to the user cluster version.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"vmware_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"VMware disk size to be used during creation.","description_kind":"plain","optional":true},"cpus":{"type":"number","description":"The number of CPUs for each node in the node pool.","description_kind":"plain","optional":true},"enable_load_balancer":{"type":"bool","description":"Allow node pool traffic to be load balanced. Only works for clusters with\nMetalLB load balancers.","description_kind":"plain","optional":true},"image":{"type":"string","description":"The OS image name in vCenter, only valid when using Windows.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The OS image to be used for each node in a node pool.\nCurrently 'cos', 'ubuntu', 'ubuntu_containerd' and 'windows' are supported.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node.\nThese will added in addition to any default label(s) that\nKubernetes may apply to the node.\nIn case of conflict in label keys, the applied set may differ depending on\nthe Kubernetes version -- it's best to assume the behavior is undefined\nand conflicts should be avoided.","description_kind":"plain","optional":true,"computed":true},"memory_mb":{"type":"number","description":"The megabytes of memory for each node in the node pool.","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of nodes in the node pool.","description_kind":"plain","optional":true}},"block_types":{"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Available taint effects. Possible values: [\"EFFECT_UNSPECIFIED\", \"NO_SCHEDULE\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","required":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}},"vsphere_config":{"nesting_mode":"list","block":{"attributes":{"datastore":{"type":"string","description":"The name of the vCenter datastore. Inherited from the user cluster.","description_kind":"plain","optional":true},"host_groups":{"type":["list","string"],"description":"Vsphere host groups to apply to all VMs in the node pool","description_kind":"plain","optional":true}},"block_types":{"tags":{"nesting_mode":"list","block":{"attributes":{"category":{"type":"string","description":"The Vsphere tag category.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The Vsphere tag name.","description_kind":"plain","optional":true}},"description":"Tags to apply to VMs.","description_kind":"plain"}}},"description":"Specifies the vSphere config for node pool.","description_kind":"plain"},"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"node_pool_autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_replicas":{"type":"number","description":"Maximum number of replicas in the NodePool.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"Minimum number of replicas in the NodePool.","description_kind":"plain","required":true}},"description":"Node Pool autoscaling config for the node pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_search_handling_strict":{"type":"bool","description":"If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters.\nIf false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters.\nThe handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.","description_kind":"plain","optional":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"reject_duplicate_message":{"type":"bool","description":"Determines whether duplicate messages are allowed.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_deny_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"deny_rule":{"nesting_mode":"list","block":{"attributes":{"denied_permissions":{"type":["list","string"],"description":"The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',\nwhere '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.","description_kind":"plain","optional":true},"denied_principals":{"type":["list","string"],"description":"The identities that are prevented from using one or more permissions on Google Cloud resources.","description_kind":"plain","optional":true},"exception_permissions":{"type":["list","string"],"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.\nIf a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.\nThe excluded permissions can be specified using the same syntax as deniedPermissions.","description_kind":"plain","optional":true},"exception_principals":{"type":["list","string"],"description":"The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.\nFor example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.","description_kind":"plain","optional":true}},"block_types":{"denial_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A deny rule in an IAM deny policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"access_restrictions":{"nesting_mode":"list","block":{"attributes":{"disable_programmatic_signin":{"type":"bool","description":"Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.\nSee [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).","description_kind":"plain","optional":true}},"block_types":{"allowed_services":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the service.\nExample: console.cloud.google","description_kind":"plain","optional":true}},"description":"Services allowed for web sign-in with the workforce pool.\nIf not set by default there are no restrictions.","description_kind":"plain"}}},"description":"Configure access restrictions on the workforce pool users. This is an optional field. If specified web\nsign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"additional_scopes":{"type":["list","string"],"description":"Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the 'openid', 'profile' and 'email' scopes that are supported by the identity provider are requested.\nEach additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.","description_kind":"plain","optional":true},"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc or saml.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.","description_kind":"plain","required":true}},"description":"An SAML 2.0 identity provider. Not compatible with the property oidc or aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true,"computed":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"client":{"nesting_mode":"list","block":{"attributes":{"api_key":{"type":"string","description":"API key that can be used when making requests for this project.","description_kind":"plain","computed":true,"sensitive":true},"firebase_subdomain":{"type":"string","description":"Firebase subdomain.","description_kind":"plain","computed":true}},"block_types":{"permissions":{"nesting_mode":"list","block":{"attributes":{"disabled_user_deletion":{"type":"bool","description":"When true, end users cannot delete their account on the associated project through any of our API methods","description_kind":"plain","optional":true},"disabled_user_signup":{"type":"bool","description":"When true, end users cannot sign up for a new account on the associated project through any of our API methods","description_kind":"plain","optional":true}},"description":"Configuration related to restricting a user's ability to affect their account.","description_kind":"plain"},"max_items":1}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"mfa":{"nesting_mode":"list","block":{"attributes":{"enabled_providers":{"type":["list","string"],"description":"A list of usable second factors for this project. Possible values: [\"PHONE_SMS\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"provider_configs":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"totp_provider_config":{"nesting_mode":"list","block":{"attributes":{"adjacent_intervals":{"type":"number","description":"The allowed number of adjacent intervals that will be used for verification to avoid clock skew.","description_kind":"plain","optional":true}},"description":"TOTP MFA provider config for this project.","description_kind":"plain"},"max_items":1}},"description":"A list of usable second factors for this project along with their configurations.\nThis field does not support phone based MFA, for that use the 'enabledProviders' field.","description_kind":"plain"}}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"monitoring":{"nesting_mode":"list","block":{"block_types":{"request_logging":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether logging is enabled for this project or not.","description_kind":"plain","optional":true}},"description":"Configuration for logging requests made to this project to Stackdriver Logging","description_kind":"plain"},"max_items":1}},"description":"Configuration related to monitoring project activity.","description_kind":"plain"},"max_items":1},"multi_tenant":{"nesting_mode":"list","block":{"attributes":{"allow_tenants":{"type":"bool","description":"Whether this project can have tenants or not.","description_kind":"plain","optional":true},"default_tenant_location":{"type":"string","description":"The default cloud parent org or folder that the tenant project should be created under.\nThe parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\".\nIf the value is not set, the tenant will be created under the same organization or folder as the agent project.","description_kind":"plain","optional":true}},"description":"Configuration related to multi-tenant functionality.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","required":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","required":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"sms_region_config":{"nesting_mode":"list","block":{"block_types":{"allow_by_default":{"nesting_mode":"list","block":{"attributes":{"disallowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.","description_kind":"plain"},"max_items":1},"allowlist_only":{"nesting_mode":"list","block":{"attributes":{"allowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of only allowing regions by explicitly adding them to an allowlist.","description_kind":"plain"},"max_items":1}},"description":"Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_project_default_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource. Example: \"projects/my-awesome-project/config\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","optional":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","optional":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_connection":{"version":0,"block":{"attributes":{"connection_revision":{"type":"string","description":"Connection revision. This field is only updated when the connection is created or updated by User.","description_kind":"plain","computed":true},"connector_version":{"type":"string","description":"connectorVersion of the Connector.","description_kind":"plain","required":true},"connector_version_infra_config":{"type":["list",["object",{"ratelimit_threshold":"string"}]],"description":"This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version.","description_kind":"plain","computed":true},"connector_version_launch_stage":{"type":"string","description":"Flag to mark the version indicating the launch stage.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An arbitrary description for the Conection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"eventing_enablement_type":{"type":"string","description":"Eventing enablement type. Will be nil if eventing is not enabled. Possible values: [\"EVENTING_AND_CONNECTION\", \"ONLY_EVENTING\"]","description_kind":"plain","optional":true},"eventing_runtime_data":{"type":["list",["object",{"events_listener_endpoint":"string","status":["list",["object",{"description":"string","state":"string"}]]}]],"description":"Eventing Runtime Data.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Connection needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Connection needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Service account needed for runtime plane to access Google Cloud resources.","description_kind":"plain","optional":true,"computed":true},"service_directory":{"type":"string","description":"The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address.\ne.g. \"projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors\"","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"description":"string","state":"string","status":"string"}]],"description":"Status of the Integration Connector.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"This subscription type enum states the subscription type of the project.","description_kind":"plain","computed":true},"suspended":{"type":"bool","description":"Suspended indicates if a user has suspended a connection or not.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\", \"OAUTH2_JWT_BEARER\", \"OAUTH2_CLIENT_CREDENTIALS\", \"SSH_PUBLIC_KEY\", \"OAUTH2_AUTH_CODE_FLOW\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"oauth2_auth_code_flow":{"nesting_mode":"list","block":{"attributes":{"auth_uri":{"type":"string","description":"Auth URL for Authorization Code Flow.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"Client ID for user-provided OAuth app.","description_kind":"plain","optional":true},"enable_pkce":{"type":"bool","description":"Whether to enable PKCE when the user performs the auth code flow.","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description":"Scopes the connection will request when the user performs the auth code flow.","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Client secret for user-provided OAuth app.","description_kind":"plain"},"max_items":1}},"description":"Parameters to support Oauth 2.0 Auth Code Grant Authentication.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"Secret version of Password for Authentication.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing the client secret.","description_kind":"plain"},"max_items":1}},"description":"OAuth3 Client Credentials for Authentication.","description_kind":"plain"},"max_items":1},"oauth2_jwt_bearer":{"nesting_mode":"list","block":{"block_types":{"client_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate.\nThis private key will be used to sign JWTs used for the jwt-bearer authorization grant.\nSpecified in the form as: projects/*/secrets/*/versions/*.","description_kind":"plain"},"max_items":1},"jwt_claims":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Value for the \"aud\" claim.","description_kind":"plain","optional":true},"issuer":{"type":"string","description":"Value for the \"iss\" claim.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"Value for the \"sub\" claim.","description_kind":"plain","optional":true}},"description":"JwtClaims providers fields to generate the token.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 JWT Bearer for Authentication.","description_kind":"plain"},"max_items":1},"ssh_public_key":{"nesting_mode":"list","block":{"attributes":{"cert_type":{"type":"string","description":"Format of SSH Client cert.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The user account used to authenticate.","description_kind":"plain","required":true}},"block_types":{"ssh_client_cert":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"SSH Client Cert. It should contain both public and private key.","description_kind":"plain"},"max_items":1},"ssh_client_cert_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password (passphrase) for ssh client certificate if it has one.","description_kind":"plain"},"max_items":1}},"description":"SSH Public Key for Authentication.","description_kind":"plain"},"max_items":1},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","required":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"authConfig for the connection.","description_kind":"plain"},"max_items":1},"config_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"Config Variables for the connection.","description_kind":"plain"}},"destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The key is the destination identifier that is supported by the Connector.","description_kind":"plain","required":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"For publicly routable host.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port is the target port number that is accepted by the destination.","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"PSC service attachments. Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","optional":true}},"description":"The destinations for the key.","description_kind":"plain"}}},"description":"Define the Connectors target endpoint.","description_kind":"plain"}},"eventing_config":{"nesting_mode":"list","block":{"attributes":{"enrichment_enabled":{"type":"bool","description":"Enrichment Enabled.","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","optional":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"authConfig for Eventing Configuration.","description_kind":"plain"},"max_items":1},"registration_destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Key for the connection","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host","description_kind":"plain","optional":true},"port":{"type":"number","description":"port number","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"Service Attachment","description_kind":"plain","optional":true}},"description":"destinations for the connection","description_kind":"plain"}}},"description":"registrationDestinationConfig","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Eventing Configuration of a connection","description_kind":"plain"},"max_items":1},"lock_config":{"nesting_mode":"list","block":{"attributes":{"locked":{"type":"bool","description":"Indicates whether or not the connection is locked.","description_kind":"plain","required":true},"reason":{"type":"string","description":"Describes why a connection is locked.","description_kind":"plain","optional":true}},"description":"Determines whether or no a connection is locked. If locked, a reason must be specified.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enabled represents whether logging is enabled or not for a connection.","description_kind":"plain","required":true}},"description":"Log configuration for the connection.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true}},"description":"Node configuration for the connection.","description_kind":"plain"},"max_items":1},"ssl_config":{"nesting_mode":"list","block":{"attributes":{"client_cert_type":{"type":"string","description":"Type of Client Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"server_cert_type":{"type":"string","description":"Type of Server Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"trust_model":{"type":"string","description":"Enum for Trust Model Possible values: [\"PUBLIC\", \"PRIVATE\", \"INSECURE\"]","description_kind":"plain","optional":true},"type":{"type":"string","description":"Enum for controlling the SSL Type (TLS/MTLS) Possible values: [\"TLS\", \"MTLS\"]","description_kind":"plain","required":true},"use_ssl":{"type":"bool","description":"Bool for enabling SSL","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"Additional SSL related field values.","description_kind":"plain"}},"client_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Certificate","description_kind":"plain"},"max_items":1},"client_private_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Private Key","description_kind":"plain"},"max_items":1},"client_private_key_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret containing the passphrase protecting the Client Private Key","description_kind":"plain"},"max_items":1},"private_server_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Private Server Certificate. Needs to be specified if trust model is PRIVATE.","description_kind":"plain"},"max_items":1}},"description":"SSL Configuration of a connection","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_endpoint_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"The Private Service Connect connection endpoint ip.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_attachment":{"type":"string","description":"The path of the service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":"string","google_card_certs":"string","google_partition_certs":"string"}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","required":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","required":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve or configure settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"custom_writer_identity":{"type":"string","description":"A service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are routing logs to a destination outside this sink's project. If not specified, a Logging service account will automatically be generated.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the legacy behavior), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (default), then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance\n- LOOKER_CORE_STANDARD: pay as you go standard instance\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"custom_domain":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name","description_kind":"plain","optional":true},"state":{"type":"string","description":"Status of the custom domain.","description_kind":"plain","computed":true}},"description":"Custom domain settings for a Looker instance.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\", \"MEMCACHE_1_6_15\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range_id":{"type":["list","string"],"description":"Contains the name of allocated IP address ranges associated with\nthe private service access connection for example, \"test-default\"\nassociated with IP range 10.0.0.0/29.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the group.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the group.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the group.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the group was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_preference_set":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the preference set was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the preference set.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-friendly display name. Maximum length is 63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the preference set.","description_kind":"plain","computed":true},"preference_set_id":{"type":"string","description":"Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the preference set was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nCOMMITMENT_PLAN_NONE\nCOMMITMENT_PLAN_ONE_YEAR\nCOMMITMENT_PLAN_THREE_YEARS","description_kind":"plain","optional":true},"sizing_optimization_strategy":{"type":"string","description":"Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. \n Possible values:\n SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED\nSIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE\nSIZING_OPTIMIZATION_STRATEGY_MODERATE\nSIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE","description_kind":"plain","optional":true},"target_product":{"type":"string","description":"Target product for assets using this preference set. Specify either target product or business goal, but not both. \n Possible values:\n COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED\nCOMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY","description_kind":"plain","optional":true}},"block_types":{"compute_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"license_type":{"type":"string","description":"License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. \n Possible values:\n LICENSE_TYPE_UNSPECIFIED\nLICENSE_TYPE_DEFAULT\nLICENSE_TYPE_BRING_YOUR_OWN_LICENSE","description_kind":"plain","optional":true}},"block_types":{"machine_preferences":{"nesting_mode":"list","block":{"block_types":{"allowed_machine_series":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"string","description":"Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series.","description_kind":"plain","optional":true}},"description":"Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series.","description_kind":"plain"}}},"description":"The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions.","description_kind":"plain"},"max_items":1}},"description":"The user preferences relating to Compute Engine target platform.","description_kind":"plain"},"max_items":1},"region_preferences":{"nesting_mode":"list","block":{"attributes":{"preferred_regions":{"type":["list","string"],"description":"A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions.","description_kind":"plain","optional":true}},"description":"The user preferences relating to target regions.","description_kind":"plain"},"max_items":1},"sole_tenancy_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR\nCOMMITMENT_3_YEAR","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive.","description_kind":"plain","optional":true},"host_maintenance_policy":{"type":"string","description":"Sole Tenancy nodes maintenance policy. \n Possible values:\n HOST_MAINTENANCE_POLICY_UNSPECIFIED\nHOST_MAINTENANCE_POLICY_DEFAULT\nHOST_MAINTENANCE_POLICY_RESTART_IN_PLACE\nHOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP","description_kind":"plain","optional":true}},"block_types":{"node_types":{"nesting_mode":"list","block":{"attributes":{"node_name":{"type":"string","description":"Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes","description_kind":"plain","optional":true}},"description":"A list of sole tenant node types. An empty list means that all possible node types will be considered.","description_kind":"plain"}}},"description":"Preferences concerning Sole Tenancy nodes and VMs.","description_kind":"plain"},"max_items":1},"vmware_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_3_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_1_YEAR_UPFRONT_PAYMENT\nCOMMITMENT_3_YEAR_UPFRONT_PAYMENT","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment.","description_kind":"plain","optional":true},"memory_overcommit_ratio":{"type":"number","description":"Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0.","description_kind":"plain","optional":true},"storage_deduplication_compression_ratio":{"type":"number","description":"The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0.","description_kind":"plain","optional":true}},"description":"The user preferences relating to Google Cloud VMware Engine target platform.","description_kind":"plain"},"max_items":1}},"description":"VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_ml_engine_model":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The severity of an alert policy indicates how important incidents generated\nby that policy are. The severity level will be displayed on the Incident\ndetail page and in notifications. Possible values: [\"CRITICAL\", \"ERROR\", \"WARNING\"]","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future. This field is optional.","description_kind":"plain","optional":true}},"description":"A condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"The subject line of the notification. The subject line may not\nexceed 10,240 bytes. In notifications generated by this policy the contents\nof the subject line after variable expansion will be truncated to 255 bytes\nor shorter at the latest UTF-8 character boundary.","description_kind":"plain","optional":true}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is 'servicedirectory_service', 'checker_type' must be set to 'VPC_CHECKERS'. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is 'projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]'.","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). [See the accepted formats]( https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data to be used for organizing and identifying the 'UptimeCheckConfig' objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If 'content_type' is 'URL_ENCODED', the body passed in must be URL-encoded. Users can provide a 'Content-Length' header via the 'headers' field or the API will do so. If the 'request_method' is 'GET' and 'body' is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. 'foo=bar' in URL-encoded form is 'foo%3Dbar' and in base64 encoding is 'Zm9vJTI1M0RiYXI='.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\", \"USER_PROVIDED\"]","description_kind":"plain","optional":true},"custom_content_type":{"type":"string","description":"A user provided content type header to use for the check. The invalid configurations outlined in the 'content_type' field apply to custom_content_type', as well as the following 1. 'content_type' is 'URL_ENCODED' and 'custom_content_type' is set. 2. 'content_type' is 'USER_PROVIDED' and 'custom_content_type' is not set.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in [RFC 2616 (page 31)](https://www.w3.org/Protocols/rfc2616/rfc2616.txt). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if 'mask_headers' is set to 'true' then the headers will be obscured with '******'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with '/', a '/' will be prepended automatically. Optional (defaults to '/').","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with 'host' (specified within the ['monitored_resource'](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where 'monitored_resource' is set to 'uptime_url'. If 'use_ssl' is 'false', setting 'validate_ssl' to 'true' has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information. Optional when creating an HTTP check; defaults to empty.","description_kind":"plain"},"max_items":1},"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to an HTTP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels 'project_id', 'instance_id', and 'zone'.","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a ['MonitoredResourceDescriptor'](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is 'gce_instance'. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The [monitored resource]\n(https://cloud.google.com/monitoring/api/resources) associated with the\nconfiguration. The following monitored resource types are supported for\nuptime checks:\n* 'aws_ec2_instance'\n* 'aws_elb_load_balancer'\n* 'gae_app\n* 'gce_instance'\n* 'k8s_service'\n* 'servicedirectory_service'\n* 'uptime_url'","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"synthetic_monitor":{"nesting_mode":"list","block":{"block_types":{"cloud_function_v2":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The fully qualified name of the cloud function resource.","description_kind":"plain","required":true}},"description":"Target a Synthetic Monitor GCFv2 Instance","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A Synthetic Monitor deployed to a Cloud Functions V2 instance.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the 'monitored_resource') to construct the full URL.","description_kind":"plain","required":true}},"block_types":{"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to a TCP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_active_directory":{"version":0,"block":{"attributes":{"aes_encryption":{"type":"bool","description":"Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.","description_kind":"plain","optional":true},"backup_operators":{"type":["list","string"],"description":"Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"Comma separated list of DNS server IP addresses for the Active Directory domain.","description_kind":"plain","required":true},"domain":{"type":"string","description":"Fully qualified domain name for the Active Directory domain.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encrypt_dc_connections":{"type":"bool","description":"If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kdc_hostname":{"type":"string","description":"Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1","description_kind":"plain","optional":true},"kdc_ip":{"type":"string","description":"IP address of the Active Directory server used as Kerberos Key Distribution Center.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_signing":{"type":"bool","description":"Specifies whether or not the LDAP traffic needs to be signed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Active Directory pool. Needs to be unique per location.","description_kind":"plain","required":true},"net_bios_prefix":{"type":"string","description":"NetBIOS name prefix of the server to be created.\nA five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:\n'\\\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\\SHARE_NAME'","description_kind":"plain","required":true},"nfs_users_with_ldap":{"type":"bool","description":"Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.\nThis option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).","description_kind":"plain","optional":true},"organizational_unit":{"type":"string","description":"Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.\nDefaults to 'CN=Computers' if left empty.","description_kind":"plain","optional":true,"computed":true},"password":{"type":"string","description":"Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_operators":{"type":["list","string"],"description":"Domain accounts that require elevated privileges such as 'SeSecurityPrivilege' to manage security logs. Comma-separated list.","description_kind":"plain","optional":true},"site":{"type":"string","description":"Specifies an Active Directory site to manage domain controller selection.\nUse when Active Directory domain controllers in multiple regions are configured. Defaults to 'Default-First-Site-Name' if left empty.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Active Directory policy (not the Active Directory itself).","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"The state details of the Active Directory.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_policy":{"version":0,"block":{"attributes":{"assigned_volume_count":{"type":"number","description":"The total number of volumes assigned by this backup policy.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup policy. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"daily_backup_limit":{"type":"number","description":"Number of daily backups to keep. Note that the minimum daily backup limit is 2.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"If enabled, make backups automatically according to the schedules.\nThis will be applied to all volumes that have this policy attached and enforced on volume level.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"monthly_backup_limit":{"type":"number","description":"Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the backup policy. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the backup policy.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"weekly_backup_limit":{"type":"number","description":"Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_vault":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the backup vault. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location (region) of the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup vault. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Backup Vault.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_kmsconfig":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Resource name of the KMS key to use. Only regional keys are supported. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description for the CMEK policy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instructions":{"type":"string","description":"Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.\n\nTo make the policy work, a CMEK policy check is required, which verifies key access.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the policy location. CMEK policies apply to the whole region.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the CMEK policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Service account which needs to have access to the provided KMS key.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_storage_pool":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Specifies the Active Directory policy to be used. Format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"capacity_gib":{"type":"string","description":"Capacity of the storage pool (in GiB).","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_config":{"type":"string","description":"Specifies the CMEK policy to be used for volume encryption. Format: 'projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3,\nusing security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the storage pool. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the storage pool. Possible values: [\"PREMIUM\", \"EXTREME\", \"STANDARD\"]","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"volume_capacity_gib":{"type":"string","description":"Size allocated to volumes in the storage pool (in GiB).","description_kind":"plain","computed":true},"volume_count":{"type":"number","description":"Number of volume in the storage pool.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Reports the resource name of the Active Directory policy being used. Inherited from storage pool.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Capacity of the volume (in GiB).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Create time of the volume. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the volume should be deleted forcefully.\nVolumes may have nested snapshot resources. Deleting such a volume will fail.\nSetting this parameter to FORCE will delete volumes including nested snapshots.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports the data-at-rest encryption type of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"has_replication":{"type":"bool","description":"Indicates whether the volume is part of a volume replication relationship.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kerberos_enabled":{"type":"bool","description":"Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p).","description_kind":"plain","optional":true},"kms_config":{"type":"string","description":"Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"mount_options":{"type":["list",["object",{"export":"string","export_full":"string","instructions":"string","protocol":"string"}]],"description":"Reports mount instructions for this volume.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'. Inherited from storage pool.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocols":{"type":["list","string"],"description":"The protocol of the volume. Allowed combinations are '['NFSV3']', '['NFSV4']', '['SMB']', '['NFSV3', 'NFSV4']', '['SMB', 'NFSV3']' and '['SMB', 'NFSV4']'. Possible values: [\"NFSV3\", \"NFSV4\", \"SMB\"]","description_kind":"plain","required":true},"psa_range":{"type":"string","description":"Name of the Private Service Access allocated range. Inherited from storage pool.","description_kind":"plain","computed":true},"restricted_actions":{"type":["list","string"],"description":"List of actions that are restricted on this volume. Possible values: [\"DELETE\"]","description_kind":"plain","optional":true},"security_style":{"type":"string","description":"Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions.\nUse NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. Possible values: [\"NTFS\", \"UNIX\"]","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"share_name":{"type":"string","description":"Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"smb_settings":{"type":["list","string"],"description":"Settings for volumes with SMB access. Possible values: [\"ENCRYPT_DATA\", \"BROWSABLE\", \"CHANGE_NOTIFY\", \"NON_BROWSABLE\", \"OPLOCKS\", \"SHOW_SNAPSHOT\", \"SHOW_PREVIOUS_VERSIONS\", \"ACCESS_BASED_ENUMERATION\", \"CONTINUOUSLY_AVAILABLE\"]","description_kind":"plain","optional":true},"snapshot_directory":{"type":"bool","description":"If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable \"Previous Versions\" support for SMB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the volume.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the volume.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unix_permissions":{"type":"string","description":"Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only.","description_kind":"plain","optional":true,"computed":true},"used_gib":{"type":"string","description":"Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage.","description_kind":"plain","computed":true}},"block_types":{"export_policy":{"nesting_mode":"list","block":{"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"Defines the access type for clients matching the 'allowedClients' specification. Possible values: [\"READ_ONLY\", \"READ_WRITE\", \"READ_NONE\"]","description_kind":"plain","optional":true},"allowed_clients":{"type":"string","description":"Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses.","description_kind":"plain","optional":true},"has_root_access":{"type":"string","description":"If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash.","description_kind":"plain","optional":true},"kerberos5_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5i_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5i_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5p_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5p_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"nfsv3":{"type":"bool","description":"Enable to apply the export rule to NFSV3 clients.","description_kind":"plain","optional":true},"nfsv4":{"type":"bool","description":"Enable to apply the export rule to NFSV4.1 clients.","description_kind":"plain","optional":true}},"description":"Export rules (up to 5) control NFS volume access.","description_kind":"plain"},"min_items":1}},"description":"Export policy of the volume for NFSV3 and/or NFSV4.1 access.","description_kind":"plain"},"max_items":1},"restore_parameters":{"nesting_mode":"list","block":{"attributes":{"source_backup":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}'.","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}'.","description_kind":"plain","optional":true}},"description":"Used to create this volume from a snapshot (= cloning) or an backup.","description_kind":"plain"},"max_items":1},"snapshot_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables automated snapshot creation according to defined schedule. Default is false.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain","optional":true}},"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the daily schedule.","description_kind":"plain","required":true}},"description":"Daily schedule policy.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the hourly schedule.","description_kind":"plain","required":true}},"description":"Hourly schedule policy.","description_kind":"plain"},"max_items":1},"monthly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_month":{"type":"string","description":"Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the monthly schedule","description_kind":"plain","required":true}},"description":"Monthly schedule policy.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the weekly schedule.","description_kind":"plain","required":true}},"description":"Weekly schedule policy.","description_kind":"plain"},"max_items":1}},"description":"Snapshot policy defines the schedule for automatic snapshot creation.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_replication":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"delete_destination_volume":{"type":"bool","description":"A destination volume is created as part of replication creation. The destination volume will not became\nunder Terraform management unless you import it manually. If you delete the replication, this volume\nwill remain.\nSetting this parameter to true will delete the *current* destination volume when destroying the\nreplication. If you reversed the replication direction, this will be your former source volume!\nFor production use, it is recommended to keep this parameter false to avoid accidental volume\ndeletion. Handle with care. Default is false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An description of this resource.","description_kind":"plain","optional":true},"destination_volume":{"type":"string","description":"Full resource name of destination volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_stopping":{"type":"bool","description":"Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING\ncurrently receives an update and stopping the update might be undesirable. Set this parameter to true\nto stop anyway. All data transferred to the destination will be discarded and content of destination\nvolume will remain at the state of the last successful update. Default is false.","description_kind":"plain","optional":true},"healthy":{"type":"bool","description":"Condition of the relationship. Can be one of the following:\n - true: The replication relationship is healthy. It has not missed the most recent scheduled transfer.\n - false: The replication relationship is not healthy. It has missed the most recent scheduled transfer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of region for this resource. The resource needs to be created in the region of the destination volume.","description_kind":"plain","required":true},"mirror_state":{"type":"string","description":"Indicates the state of the mirror between source and destination volumes. Depending on the amount of data\nin your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline\ntransfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume\ncurrently receives an update. Updated every 5 minutes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the replication. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_enabled":{"type":"bool","description":"Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write\nand act independently from the source volume.\nSet to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes\ndone to the destination volume with the content of the source volume.","description_kind":"plain","optional":true},"replication_schedule":{"type":"string","description":"Specifies the replication interval. Possible values: [\"EVERY_10_MINUTES\", \"HOURLY\", \"DAILY\"]","description_kind":"plain","required":true},"role":{"type":"string","description":"Reverting a replication can swap source and destination volume roles. This field indicates if the 'location' hosts\nthe source or destination volume. For resume and revert and resume operations it is critical to understand\nwhich volume is the source volume, since it will overwrite changes done to the destination volume.","description_kind":"plain","computed":true},"source_volume":{"type":"string","description":"Full resource name of source volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the replication resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_stats":{"type":["list",["object",{"lag_duration":"string","last_transfer_bytes":"string","last_transfer_duration":"string","last_transfer_end_time":"string","last_transfer_error":"string","total_transfer_duration":"string","transfer_bytes":"string","update_time":"string"}]],"description":"Replication transfer statistics. All statistics are updated every 5 minutes.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the existing source volume.","description_kind":"plain","required":true},"wait_for_mirror":{"type":"bool","description":"Replication resource state is independent of mirror_state. With enough data, it can take many hours\nfor mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on\ncreate/stop/resume operations, set this parameter to true. Default is false.","description_kind":"plain","optional":true}},"block_types":{"destination_volume_parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description for the destination volume.","description_kind":"plain","optional":true},"share_name":{"type":"string","description":"Share name for destination volume. If not specified, name of source volume's share name will be used.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"Name of an existing storage pool for the destination volume with format: 'projects/{{project}}/locations/{{location}}/storagePools/{{poolId}}'","description_kind":"plain","required":true},"volume_id":{"type":"string","description":"Name for the destination volume to be created. If not specified, the name of the source volume will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"Destination volume parameters.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_snapshot":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description for the snapshot.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the snapshot location. Snapshots are child resources of volumes and live in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the snapshot.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"used_bytes":{"type":"number","description":"Storage used to store blocks unique to this snapshot.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the volume to create the snapshot in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: `projects/{project_number}/locations/global/hubs/{hub_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_policy_based_route":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of this resource.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"next_hop_ilb_ip":{"type":"string","description":"The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.","description_kind":"plain","optional":true},"next_hop_other_routes":{"type":"string","description":"Other routes that will be referenced to determine the next hop of the packet. Possible values: [\"DEFAULT_ROUTING\"]","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"warnings":{"type":["list",["object",{"code":"string","data":["map","string"],"warning_message":"string"}]],"description":"If potential misconfigurations are detected for this route, this field will be populated with warning messages.","description_kind":"plain","computed":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"dest_range":{"type":"string","description":"The destination IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true},"ip_protocol":{"type":"string","description":"The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.","description_kind":"plain","optional":true},"protocol_version":{"type":"string","description":"Internet protocol versions this policy-based route applies to. Possible values: [\"IPV4\"]","description_kind":"plain","required":true},"src_range":{"type":"string","description":"The source IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true}},"description":"The filter to match L4 traffic.","description_kind":"plain"},"min_items":1,"max_items":1},"interconnect_attachment":{"nesting_mode":"list","block":{"attributes":{"region":{"type":"string","description":"Cloud region to install this policy-based route on for Interconnect attachments. Use 'all' to install it on all Interconnect attachments.","description_kind":"plain","required":true}},"description":"The interconnect attachments that this policy-based route applies to.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.","description_kind":"plain","required":true}},"description":"VM instances to which this policy-based route applies to.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_connectivity_service_connection_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"infrastructure":{"type":"string","description":"The type of underlying resources used to create the connection.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the ServiceConnectionPolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names","description_kind":"plain","required":true},"network":{"type":"string","description":"The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"consumer_address":"string","consumer_forwarding_rule":"string","consumer_target_project":"string","error":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"error_info":["list",["object",{"domain":"string","metadata":["map","string"],"reason":"string"}]],"error_type":"string","gce_operation":"string","psc_connection_id":"string","state":"string"}]],"description":"Information about each Private Service Connect connection.","description_kind":"plain","computed":true},"service_class":{"type":"string","description":"The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.\nIt is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"psc_config":{"nesting_mode":"list","block":{"attributes":{"limit":{"type":"string","description":"Max number of PSC connections for this policy.","description_kind":"plain","optional":true},"subnetworks":{"type":["list","string"],"description":"IDs of the subnetworks or fully qualified identifiers for the subnetworks","description_kind":"plain","required":true}},"description":"Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","optional":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","optional":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the VPC network resource.","description_kind":"plain","required":true}},"description":"VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":10},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":10}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true,"computed":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":1,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Notebook Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain","deprecated":true}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_org_policy_custom_constraint":{"version":0,"block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The timestamp representing when the constraint was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"dry_run_spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the policy is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the `Policy` is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"day_offset":{"type":"number","description":"Represents the number of days before or after the given week day of month that the patch deployment is scheduled for.","description_kind":"plain","optional":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project id.","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type. Changes\nto the definition commit new [schema revisions](https://cloud.google.com/pubsub/docs/commit-schema-revision).\nA schema can only have up to 20 revisions, so updates that fail with an\nerror indicating that the limit has been reached require manually\n[deleting old revisions](https://cloud.google.com/pubsub/docs/delete-schema-revision).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that\nare not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync\nand any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId}","description_kind":"plain","required":true},"use_table_schema":{"type":"bool","description":"When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages\nmust be published in JSON format. Only one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.\nOnly one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"cloud_storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".","description_kind":"plain","required":true},"filename_prefix":{"type":"string","description":"User-provided prefix for Cloud Storage filename.","description_kind":"plain","optional":true},"filename_suffix":{"type":"string","description":"User-provided suffix for Cloud Storage filename. Must not end in \"/\".","description_kind":"plain","optional":true},"max_bytes":{"type":"number","description":"The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.","description_kind":"plain","optional":true},"max_duration":{"type":"string","description":"The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"An output-only field that indicates whether or not the subscription can receive messages.","description_kind":"plain","computed":true}},"block_types":{"avro_config":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.","description_kind":"plain","optional":true}},"description":"If set, message data will be written to Cloud Storage in Avro format.","description_kind":"plain"},"max_items":1}},"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id for the Key, which is the same as the Site Key itself.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"waf_settings":{"nesting_mode":"list","block":{"attributes":{"waf_feature":{"type":"string","description":"Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS","description_kind":"plain","required":true},"waf_service":{"type":"string","description":"The WAF service that uses this key. Possible values: CA, FASTLY","description_kind":"plain","required":true}},"description":"Settings specific to keys that can be used for WAF (Web Application Firewall).","description_kind":"plain"},"max_items":1},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_cluster":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value: \"AUTH_MODE_DISABLED\" Possible values: [\"AUTH_MODE_UNSPECIFIED\", \"AUTH_MODE_IAM_AUTH\", \"AUTH_MODE_DISABLED\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp associated with the cluster creation request. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","port":"number","psc_config":["list",["object",{"network":"string"}]]}]],"description":"Output only. Endpoints created on each given network,\nfor Redis clients to connect to the cluster.\nCurrently only one endpoint is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the resource in this scope including project and location using the form:\nprojects/{projectId}/locations/{locationId}/clusters/{clusterId}","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"address":"string","forwarding_rule":"string","network":"string","project_id":"string","psc_connection_id":"string"}]],"description":"Output only. PSC connections for discovery of the cluster topology and accessing the cluster.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the region of the Redis cluster.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes per shard.","description_kind":"plain","optional":true},"shard_count":{"type":"number","description":"Required. Number of shards for the Redis cluster.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Output only. Redis memory size in GB for the entire cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Output only. Additional information about the current state of the cluster.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. The in-transit encryption for the Redis cluster.\nIf not provided, encryption is disabled for the cluster. Default value: \"TRANSIT_ENCRYPTION_MODE_DISABLED\" Possible values: [\"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED\", \"TRANSIT_ENCRYPTION_MODE_DISABLED\", \"TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System assigned, unique identifier for the cluster.","description_kind":"plain","computed":true}},"block_types":{"psc_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the network address of\nthe discovery endpoint will be reserved, in the form of\nprojects/{network_project_id_or_number}/global/networks/{network_id}.","description_kind":"plain","required":true}},"description":"Required. Each PscConfig configures the consumer network where two\nnetwork addresses will be designated to the cluster for client access.\nCurrently, only one PscConfig is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/eventThreatDetectionSettings/customModules/{module}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"block_types":{"auto":{"nesting_mode":"list","block":{"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.","description_kind":"plain"},"max_items":1}},"description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain"},"max_items":1},"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_config":{"type":["list",["object",{"api":"string","git_http":"string","git_ssh":"string","html":"string"}]],"description":"A list of hostnames for this instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The name for the Instance.","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the Instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the Instance.","description_kind":"plain","computed":true},"state_note":{"type":"string","description":"Provides information about the current instance state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"private_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.","description_kind":"plain","required":true},"http_service_attachment":{"type":"string","description":"Service Attachment for HTTP, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true},"is_private":{"type":"bool","description":"'Indicate if it's private instance.'","description_kind":"plain","required":true},"ssh_service_attachment":{"type":"string","description":"Service Attachment for SSH, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true}},"description":"Private settings for private instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_securityposture_posture":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Posture was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the resource, eg: global.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Id of the posture. It is an immutable field.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Revision_id of the posture.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture. Update to state field should not be triggered along with\nwith other field updates. Possible values: [\"DEPRECATED\", \"DRAFT\", \"ACTIVE\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the Posture was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"policy_sets":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy set.","description_kind":"plain","optional":true},"policy_set_id":{"type":"string","description":"ID of the policy set.","description_kind":"plain","required":true}},"block_types":{"policies":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy.","description_kind":"plain","optional":true},"policy_id":{"type":"string","description":"ID of the policy.","description_kind":"plain","required":true}},"block_types":{"compliance_standards":{"nesting_mode":"list","block":{"attributes":{"control":{"type":"string","description":"Mapping of security controls for the policy.","description_kind":"plain","optional":true},"standard":{"type":"string","description":"Mapping of compliance standards for the policy.","description_kind":"plain","optional":true}},"description":"Mapping for policy to security standards and controls.","description_kind":"plain"}},"constraint":{"nesting_mode":"list","block":{"block_types":{"org_policy_constraint":{"nesting_mode":"list","block":{"attributes":{"canned_constraint_id":{"type":"string","description":"Organization policy canned constraint Id","description_kind":"plain","required":true}},"block_types":{"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy canned constraint definition.","description_kind":"plain"},"max_items":1},"org_policy_constraint_custom":{"nesting_mode":"list","block":{"block_types":{"custom_constraint":{"nesting_mode":"list","block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true}},"description":"Organization policy custom constraint definition.","description_kind":"plain"},"max_items":1},"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy custom constraint policy definition.","description_kind":"plain"},"max_items":1},"security_health_analytics_custom_module":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A server generated id of custom module.","description_kind":"plain","computed":true},"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to\nresolve the detected issue","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"SEVERITY_UNSPECIFIED\", \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","required":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be\nspecified to return the value of the property or a text string enclosed\nin quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties. A set of optional name-value pairs that define custom source properties to\nreturn with each finding that is generated by the custom module. The custom\nsource properties that are defined here are included in the finding JSON\nunder 'sourceProperties'.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings.When the expression\nevaluates to true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom module details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Definition of Security Health Analytics Custom Module.","description_kind":"plain"},"max_items":1},"security_health_analytics_module":{"nesting_mode":"list","block":{"attributes":{"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"module_name":{"type":"string","description":"The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.","description_kind":"plain","required":true}},"description":"Security Health Analytics built-in detector definition.","description_kind":"plain"},"max_items":1}},"description":"Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of security policy","description_kind":"plain"},"min_items":1}},"description":"List of policy sets for the posture.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_securityposture_posture_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the posture deployment was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture deployment.","description_kind":"plain","optional":true},"desired_posture_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture to be deployed.","description_kind":"plain","computed":true},"desired_posture_revision_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture revision_id to be deployed.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"failure_message":{"type":"string","description":"This is a output only optional field which will be filled in case where\nPostureDeployment enters a failure state like UPDATE_FAILED or\nCREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's\nCREATE/UPDATE/DELETE methods.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource, eg. global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture deployment instance.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_deployment_id":{"type":"string","description":"ID of the posture deployment.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Relative name of the posture which needs to be deployed. It should be in the format:\n organizations/{organization_id}/locations/{location}/postures/{posture_id}","description_kind":"plain","required":true},"posture_revision_id":{"type":"string","description":"Revision_id the posture which needs to be deployed.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture deployment.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture deployment. A posture deployment can be in the following terminal states:\nACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.","description_kind":"plain","computed":true},"target_resource":{"type":"string","description":"The resource on which the posture should be deployed. This can be in one of the following formats:\nprojects/{project_number},\nfolders/{folder_number},\norganizations/{organization_id}","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the posture deployment was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip service account creation if a service account with the same email already exists.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"When set to ABANDON, terraform will abandon management of the resource instead of deleting it. Prevents terraform apply failures with CloudSQL. Note: The resource will still exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the database. Defaults to true. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the database will fail.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after\nthe instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","required":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"block_types":{"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Specifies maximum number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to min_nodes.","description_kind":"plain","optional":true},"max_processing_units":{"type":"number","description":"Specifies maximum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000 and be greater than or equal to\nmin_processing_units.","description_kind":"plain","optional":true},"min_nodes":{"type":"number","description":"Specifies number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to 1.","description_kind":"plain","optional":true},"min_processing_units":{"type":"number","description":"Specifies minimum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000.","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events. Users can define the minimum and\nmaximum compute capacity allocated to the instance, and the autoscaler will\nonly scale within that range. Users can either use nodes or processing\nunits to specify the limits, but should use the same unit to set both the\nmin_limit and max_limit.","description_kind":"plain"},"max_items":1},"autoscaling_targets":{"nesting_mode":"list","block":{"attributes":{"high_priority_cpu_utilization_percent":{"type":"number","description":"Specifies the target high priority cpu utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization)..","description_kind":"plain","optional":true},"storage_utilization_percent":{"type":"number","description":"Specifies the target storage utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization).","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1}},"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true,"sensitive":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"preferred_zone":{"type":"string","description":"(Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Specifies if connections must use Cloud SQL connectors.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.","description_kind":"plain","optional":true},"ssl_mode":{"type":"string","description":"Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"psc_config":{"nesting_mode":"set","block":{"attributes":{"allowed_consumer_projects":{"type":["set","string"],"description":"List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).","description_kind":"plain","optional":true},"psc_enabled":{"type":"bool","description":"Whether PSC connectivity is enabled for this instance.","description_kind":"plain","optional":true}},"description":"PSC settings for a Cloud SQL instance.","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates earlier (canary) or later (stable)","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true,"sensitive":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true,"sensitive":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n The default is the database's built-in user type. Flags include \"BUILT_IN\", \"CLOUD_IAM_USER\", \"CLOUD_IAM_GROUP\" or \"CLOUD_IAM_SERVICE_ACCOUNT\".","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true},"terminal_storage_class":{"type":"string","description":"The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"no_age":{"type":"bool","description":"While set true, age value will be omitted.Required to set true when age is unset in the config file.","description_kind":"plain","optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"retention":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The object retention mode. Supported values include: \"Unlocked\", \"Locked\".","description_kind":"plain","required":true},"retain_until_time":{"type":"string","description":"Time in RFC 3339 (e.g. 2030-01-01T02:03:04Z) until which object retention protects this object.","description_kind":"plain","required":true}},"description":"Object level retention configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_insights_report_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the ReportConfig. The source and destination buckets specified in the ReportConfig\nmust be in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The UUID of the inventory report configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter used to separate the fields in the inventory report CSV file.","description_kind":"plain","optional":true},"header_required":{"type":"bool","description":"The boolean that indicates whether or not headers are included in the inventory report CSV file.","description_kind":"plain","optional":true},"record_separator":{"type":"string","description":"The character used to separate the records in the inventory report CSV file.","description_kind":"plain","optional":true}},"description":"Options for configuring the format of the inventory report CSV file.","description_kind":"plain"},"min_items":1,"max_items":1},"frequency_options":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. Possible values: [\"DAILY\", \"WEEKLY\"]","description_kind":"plain","required":true}},"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to stop generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to stop generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to stop generating inventory reports","description_kind":"plain","required":true}},"description":"The date to stop generating inventory reports. For example, {\"day\": 15, \"month\": 9, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to start generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to start generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to start generating inventory reports","description_kind":"plain","required":true}},"description":"The date to start generating inventory reports. For example, {\"day\": 15, \"month\": 8, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options for configuring how inventory reports are generated.","description_kind":"plain"},"max_items":1},"object_metadata_report_options":{"nesting_mode":"list","block":{"attributes":{"metadata_fields":{"type":["list","string"],"description":"The metadata fields included in an inventory report.","description_kind":"plain","required":true}},"block_types":{"storage_destination_options":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The destination bucket that stores the generated inventory reports.","description_kind":"plain","required":true},"destination_path":{"type":"string","description":"The path within the destination bucket to store generated inventory reports.","description_kind":"plain","optional":true}},"description":"Options for where the inventory reports are stored.","description_kind":"plain"},"min_items":1,"max_items":1},"storage_filters":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The filter to use when specifying which bucket to generate inventory reports for.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Options for including metadata in an inventory report.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"event_stream":{"nesting_mode":"list","block":{"attributes":{"event_stream_expiration_time":{"type":"string","description":"Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated","description_kind":"plain","optional":true},"event_stream_start_time":{"type":"string","description":"Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately","description_kind":"plain","optional":true},"name":{"type":"string","description":"Specifies a unique name of the resource such as AWS SQS ARN in the form 'arn:aws:sqs:region:account_id:queue_name', or Pub/Sub subscription resource name in the form 'projects/{project}/subscriptions/{sub}'","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature group. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Currently only supports 1 entity_id_column. If not provided defaults to entityId.","description_kind":"plain","optional":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"input_uri":{"type":"string","description":"BigQuery URI to a table, up to 2000 characters long. For example: 'bq://projectId.bqDatasetId.bqTableId.'","description_kind":"plain","required":true}},"description":"The BigQuery source URI that points to either a BigQuery Table or View.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_group":{"type":"string","description":"The name of the Feature Group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group Feature.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the feature group's region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"version_column_name":{"type":"string","description":"The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the feature online store was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your feature online stores.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature online store. eg us-central1","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Feature Online Store. See the possible states in [this link](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores#state).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the feature online store was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"bigtable":{"nesting_mode":"list","block":{"block_types":{"auto_scaling":{"nesting_mode":"list","block":{"attributes":{"cpu_utilization_target":{"type":"number","description":"A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Autoscaling config applied to Bigtable Instance.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store_featureview":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_online_store":{"type":"string","description":"The name of the FeatureOnlineStore to use for the featureview.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this FeatureView.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the featureonlinestore region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Start by supporting 1 only.","description_kind":"plain","required":true},"uri":{"type":"string","description":"The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig.","description_kind":"plain","required":true}},"description":"Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"feature_registry_source":{"nesting_mode":"list","block":{"block_types":{"feature_groups":{"nesting_mode":"list","block":{"attributes":{"feature_group_id":{"type":"string","description":"Identifier of the feature group.","description_kind":"plain","required":true},"feature_ids":{"type":["list","string"],"description":"Identifiers of features under the feature group.","description_kind":"plain","required":true}},"description":"List of features that need to be synced to Online Store.","description_kind":"plain"},"min_items":1}},"description":"Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"sync_config":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs.\nTo explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or \"TZ=${IANA_TIME_ZONE}\".","description_kind":"plain","optional":true,"computed":true}},"description":"Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","required":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_endpoint_domain_name":{"type":"string","description":"If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint.","description_kind":"plain","computed":true},"public_endpoint_enabled":{"type":"bool","description":"If true, the deployed index will be accessible through public endpoint.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, the IndexEndpoint is created without private service access.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nOnce the customer is created then corecount cannot be changed.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","optional":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","required":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"destination_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"external_address":{"type":"string","description":"The name of an 'ExternalAddress' resource.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain"},"min_items":1},"source_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"A single IP address.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","optional":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","optional":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","optional":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","required":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","optional":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"external_ip":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain"},"max_items":1},"internet_access":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","optional":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"block_types":{"management_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The user-provided identifier of the new Cluster. The identifier must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with RFC 1034 (https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)","description_kind":"plain","required":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nThis cannot be changed once the PrivateCloud is created.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}}},"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"dns_server_ip":{"type":"string","description":"DNS Server IP of the Private Cloud.","description_kind":"plain","computed":true},"management_cidr":{"type":"string","description":"Management CIDR used by VMware management appliances.","description_kind":"plain","required":true},"management_ip_address_layout_version":{"type":"number","description":"The IP address layout version of the management IP address range.\nPossible versions include:\n* managementIpAddressLayoutVersion=1: Indicates the legacy IP address layout used by some existing private clouds. This is no longer supported for new private clouds\nas it does not support all features.\n* managementIpAddressLayoutVersion=2: Indicates the latest IP address layout\nused by all newly created private clouds. This version supports all current features.","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network attached to the private cloud.\nSpecify the name in the following form: projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}\nwhere {project} can either be a project number or a project ID.","description_kind":"plain","optional":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in\nthe form: projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Output only. Email address of entity that sent original CreateInstance request.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the Workbench Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disable_proxy_access":{"type":"bool","description":"Optional. If true, the workbench instance will not register with the proxy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_info":{"type":["list",["object",{}]],"description":"'Output only. Additional information about instance health. Example:\nhealthInfo\": { \"docker_proxy_agent_status\": \"1\", \"docker_status\": \"1\", \"jupyterlab_api_status\":\n\"-1\", \"jupyterlab_status\": \"-1\", \"updated\": \"2020-10-18 09:40:03.573409\" }'","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"Output only. Instance health_state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. User-defined unique ID of this instance.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"'Optional. Input only. The owner of this instance after creation. Format:\n'alias@example.com' Currently supports one owner only. If not specified, all of\nthe service account users of your VM instance''s service account can use the instance.'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Labels to apply to this instance. These can be later modified\nby the UpdateInstance method.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this workbench instance. Format: 'projects/{project_id}/locations/{location}/instances/{instance_id}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"Output only. The proxy endpoint that is used to access the Jupyter notebook.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of this instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"upgrade_history":{"type":["list",["object",{"action":"string","container_image":"string","create_time":"string","framework":"string","snapshot":"string","state":"string","target_version":"string","version":"string","vm_image":"string"}]],"description":"Output only. The upgrade history of this instance.","description_kind":"plain","computed":true}},"block_types":{"gce_setup":{"nesting_mode":"list","block":{"attributes":{"disable_public_ip":{"type":"bool","description":"Optional. If true, no external IP will be assigned to this VM instance.","description_kind":"plain","optional":true,"computed":true},"enable_ip_forwarding":{"type":"bool","description":"Optional. Flag to enable ip forwarding or not, default false/off.\nhttps://cloud.google.com/vpc/docs/using-routes#canipforward","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Optional. Custom metadata to apply to this instance.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Optional. The Compute Engine tags to add to instance (see [Tagging\ninstances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_configs":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"string","description":"Optional. Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Optional. Type of this accelerator. Possible values: [\"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_A100\", \"NVIDIA_A100_80GB\", \"NVIDIA_L4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\"]","description_kind":"plain","optional":true}},"description":"The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has\n[enough vCPUs and memory to support the 'machine_type' you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).\nCurrently supports only one accelerator configuration.","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot and\ndata disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to the\nrecommended value of 150GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks, only\napplicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"The definition of a boot disk.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the workbench instance.","description_kind":"plain"},"max_items":1},"data_disks":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot\nand data disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the disk in GB attached to this VM instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to\n100.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Input only. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks,\nonly applicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"Data disks attached to the VM instance. Currently supports only one data disk.","description_kind":"plain"},"max_items":1},"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Optional. The name of the VPC that this VM instance is in.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"Optional. The type of vNIC to be used on this interface. This\nmay be gVNIC or VirtioNet. Possible values: [\"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"Optional. The name of the subnet that this VM instance is in.","description_kind":"plain","optional":true,"computed":true}},"description":"The network interfaces for the VM. Supports only one interface.","description_kind":"plain"}},"service_accounts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Optional. Email address of the service account.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["list","string"],"description":"Output only. The list of scopes to be made available for this\nservice account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform","description_kind":"plain","computed":true}},"description":"The service account that serves as an identity for the VM instance. Currently supports only one service account.","description_kind":"plain"}},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether the VM instance has integrity monitoring\nenabled. Enables monitoring and attestation of the boot integrity of the VM\ninstance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image\nwhen the VM instance is created. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the VM instance has Secure Boot enabled.\nSecure Boot helps ensure that the system only runs authentic software by verifying\nthe digital signature of all boot components, and halting the boot process\nif signature verification fails. Disabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the VM instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. See [Images using supported Shielded\nVM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).\nNot all combinations are valid.","description_kind":"plain"},"max_items":1},"vm_image":{"nesting_mode":"list","block":{"attributes":{"family":{"type":"string","description":"Optional. Use this VM image family to find the image; the newest\nimage in this family will be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Optional. Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: {project_id}","description_kind":"plain","optional":true}},"description":"Definition of a custom Compute Engine virtual machine image for starting\na workbench instance with the environment installed directly on the VM.","description_kind":"plain"},"max_items":1}},"description":"The definition of how to configure a VM instance outside of Resources and Identity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"call_log_level":{"type":"string","description":"Describes the level of platform logging to apply to calls and call responses during\nexecutions of this workflow. If both the workflow and the execution specify a logging level,\nthe execution level takes precedence. Possible values: [\"CALL_LOG_LEVEL_UNSPECIFIED\", \"LOG_ALL_CALLS\", \"LOG_ERRORS_ONLY\", \"LOG_NONE\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 128KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"user_env_vars":{"type":["map","string"],"description":"User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS\".","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policies":{"type":["set",["object",{"action":"string","condition":["list",["object",{"newer_than":"string","older_than":"string","package_name_prefixes":["list","string"],"tag_prefixes":["list","string"],"tag_state":"string","version_name_prefixes":["list","string"]}]],"id":"string","most_recent_versions":["list",["object",{"keep_count":"number","package_name_prefixes":["list","string"]}]]}]],"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain","computed":true},"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"apt_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]],"description":"string","docker_repository":["list",["object",{"public_repository":"string"}]],"maven_repository":["list",["object",{"public_repository":"string"}]],"npm_repository":["list",["object",{"public_repository":"string"}]],"python_repository":["list",["object",{"public_repository":"string"}]],"upstream_credentials":["list",["object",{"username_password_credentials":["list",["object",{"password_secret_version":"string","username":"string"}]]}]],"yum_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"access":{"type":["set",["object",{"dataset":["list",["object",{"dataset":["list",["object",{"dataset_id":"string","project_id":"string"}]],"target_types":["list","string"]}]],"domain":"string","group_by_email":"string","iam_member":"string","role":"string","routine":["list",["object",{"dataset_id":"string","project_id":"string","routine_id":"string"}]],"special_group":"string","user_by_email":"string","view":["list",["object",{"dataset_id":"string","project_id":"string","table_id":"string"}]]}]],"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain","computed":true},"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","computed":true},"default_encryption_configuration":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain","computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","computed":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","computed":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","computed":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_identity_group_lookup":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up Group.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity. For Google-managed entities, the id should be the email address of an existing group or user.\nFor external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.\nIf specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source}.","description_kind":"plain","optional":true}},"description":"The EntityKey of the Group to lookup. A unique identifier for an entity in the Cloud Identity Groups API.\nAn entity can represent either a group with an optional namespace or a user without a namespace.\nThe combination of id and namespace must be unique; however, the same id can be used with different namespaces.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"expiry_detail":["list",["object",{"expire_time":"string"}]],"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"additional_group_keys":["list",["object",{"id":"string","namespace":"string"}]],"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"effective_annotations":["map","string"],"effective_labels":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","terraform_labels":["map","string"],"uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"labels":["map","string"],"parallelism":"number","task_count":"number","template":["list",["object",{"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"limits":["map","string"]}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","max_retries":"number","service_account":"string","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["list","string"]}]],"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]]}]],"description":"The template used to create executions for this Job.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"depends_on":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"cpu_idle":"bool","limits":["map","string"],"startup_cpu_boost":"bool"}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","labels":["map","string"],"max_instance_request_concurrency":"number","revision":"string","scaling":["list",["object",{"max_instance_count":"number","min_instance_count":"number"}]],"service_account":"string","session_affinity":"bool","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["set","string"]}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]],"description":"The template used to create revisions for this Service.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string"}]],"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"maven_artifacts":["list",["object",{"artifact_id":"string","group_id":"string","path":"string","repository":"string","version":"string"}]],"npm_packages":["list",["object",{"package_path":"string","repository":"string"}]],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]],"python_packages":["list",["object",{"paths":["list","string"],"repository":"string"}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"runtime":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","data_retention_config":["list",["object",{"task_logs_retention_config":["list",["object",{"storage_mode":"string"}]]}]],"database_config":["list",["object",{"machine_type":"string","zone":"string"}]],"encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","connection_type":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"triggerer":["list",["object",{"count":"number","cpu":"number","memory_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true},"storage_config":{"type":["list",["object",{"bucket":"string"}]],"description":"Configuration options for storage used by Composer environment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"rules":{"type":["list",["object",{"all_ports":"bool","allow_global_access":"bool","allow_psc_global_access":"bool","backend_service":"string","base_forwarding_rule":"string","creation_timestamp":"string","description":"string","effective_labels":["map","string"],"ip_address":"string","ip_protocol":"string","ip_version":"string","is_mirroring_collector":"bool","label_fingerprint":"string","labels":["map","string"],"load_balancing_scheme":"string","name":"string","network":"string","network_tier":"string","no_automate_dns_zone":"bool","port_range":"string","ports":["set","string"],"project":"string","psc_connection_id":"string","psc_connection_status":"string","recreate_closed_psc":"bool","region":"string","self_link":"string","service_directory_registrations":["list",["object",{"namespace":"string","service":"string"}]],"service_label":"string","service_name":"string","source_ip_ranges":["list","string"],"subnetwork":"string","target":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service_directory_region":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"enable_confidential_compute":"bool","image":"string","labels":["map","string"],"provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"size":"number","type":"string"}]],"kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_machine_types":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"machine_types":{"type":["list",["object",{"accelerators":["list",["object",{"guest_accelerator_count":"number","guest_accelerator_type":"string"}]],"deprecated":["set",["object",{"replacement":"string","state":"string"}]],"description":"string","guest_cpus":"number","is_shared_cpus":"bool","maximum_persistent_disks":"number","maximum_persistent_disks_size_gb":"number","memory_mb":"number","name":"string","self_link":"string"}]],"description":"The list of machine types","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID for this request.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the zone for this request.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_networks":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"networks":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_name":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"share_settings":{"type":["list",["object",{"project_map":["set",["object",{"id":"string","project_id":"string"}]],"share_type":"string"}]],"description":"The share setting for reservations.","description_kind":"plain","computed":true},"specific_reservation":{"type":["list",["object",{"count":"number","in_use_count":"number","instance_properties":["list",["object",{"guest_accelerators":["list",["object",{"accelerator_count":"number","accelerator_type":"string"}]],"local_ssds":["list",["object",{"disk_size_gb":"number","interface":"string"}]],"machine_type":"string","min_cpu_platform":"string"}]]}]],"description":"Reservation for instances with specific machine shapes.","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"autoscaling_profile":"string","enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string","membership_id":"string","membership_location":"string","pre_registered":"bool","project":"string"}]],"description":"Fleet configuration of the cluster.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_service_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain","computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"additional_pod_ranges_config":["list",["object",{"pod_range_names":["set","string"]}]],"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"advanced_datapath_observability_config":["list",["object",{"enable_metrics":"bool","enable_relay":"bool","relay_mode":"string"}]],"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"create_pod_range":"bool","enable_private_nodes":"bool","network_performance_config":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","tpu_topology":"string","type":"string"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_auto_config":{"type":["list",["object",{"network_tags":["list",["object",{"tags":["list","string"]}]]}]],"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"auxiliary_versions":["set",["object",{"config_overrides":["map","string"],"key":"string","version":"string"}]],"config_overrides":["map","string"],"endpoint_protocol":"string","kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"metadata_integration":{"type":["list",["object",{"data_catalog_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"scaling_config":{"type":["list",["object",{"instance_size":"string","scaling_factor":"number"}]],"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS keys identifier","description_kind":"markdown","computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Key-signing key (KSK) records.","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description":"A list of Zone-signing key (ZSK) records.","description_kind":"markdown","computed":true}},"description":"Get the DNSKEY and DS records of DNSSEC-signed managed zones","description_kind":"markdown"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field.","description_kind":"markdown","computed":true},"dns_name":{"type":"string","description":"The fully qualified DNS name of this zone.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"DNS managed zone identifier","description_kind":"markdown","computed":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"markdown","computed":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"markdown","required":true},"name_servers":{"type":["list","string"],"description":"The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.","description_kind":"markdown","computed":true}},"description":"Provides access to a zone's attributes within Google Cloud DNS","description_kind":"markdown"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_managed_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"foobar","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true}},"block_types":{"managed_zones":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A textual description field.","description_kind":"markdown","computed":true},"dns_name":{"type":"string","description":"The fully qualified DNS name of this zone.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"DNS managed zone identifier","description_kind":"markdown","computed":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"markdown","computed":true},"name":{"type":"string","description":"A unique name for the resource.","description_kind":"markdown","computed":true},"name_servers":{"type":["list","string"],"description":"The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.","description_kind":"markdown","computed":true}},"description":"The list of managed zones in the given project.","description_kind":"markdown"}}},"description":"Provides access to all zones for a given project within Google Cloud DNS","description_kind":"markdown"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description":"DNS record set identifier","description_kind":"markdown","computed":true},"managed_zone":{"type":"string","description":"The Name of the zone.","description_kind":"markdown","required":true},"name":{"type":"string","description":"The DNS name for the resource.","description_kind":"markdown","required":true},"project":{"type":"string","description":"The ID of the project for the Google Cloud.","description_kind":"markdown","optional":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set.","description_kind":"markdown","computed":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"markdown","computed":true},"type":{"type":"string","description":"The identifier of a supported record type. See the list of Supported DNS record types.","description_kind":"markdown","required":true}},"description":"A DNS record set within Google Cloud DNS","description_kind":"markdown"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"file_shares":{"type":["list",["object",{"capacity_gb":"number","name":"string","nfs_export_options":["list",["object",{"access_mode":"string","anon_gid":"number","anon_uid":"number","ip_ranges":["list","string"],"squash_mode":"string"}]],"source_backup":"string"}]],"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"networks":{"type":["list",["object",{"connect_mode":"string","ip_addresses":["list","string"],"modes":["list","string"],"network":"string","reserved_ip_range":"string"}]],"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","table":"string","use_table_schema":"bool","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"cloud_storage_config":{"type":["list",["object",{"avro_config":["list",["object",{"write_metadata":"bool"}]],"bucket":"string","filename_prefix":"string","filename_suffix":"string","max_bytes":"number","max_duration":"string","state":"string"}]],"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all secrets are listed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"name":"string","project":"string","replication":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"autoscaling_config":{"type":["list",["object",{"autoscaling_limits":["list",["object",{"max_nodes":"number","max_processing_units":"number","min_nodes":"number","min_processing_units":"number"}]],"autoscaling_targets":["list",["object",{"high_priority_cpu_utilization_percent":"number","storage_utilization_percent":"number"}]]}]],"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain","computed":true},"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance_latest_recovery_time":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"latest_recovery_time":{"type":"string","description":"Timestamp, identifies the latest recovery time of the source instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","dns_name":"string","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","psc_service_attachment_link":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool","terminal_storage_class":"string"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"no_age":"bool","noncurrent_time_before":"string","num_newer_versions":"number","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"node_type_configs":{"type":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","computed":true},"destination_ip_ranges":{"type":["list",["object",{"external_address":"string","ip_address_range":"string"}]],"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain","computed":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list",["object",{"ip_address":"string","ip_address_range":"string"}]],"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain","computed":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","computed":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","computed":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","computed":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","computed":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","computed":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","computed":true},"external_ip":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internet_access":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_nsx_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains NSX.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","computed":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"management_cluster":{"type":["list",["object",{"cluster_id":"string","node_type_configs":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]]}]],"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"network_config":{"type":["list",["object",{"dns_server_ip":"string","management_cidr":"string","management_ip_address_layout_version":"number","vmware_engine_network":"string","vmware_engine_network_canonical":"string"}]],"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain","computed":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_vcenter_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains vcenter.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}}}}}} +{"format_version":"1.0","provider_schemas":{"registry.terraform.io/hashicorp/google":{"provider":{"version":0,"block":{"attributes":{"access_approval_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_context_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"access_token":{"type":"string","description_kind":"plain","optional":true},"active_directory_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"add_terraform_attribution_label":{"type":"bool","description_kind":"plain","optional":true},"alloydb_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apigee_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apikeys_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"app_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"apphub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"artifact_registry_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"assured_workloads_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"beyondcorp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"big_query_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"biglake_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_analytics_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_connection_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_data_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_datapolicy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigquery_reservation_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"bigtable_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"billing_project":{"type":"string","description_kind":"plain","optional":true},"binary_authorization_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"blockchain_node_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"certificate_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_asset_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_build_worker_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_functions_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_identity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_ids_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_quotas_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_run_v2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_scheduler_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloud_tasks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudbuildv2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddeploy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"clouddomains_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"cloudfunctions2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"composer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"compute_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_analysis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_attached_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_aws_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_azure_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"container_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"core_billing_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true},"data_catalog_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_fusion_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_loss_prevention_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"data_pipeline_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"database_migration_service_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataplex_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dataproc_metastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"datastream_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"default_labels":{"type":["map","string"],"description_kind":"plain","optional":true},"deployment_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dialogflow_cx_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"discovery_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"dns_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"document_ai_warehouse_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgecontainer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"edgenetwork_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"essential_contacts_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"eventarc_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"filestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebase_app_check_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firebaserules_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"firestore_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_backup_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gke_hub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkehub_feature_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"gkeonprem_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"healthcare_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam2_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_beta_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_credentials_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iam_workforce_pool_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"iap_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"identity_platform_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account":{"type":"string","description_kind":"plain","optional":true},"impersonate_service_account_delegates":{"type":["list","string"],"description_kind":"plain","optional":true},"integration_connectors_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"integrations_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"kms_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"logging_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"looker_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"memcache_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"migration_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"ml_engine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"monitoring_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"netapp_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_connectivity_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_security_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"network_services_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"notebooks_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"org_policy_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_config_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"os_login_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"privateca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_ca_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"pubsub_lite_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"recaptcha_enterprise_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"redis_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"request_reason":{"type":"string","description_kind":"plain","optional":true},"request_timeout":{"type":"string","description_kind":"plain","optional":true},"resource_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"resource_manager_v3_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description_kind":"plain","optional":true},"secret_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"secure_source_manager_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"security_center_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"securityposture_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_management_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_networking_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"service_usage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"source_repo_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"spanner_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"sql_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_insights_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"storage_transfer_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"tags_location_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"terraform_attribution_label_addition_strategy":{"type":"string","description_kind":"plain","optional":true},"tpu_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"universe_domain":{"type":"string","description_kind":"plain","optional":true},"user_project_override":{"type":"bool","description_kind":"plain","optional":true},"vertex_ai_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vmwareengine_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"vpc_access_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workbench_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"workflows_custom_endpoint":{"type":"string","description_kind":"plain","optional":true},"zone":{"type":"string","description_kind":"plain","optional":true}},"block_types":{"batching":{"nesting_mode":"list","block":{"attributes":{"enable_batching":{"type":"bool","description_kind":"plain","optional":true},"send_after":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"resource_schemas":{"google_access_context_manager_access_level":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true},"require_verified_chrome_os":{"type":"bool","description":"If you specify DESKTOP_CHROME_OS for osType, you can optionally include requireVerifiedChromeOs to require Chrome Verified Access.","description_kind":"plain","optional":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_level_condition":{"version":0,"block":{"attributes":{"access_level":{"type":"string","description":"The name of the Access Level to add this condition to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_levels":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this AccessLevel lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"access_levels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"Description of the AccessLevel and its use. Does not affect behavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the Access Level. The short_name component must begin\nwith a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","required":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true}},"block_types":{"basic":{"nesting_mode":"list","block":{"attributes":{"combining_function":{"type":"string","description":"How the conditions list should be combined to determine if a request\nis granted this AccessLevel. If AND is used, each Condition in\nconditions must be satisfied for the AccessLevel to be applied. If\nOR is used, at least one Condition in conditions must be satisfied\nfor the AccessLevel to be applied. Default value: \"AND\" Possible values: [\"AND\", \"OR\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"ip_subnetworks":{"type":["list","string"],"description":"A list of CIDR block IP subnetwork specification. May be IPv4\nor IPv6.\nNote that for a CIDR IP address block, the specified IP address\nportion must be properly truncated (i.e. all the host bits must\nbe zero) or the input is considered malformed. For example,\n\"192.0.2.0/24\" is accepted but \"192.0.2.1/24\" is not. Similarly,\nfor IPv6, \"2001:db8::/32\" is accepted whereas \"2001:db8::1/32\"\nis not. The originating IP of a request must be in one of the\nlisted subnets in order for this Condition to be true.\nIf empty, all IP addresses are allowed.","description_kind":"plain","optional":true},"members":{"type":["list","string"],"description":"An allowed list of members (users, service accounts).\nUsing groups is not supported yet.\n\nThe signed-in user originating the request must be a part of one\nof the provided members. If not specified, a request may come\nfrom any user (logged in/not logged in, not present in any\ngroups, etc.).\nFormats: 'user:{emailid}', 'serviceAccount:{emailid}'","description_kind":"plain","optional":true},"negate":{"type":"bool","description":"Whether to negate the Condition. If true, the Condition becomes\na NAND over its non-empty fields, each field must be false for\nthe Condition overall to be satisfied. Defaults to false.","description_kind":"plain","optional":true},"regions":{"type":["list","string"],"description":"The request must originate from one of the provided\ncountries/regions.\nFormat: A valid ISO 3166-1 alpha-2 code.","description_kind":"plain","optional":true},"required_access_levels":{"type":["list","string"],"description":"A list of other access levels defined in the same Policy,\nreferenced by resource name. Referencing an AccessLevel which\ndoes not exist is an error. All access levels listed must be\ngranted for the Condition to be true.\nFormat: accessPolicies/{policy_id}/accessLevels/{short_name}","description_kind":"plain","optional":true}},"block_types":{"device_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_device_management_levels":{"type":["list","string"],"description":"A list of allowed device management levels.\nAn empty list allows all management levels. Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"NONE\", \"BASIC\", \"COMPLETE\"]","description_kind":"plain","optional":true},"allowed_encryption_statuses":{"type":["list","string"],"description":"A list of allowed encryptions statuses.\nAn empty list allows all statuses. Possible values: [\"ENCRYPTION_UNSPECIFIED\", \"ENCRYPTION_UNSUPPORTED\", \"UNENCRYPTED\", \"ENCRYPTED\"]","description_kind":"plain","optional":true},"require_admin_approval":{"type":"bool","description":"Whether the device needs to be approved by the customer admin.","description_kind":"plain","optional":true},"require_corp_owned":{"type":"bool","description":"Whether the device needs to be corp owned.","description_kind":"plain","optional":true},"require_screen_lock":{"type":"bool","description":"Whether or not screenlock is required for the DevicePolicy\nto be true. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"os_constraints":{"nesting_mode":"list","block":{"attributes":{"minimum_version":{"type":"string","description":"The minimum allowed OS version. If not set, any version\nof this OS satisfies the constraint.\nFormat: \"major.minor.patch\" such as \"10.5.301\", \"9.2.1\".","description_kind":"plain","optional":true},"os_type":{"type":"string","description":"The operating system type of the device. Possible values: [\"OS_UNSPECIFIED\", \"DESKTOP_MAC\", \"DESKTOP_WINDOWS\", \"DESKTOP_LINUX\", \"DESKTOP_CHROME_OS\", \"ANDROID\", \"IOS\"]","description_kind":"plain","required":true}},"description":"A list of allowed OS versions.\nAn empty list allows all types and all versions.","description_kind":"plain"}}},"description":"Device specific restrictions, all restrictions must hold for\nthe Condition to be true. If not specified, all devices are\nallowed.","description_kind":"plain"},"max_items":1},"vpc_network_sources":{"nesting_mode":"list","block":{"block_types":{"vpc_subnetwork":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.","description_kind":"plain","required":true},"vpc_ip_subnetworks":{"type":["list","string"],"description":"CIDR block IP subnetwork specification. Must be IPv4.","description_kind":"plain","optional":true}},"description":"Sub networks within a VPC network.","description_kind":"plain"},"max_items":1}},"description":"The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.","description_kind":"plain"}}},"description":"A set of requirements for the AccessLevel to be granted.","description_kind":"plain"},"min_items":1}},"description":"A set of predefined conditions for the access level and a combining function.","description_kind":"plain"},"max_items":1},"custom":{"nesting_mode":"list","block":{"block_types":{"expr":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom access level conditions are set using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request.\nSee CEL spec at: https://github.com/google/cel-spec.","description_kind":"plain"},"max_items":1}},"description":"The desired Access Levels that should replace all existing Access Levels in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the AccessPolicy. Format: {policy_id}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of this AccessPolicy in the Cloud Resource Hierarchy.\nFormat: organizations/{organization_id}","description_kind":"plain","required":true},"scopes":{"type":["list","string"],"description":"Folder or project on which this policy is applicable.\nFormat: folders/{{folder_id}} or projects/{{project_id}}","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Does not affect behavior.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_authorized_orgs_desc":{"version":0,"block":{"attributes":{"asset_type":{"type":"string","description":"The type of entities that need to use the authorization relationship during\nevaluation, such as a device. Valid values are \"ASSET_TYPE_DEVICE\" and\n\"ASSET_TYPE_CREDENTIAL_STRENGTH\". Possible values: [\"ASSET_TYPE_DEVICE\", \"ASSET_TYPE_CREDENTIAL_STRENGTH\"]","description_kind":"plain","optional":true},"authorization_direction":{"type":"string","description":"The direction of the authorization relationship between this organization\nand the organizations listed in the \"orgs\" field. The valid values for this\nfield include the following:\n\nAUTHORIZATION_DIRECTION_FROM: Allows this organization to evaluate traffic\nin the organizations listed in the 'orgs' field.\n\nAUTHORIZATION_DIRECTION_TO: Allows the organizations listed in the 'orgs'\nfield to evaluate the traffic in this organization.\n\nFor the authorization relationship to take effect, all of the organizations\nmust authorize and specify the appropriate relationship direction. For\nexample, if organization A authorized organization B and C to evaluate its\ntraffic, by specifying \"AUTHORIZATION_DIRECTION_TO\" as the authorization\ndirection, organizations B and C must specify\n\"AUTHORIZATION_DIRECTION_FROM\" as the authorization direction in their\n\"AuthorizedOrgsDesc\" resource. Possible values: [\"AUTHORIZATION_DIRECTION_TO\", \"AUTHORIZATION_DIRECTION_FROM\"]","description_kind":"plain","optional":true},"authorization_type":{"type":"string","description":"A granular control type for authorization levels. Valid value is \"AUTHORIZATION_TYPE_TRUST\". Possible values: [\"AUTHORIZATION_TYPE_TRUST\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was created in UTC.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the 'AuthorizedOrgsDesc'. Format:\n'accessPolicies/{access_policy}/authorizedOrgsDescs/{authorized_orgs_desc}'.\nThe 'authorized_orgs_desc' component must begin with a letter, followed by\nalphanumeric characters or '_'.\nAfter you create an 'AuthorizedOrgsDesc', you cannot change its 'name'.","description_kind":"plain","required":true},"orgs":{"type":["list","string"],"description":"The list of organization ids in this AuthorizedOrgsDesc.\nFormat: 'organizations/\u003corg_number\u003e'\nExample: 'organizations/123456'","description_kind":"plain","optional":true},"parent":{"type":"string","description":"Required. Resource name for the access policy which owns this 'AuthorizedOrgsDesc'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AuthorizedOrgsDesc was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_egress_policy":{"version":0,"block":{"attributes":{"egress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_gcp_user_access_binding":{"version":0,"block":{"attributes":{"access_levels":{"type":["list","string"],"description":"Required. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: \"accessPolicies/9522/accessLevels/device_trusted\"","description_kind":"plain","required":true},"group_key":{"type":"string","description":"Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See \"id\" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: \"01d520gv4vjcrht\"","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: \"organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N\"","description_kind":"plain","computed":true},"organization_id":{"type":"string","description":"Required. ID of the parent organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_policy_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'EgressPolicy'.\nTo specify an identity or identity group, use the IAM v1\nformat specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'IngressPolicy'.\nTo specify an identity or identity group, use the IAM v1\nformat specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'EgressPolicy'.\nTo specify an identity or identity group, use the IAM v1\nformat specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'IngressPolicy'.\nTo specify an identity or identity group, use the IAM v1\nformat specified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_dry_run_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_egress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'EgressPolicy'.\nShould be in the format of an email address. The email address should\nrepresent an individual user, service account, or Google group.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["list","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_ingress_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true}},"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["list","string"],"description":"A list of identities that are allowed access through this 'IngressPolicy'.\nShould be in the format of an email address. The email address should represent\nan individual user, service account, or Google group.","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["list","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeter_resource":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"perimeter_name":{"type":"string","description":"The name of the Service Perimeter to add this resource to.","description_kind":"plain","required":true},"resource":{"type":"string","description":"A GCP resource that is inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_access_context_manager_service_perimeters":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The AccessPolicy this ServicePerimeter lives in.\nFormat: accessPolicies/{policy_id}","description_kind":"plain","required":true}},"block_types":{"service_perimeters":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the ServicePerimeter and its use. Does not affect\nbehavior.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name for the ServicePerimeter. The short_name component must\nbegin with a letter and only include alphanumeric and '_'.\nFormat: accessPolicies/{policy_id}/servicePerimeters/{short_name}","description_kind":"plain","required":true},"perimeter_type":{"type":"string","description":"Specifies the type of the Perimeter. There are two types: regular and\nbridge. Regular Service Perimeter contains resources, access levels,\nand restricted services. Every resource can be in at most\nONE regular Service Perimeter.\n\nIn addition to being in a regular service perimeter, a resource can also\nbe in zero or more perimeter bridges. A perimeter bridge only contains\nresources. Cross project operations are permitted if all effected\nresources share some perimeter (whether bridge or regular). Perimeter\nBridge does not contain access levels or services: those are governed\nentirely by the regular perimeter that resource is in.\n\nPerimeter Bridges are typically useful when building more complex\ntopologies with many independent perimeters that need to share some data\nwith a common perimeter, but should not be able to share data among\nthemselves. Default value: \"PERIMETER_TYPE_REGULAR\" Possible values: [\"PERIMETER_TYPE_REGULAR\", \"PERIMETER_TYPE_BRIDGE\"]","description_kind":"plain","optional":true},"title":{"type":"string","description":"Human readable title. Must be unique within the Policy.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true},"use_explicit_dry_run_spec":{"type":"bool","description":"Use explicit dry run spec flag. Ordinarily, a dry-run spec implicitly exists\nfor all Service Perimeters, and that spec is identical to the status for those\nService Perimeters. When this flag is set, it inhibits the generation of the\nimplicit spec, thereby allowing the user to explicitly provide a\nconfiguration (\"spec\") to use in a dry-run version of the Service Perimeter.\nThis allows the user to test changes to the enforced config (\"status\") without\nactually enforcing them. This testing is done through analyzing the differences\nbetween currently enforced and suggested restrictions. useExplicitDryRunSpec must\nbet set to True if any of the fields in the spec are set to non-default values.","description_kind":"plain","optional":true}},"block_types":{"spec":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'EgressPolicy'.\nTo specify an identity or identity group, use the IAM v1 format\nspecified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"list","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'IngressPolicy'.\nTo specify an identity or identity group, use the IAM v1 format\nspecified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"Proposed (or dry run) ServicePerimeter configuration.\nThis configuration allows to specify and test ServicePerimeter configuration\nwithout enforcing actual access restrictions. Only allowed to be set when\nthe 'useExplicitDryRunSpec' flag is set.","description_kind":"plain"},"max_items":1},"status":{"nesting_mode":"list","block":{"attributes":{"access_levels":{"type":["set","string"],"description":"A list of AccessLevel resource names that allow resources within\nthe ServicePerimeter to be accessed from the internet.\nAccessLevels listed must be in the same policy as this\nServicePerimeter. Referencing a nonexistent AccessLevel is a\nsyntax error. If no AccessLevel names are listed, resources within\nthe perimeter can only be accessed via GCP calls with request\norigins within the perimeter. For Service Perimeter Bridge, must\nbe empty.\n\nFormat: accessPolicies/{policy_id}/accessLevels/{access_level_name}","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of GCP resources that are inside of the service perimeter.\nCurrently only projects are allowed.\nFormat: projects/{project_number}","description_kind":"plain","optional":true},"restricted_services":{"type":["set","string"],"description":"GCP services that are subject to the Service Perimeter\nrestrictions. Must contain a list of services. For example, if\n'storage.googleapis.com' is specified, access to the storage\nbuckets inside the perimeter must meet the perimeter's access\nrestrictions.","description_kind":"plain","optional":true}},"block_types":{"egress_policies":{"nesting_mode":"list","block":{"block_types":{"egress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'EgressPolicy'.\nTo specify an identity or identity group, use the IAM v1 format\nspecified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access to outside the\nperimeter. If left unspecified, then members of 'identities' field will\nbe allowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true},"source_restriction":{"type":"string","description":"Whether to enforce traffic restrictions based on 'sources' field. If the 'sources' field is non-empty, then this field must be set to 'SOURCE_RESTRICTION_ENABLED'. Possible values: [\"SOURCE_RESTRICTION_UNSPECIFIED\", \"SOURCE_RESTRICTION_ENABLED\", \"SOURCE_RESTRICTION_DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An AccessLevel resource name that allows resources outside the ServicePerimeter to be accessed from the inside.","description_kind":"plain","optional":true}},"description":"Sources that this EgressPolicy authorizes access from.","description_kind":"plain"}}},"description":"Defines conditions on the source of a request causing this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1},"egress_to":{"nesting_mode":"list","block":{"attributes":{"external_resources":{"type":["set","string"],"description":"A list of external resources that are allowed to be accessed. A request\nmatches if it contains an external resource in this list (Example:\ns3://bucket/path). Currently '*' is not allowed.","description_kind":"plain","optional":true},"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', that match this to stanza. A request matches\nif it contains a resource in this list. If * is specified for resources,\nthen this 'EgressTo' rule will authorize access to all resources outside\nthe perimeter.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with serviceName\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for 'method' should be a valid method name for the corresponding\n'serviceName' in 'ApiOperation'. If '*' used as value for method,\nthen ALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong\nto the service specified by 'serviceName' field. A single MethodSelector\nentry with '*' specified for the 'method' field will allow all methods\nAND permissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' that this egress rule applies to. A request matches\nif it contains an operation/service in this list.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and destination resources that\ncause this 'EgressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of EgressPolicies to apply to the perimeter. A perimeter may\nhave multiple EgressPolicies, each of which is evaluated separately.\nAccess is granted if any EgressPolicy grants it. Must be empty for\na perimeter bridge.","description_kind":"plain"}},"ingress_policies":{"nesting_mode":"set","block":{"block_types":{"ingress_from":{"nesting_mode":"list","block":{"attributes":{"identities":{"type":["set","string"],"description":"'A list of identities that are allowed access through this 'IngressPolicy'.\nTo specify an identity or identity group, use the IAM v1 format\nspecified [here](https://cloud.google.com/iam/docs/principal-identifiers.md#v1).\nThe following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.'","description_kind":"plain","optional":true},"identity_type":{"type":"string","description":"Specifies the type of identities that are allowed access from outside the\nperimeter. If left unspecified, then members of 'identities' field will be\nallowed access. Possible values: [\"IDENTITY_TYPE_UNSPECIFIED\", \"ANY_IDENTITY\", \"ANY_USER_ACCOUNT\", \"ANY_SERVICE_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"sources":{"nesting_mode":"list","block":{"attributes":{"access_level":{"type":"string","description":"An 'AccessLevel' resource name that allow resources within the\n'ServicePerimeters' to be accessed from the internet. 'AccessLevels' listed\nmust be in the same policy as this 'ServicePerimeter'. Referencing a nonexistent\n'AccessLevel' will cause an error. If no 'AccessLevel' names are listed,\nresources within the perimeter can only be accessed via Google Cloud calls\nwith request origins within the perimeter.\nExample 'accessPolicies/MY_POLICY/accessLevels/MY_LEVEL.'\nIf * is specified, then all IngressSources will be allowed.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"A Google Cloud resource that is allowed to ingress the perimeter.\nRequests from these resources will be allowed to access perimeter data.\nCurrently only projects are allowed. Format 'projects/{project_number}'\nThe project may be in any Google Cloud organization, not just the\norganization that the perimeter is defined in. '*' is not allowed, the case\nof allowing all Google Cloud resources only is not supported.","description_kind":"plain","optional":true}},"description":"Sources that this 'IngressPolicy' authorizes access from.","description_kind":"plain"}}},"description":"Defines the conditions on the source of a request causing this 'IngressPolicy'\nto apply.","description_kind":"plain"},"max_items":1},"ingress_to":{"nesting_mode":"list","block":{"attributes":{"resources":{"type":["set","string"],"description":"A list of resources, currently only projects in the form\n'projects/\u003cprojectnumber\u003e', protected by this 'ServicePerimeter'\nthat are allowed to be accessed by sources defined in the\ncorresponding 'IngressFrom'. A request matches if it contains\na resource in this list. If '*' is specified for resources,\nthen this 'IngressTo' rule will authorize access to all\nresources inside the perimeter, provided that the request\nalso matches the 'operations' field.","description_kind":"plain","optional":true}},"block_types":{"operations":{"nesting_mode":"list","block":{"attributes":{"service_name":{"type":"string","description":"The name of the API whose methods or permissions the 'IngressPolicy' or\n'EgressPolicy' want to allow. A single 'ApiOperation' with 'serviceName'\nfield set to '*' will allow all methods AND permissions for all services.","description_kind":"plain","optional":true}},"block_types":{"method_selectors":{"nesting_mode":"list","block":{"attributes":{"method":{"type":"string","description":"Value for method should be a valid method name for the corresponding\nserviceName in 'ApiOperation'. If '*' used as value for 'method', then\nALL methods and permissions are allowed.","description_kind":"plain","optional":true},"permission":{"type":"string","description":"Value for permission should be a valid Cloud IAM permission for the\ncorresponding 'serviceName' in 'ApiOperation'.","description_kind":"plain","optional":true}},"description":"API methods or permissions to allow. Method or permission must belong to\nthe service specified by serviceName field. A single 'MethodSelector' entry\nwith '*' specified for the method field will allow all methods AND\npermissions for the service specified in 'serviceName'.","description_kind":"plain"}}},"description":"A list of 'ApiOperations' the sources specified in corresponding 'IngressFrom'\nare allowed to perform in this 'ServicePerimeter'.","description_kind":"plain"}}},"description":"Defines the conditions on the 'ApiOperation' and request destination that cause\nthis 'IngressPolicy' to apply.","description_kind":"plain"},"max_items":1}},"description":"List of 'IngressPolicies' to apply to the perimeter. A perimeter may\nhave multiple 'IngressPolicies', each of which is evaluated\nseparately. Access is granted if any 'Ingress Policy' grants it.\nMust be empty for a perimeter bridge.","description_kind":"plain"}},"vpc_accessible_services":{"nesting_mode":"list","block":{"attributes":{"allowed_services":{"type":["set","string"],"description":"The list of APIs usable within the Service Perimeter.\nMust be empty unless 'enableRestriction' is True.","description_kind":"plain","optional":true},"enable_restriction":{"type":"bool","description":"Whether to restrict API calls within the Service Perimeter to the\nlist of APIs specified in 'allowedServices'.","description_kind":"plain","optional":true}},"description":"Specifies how APIs are allowed to communicate within the Service\nPerimeter.","description_kind":"plain"},"max_items":1}},"description":"ServicePerimeter configuration. Specifies sets of resources,\nrestricted services and access levels that determine\nperimeter content and boundaries.","description_kind":"plain"},"max_items":1}},"description":"The desired Service Perimeters that should replace all existing Service Perimeters in the Access Policy.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain":{"version":0,"block":{"attributes":{"admin":{"type":"string","description":"The name of delegated administrator account used to perform Active Directory operations.\nIf not specified, setupadmin will be used.","description_kind":"plain","optional":true},"authorized_networks":{"type":["set","string"],"description":"The full names of the Google Compute Engine networks the domain instance is connected to. The domain is only available on networks listed in authorizedNetworks.\nIf CIDR subnets overlap between networks, domain creation will fail.","description_kind":"plain","optional":true},"domain_name":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"fqdn":{"type":"string","description":"The fully-qualified domain name of the exposed domain used by clients to connect to the service.\nSimilar to what would be chosen for an Active Directory set up on an internal network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels that can contain user-provided metadata\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"locations":{"type":["list","string"],"description":"Locations where domain needs to be provisioned. [regions][compute/docs/regions-zones/]\ne.g. us-west1 or us-east4 Service supports up to 4 locations at once. Each location will use a /26 block.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique name of the domain using the format: 'projects/{project}/locations/global/domains/{domainName}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger.\nRanges must be unique and non-overlapping with existing subnets in authorizedNetworks","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_active_directory_domain_trust":{"version":0,"block":{"attributes":{"domain":{"type":"string","description":"The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions,\nhttps://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selective_authentication":{"type":"bool","description":"Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.","description_kind":"plain","optional":true},"target_dns_ip_addresses":{"type":["set","string"],"description":"The target DNS server IP addresses which can resolve the remote domain involved in the trust.","description_kind":"plain","required":true},"target_domain_name":{"type":"string","description":"The fully qualified target domain name which will be in trust with the current domain.","description_kind":"plain","required":true},"trust_direction":{"type":"string","description":"The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values: [\"INBOUND\", \"OUTBOUND\", \"BIDIRECTIONAL\"]","description_kind":"plain","required":true},"trust_handshake_secret":{"type":"string","description":"The trust secret used for the handshake with the target domain. This will not be stored.","description_kind":"plain","required":true,"sensitive":true},"trust_type":{"type":"string","description":"The type of trust represented by the trust resource. Possible values: [\"FOREST\", \"EXTERNAL\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_backup":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_id":{"type":"string","description":"The ID of the alloydb backup.","description_kind":"plain","required":true},"cluster_name":{"type":"string","description":"The full resource name of the backup source cluster (e.g., projects/{project}/locations/{location}/clusters/{clusterId}).","description_kind":"plain","required":true},"cluster_uid":{"type":"string","description":"Output only. The system-generated UID of the cluster which was used to create this resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Delete time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the backup.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Backup.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"expiry_quantity":{"type":["list",["object",{"retention_count":"number","total_retention_count":"number"}]],"description":"Output only. The QuantityBasedExpiry of the backup, specified by the backup's retention policy.\nOnce the expiry quantity is over retention, the backup is eligible to be garbage collected.","description_kind":"plain","computed":true},"expiry_time":{"type":"string","description":"Output only. The time at which after the backup is eligible to be garbage collected.\nIt is the duration specified by the backup's retention policy, added to the backup's createTime.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb backup. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb backup should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the backup resource with the format: * projects/{project}/locations/{region}/backups/{backupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation), if true, indicates that the service is actively updating the resource.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"size_bytes":{"type":"string","description":"Output only. The size of the backup in bytes.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the backup.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The backup type, which suggests the trigger for the backup. Possible values: [\"TYPE_UNSPECIFIED\", \"ON_DEMAND\", \"AUTOMATED\", \"CONTINUOUS\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. The system-generated UID of the resource. The UID is assigned when the resource is created, and it is retained until it is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time stamp. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels. https://google.aip.dev/128\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"backup_source":{"type":["list",["object",{"backup_name":"string"}]],"description":"Cluster created from backup.","description_kind":"plain","computed":true},"cluster_id":{"type":"string","description":"The ID of the alloydb cluster.","description_kind":"plain","required":true},"cluster_type":{"type":"string","description":"The type of cluster. If not set, defaults to PRIMARY. Default value: \"PRIMARY\" Possible values: [\"PRIMARY\", \"SECONDARY\"]","description_kind":"plain","optional":true},"continuous_backup_info":{"type":["list",["object",{"earliest_restorable_time":"string","enabled_time":"string","encryption_info":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"schedule":["list","string"]}]],"description":"ContinuousBackupInfo describes the continuous backup properties of a cluster.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The database engine major version. This is an optional field and it's populated at the Cluster creation time. This field cannot be changed after cluster creation.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the cluster should be deleted forcefully.\nDeleting a cluster forcefully, deletes the cluster and all its associated instances within the cluster.\nDeleting a Secondary cluster with a secondary instance REQUIRES setting deletion_policy = \"FORCE\" otherwise an error is returned. This is needed as there is no support to delete just the secondary instance, and the only way to delete secondary instance is to delete the associated secondary cluster forcefully which also deletes the secondary instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_info":{"type":["list",["object",{"encryption_type":"string","kms_key_versions":["list","string"]}]],"description":"EncryptionInfo describes the encryption information of a cluster or a backup.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the alloydb cluster should reside.","description_kind":"plain","required":true},"migration_source":{"type":["list",["object",{"host_port":"string","reference_id":"string","source_type":"string"}]],"description":"Cluster created via DMS migration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster resource.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Reconciling (https://google.aip.dev/128#reconciliation).\nSet to true if the current state of Cluster does not match the user's intended state, and the service is actively updating the resource to reconcile them.\nThis can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current serving state of the cluster.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true}},"block_types":{"automated_backup_policy":{"nesting_mode":"list","block":{"attributes":{"backup_window":{"type":"string","description":"The length of the time window during which a backup can be taken. If a backup does not succeed within this time window, it will be canceled and considered failed.\n\nThe backup window must be at least 5 minutes long. There is no upper bound on the window. If not set, it will default to 1 hour.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"enabled":{"type":"bool","description":"Whether automated backups are enabled.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to backups created using this configuration.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the backup will be stored. Currently, the only supported option is to store the backup in the same region as the cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"quantity_based_retention":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of backups to retain.","description_kind":"plain","optional":true}},"description":"Quantity-based Backup retention policy to retain recent backups. Conflicts with 'time_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"time_based_retention":{"nesting_mode":"list","block":{"attributes":{"retention_period":{"type":"string","description":"The retention period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Time-based Backup retention policy. Conflicts with 'quantity_based_retention', both can't be set together.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"The days of the week to perform a backup. At least one day of the week must be provided. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"block_types":{"start_times":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"The times during the day to start a backup. At least one start time must be provided. The start times are assumed to be in UTC and to be an exact hour (e.g., 04:00:00).","description_kind":"plain"},"min_items":1}},"description":"Weekly schedule for the Backup.","description_kind":"plain"},"max_items":1}},"description":"The automated backup policy for this cluster. AutomatedBackupPolicy is disabled by default.","description_kind":"plain"},"max_items":1},"continuous_backup_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether continuous backup recovery is enabled. If not set, defaults to true.","description_kind":"plain","optional":true},"recovery_window_days":{"type":"number","description":"The numbers of days that are eligible to restore from using PITR. To support the entire recovery window, backups and logs are retained for one day more than the recovery window.\n\nIf not set, defaults to 14 days.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1}},"description":"The continuous backup config for this cluster.\n\nIf no policy is provided then the default policy will be used. The default policy takes one backup a day and retains backups for 14 days.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The fully-qualified resource name of the KMS key. Each Cloud KMS key is regionalized and has the following format: projects/[PROJECT]/locations/[REGION]/keyRings/[RING]/cryptoKeys/[KEY_NAME].","description_kind":"plain","optional":true}},"description":"EncryptionConfig describes the encryption config of a cluster or a backup that is encrypted with a CMEK (customer-managed encryption key).","description_kind":"plain"},"max_items":1},"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","optional":true}},"description":"Initial user to setup during cluster creation.","description_kind":"plain"},"max_items":1},"maintenance_update_policy":{"nesting_mode":"list","block":{"block_types":{"maintenance_windows":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Currently, only the value 0 is supported.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Currently, only the value 0 is supported.","description_kind":"plain","optional":true}},"description":"Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Preferred windows to perform maintenance. Currently limited to 1.","description_kind":"plain"}}},"description":"MaintenanceUpdatePolicy defines the policy for system updates.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated IP range for the private IP AlloyDB cluster. For example: \"google-managed-services-default\".\nIf set, the instance IPs for this cluster will be created in the allocated range.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: \"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true}},"description":"Metadata related to network configuration.","description_kind":"plain"},"max_items":1},"restore_backup_source":{"nesting_mode":"list","block":{"attributes":{"backup_name":{"type":"string","description":"The name of the backup that this cluster is restored from.","description_kind":"plain","required":true}},"description":"The source when restoring from a backup. Conflicts with 'restore_continuous_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"restore_continuous_backup_source":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"The name of the source cluster that this cluster is restored from.","description_kind":"plain","required":true},"point_in_time":{"type":"string","description":"The point in time that this cluster is restored to, in RFC 3339 format.","description_kind":"plain","required":true}},"description":"The source when restoring via point in time recovery (PITR). Conflicts with 'restore_backup_source', both can't be set together.","description_kind":"plain"},"max_items":1},"secondary_config":{"nesting_mode":"list","block":{"attributes":{"primary_cluster_name":{"type":"string","description":"Name of the primary cluster must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true}},"description":"Configuration of the secondary cluster for Cross Region Replication. This should be set if and only if the cluster is of type SECONDARY.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_instance":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.\nNote that primary and read instances can have different availability types.\nOnly READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.\nZone is automatically chosen from the list of zones in the region specified.\nRead pool of size 1 can only have zonal availability. Read pools with node count of 2 or more\ncan have regional availability (nodes are present in 2 or more zones in a region).' Possible values: [\"AVAILABILITY_TYPE_UNSPECIFIED\", \"ZONAL\", \"REGIONAL\"]","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"database_flags":{"type":["map","string"],"description":"Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"User-settable and human-readable display name for the Instance.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gce_zone":{"type":"string","description":"The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The ID of the alloydb instance.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"The type of the instance.\nIf the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the 'depends_on' meta-data attribute.\nIf the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.\nExample: {instance_type = google_alloydb_cluster.\u003csecondary_cluster_name\u003e.cluster_type} instead of {instance_type = SECONDARY}\nIf the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.\nUse deletion_policy = \"FORCE\" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.\nUsers can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import. Possible values: [\"PRIMARY\", \"READ_POOL\", \"SECONDARY\"]","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the alloydb instance.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance resource.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"The public IP addresses for the Instance. This is available ONLY when\nnetworkConfig.enablePublicIp is set to true. This is the connection\nendpoint for an end-user application.","description_kind":"plain","computed":true},"reconciling":{"type":"bool","description":"Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the alloydb instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The system-generated UID of the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"client_connection_config":{"nesting_mode":"list","block":{"attributes":{"require_connectors":{"type":"bool","description":"Configuration to enforce connectors only (ex: AuthProxy) connections to the database.","description_kind":"plain","optional":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ssl_mode":{"type":"string","description":"SSL mode. Specifies client-server SSL/TLS connection behavior. Possible values: [\"ENCRYPTED_ONLY\", \"ALLOW_UNENCRYPTED_AND_ENCRYPTED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"SSL config option for this instance.","description_kind":"plain"},"max_items":1}},"description":"Client connection specific configurations.","description_kind":"plain"},"max_items":1},"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","optional":true,"computed":true}},"description":"Configurations for the machines that host the underlying database engine.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"enable_public_ip":{"type":"bool","description":"Enabling public ip for the instance. If a user wishes to disable this,\nplease also clear the list of the authorized external networks set on\nthe same instance.","description_kind":"plain","optional":true}},"block_types":{"authorized_external_networks":{"nesting_mode":"list","block":{"attributes":{"cidr_range":{"type":"string","description":"CIDR range for one authorized network of the instance.","description_kind":"plain","optional":true}},"description":"A list of external networks authorized to access this instance. This\nfield is only allowed to be set when 'enable_public_ip' is set to\ntrue.","description_kind":"plain"}}},"description":"Instance level network configuration.","description_kind":"plain"},"max_items":1},"query_insights_config":{"nesting_mode":"list","block":{"attributes":{"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.","description_kind":"plain","optional":true},"query_string_length":{"type":"number","description":"Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"Record application tags for an instance. This flag is turned \"on\" by default.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"Record client address for an instance. Client address is PII information. This flag is turned \"on\" by default.","description_kind":"plain","optional":true}},"description":"Configuration for query insights.","description_kind":"plain"},"max_items":1},"read_pool_config":{"nesting_mode":"list","block":{"attributes":{"node_count":{"type":"number","description":"Read capacity, i.e. number of nodes in a read pool instance.","description_kind":"plain","optional":true}},"description":"Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_alloydb_user":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"Identifies the alloydb cluster. Must be in the format\n'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","required":true},"database_roles":{"type":["list","string"],"description":"List of database roles this database user has.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource in the form of projects/{project}/locations/{location}/clusters/{cluster}/users/{user}.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Password for this database user.","description_kind":"plain","optional":true},"user_id":{"type":"string","description":"The database role name of the user.","description_kind":"plain","required":true},"user_type":{"type":"string","description":"The type of this user. Possible values: [\"ALLOYDB_BUILT_IN\", \"ALLOYDB_IAM_USER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_addons_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"advanced_api_ops_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"api_security_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"connectors_platform_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true},"expires_at":{"type":"string","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","computed":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"integration_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1},"monetization_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Flag that specifies whether the Advanced API Ops add-on is enabled.","description_kind":"plain","optional":true}},"description":"Configuration for the Monetization add-on.","description_kind":"plain"},"max_items":1}},"description":"Addon configurations of the Apigee organization.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_endpoint_attachment":{"version":0,"block":{"attributes":{"connection_state":{"type":"string","description":"State of the endpoint attachment connection to the service attachment.","description_kind":"plain","computed":true},"endpoint_attachment_id":{"type":"string","description":"ID of the endpoint attachment.","description_kind":"plain","required":true},"host":{"type":"string","description":"Host that can be used in either HTTP Target Endpoint directly, or as the host in Target Server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the endpoint attachment.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Endpoint Attachment in the following format:\norganizations/{organization}/endpointAttachments/{endpointAttachment}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"service_attachment":{"type":"string","description":"Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_keystore":{"version":0,"block":{"attributes":{"aliases":{"type":["list","string"],"description":"Aliases in this keystore.","description_kind":"plain","computed":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created keystore.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_env_references":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Optional. A human-readable description of this reference.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Required. The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"refers":{"type":"string","description":"Required. The id of the resource to which this reference refers. Must be the id of a resource that exists in the parent environment and is of the given resourceType.","description_kind":"plain","required":true},"resource_type":{"type":"string","description":"The type of resource referred to by this reference. Valid values are 'KeyStore' or 'TrustStore'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup":{"version":0,"block":{"attributes":{"hostnames":{"type":["list","string"],"description":"Hostnames of the environment group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment group.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment group,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_envgroup_attachment":{"version":0,"block":{"attributes":{"envgroup_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/envgroups/{{envgroup_name}}'.","description_kind":"plain","required":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment":{"version":0,"block":{"attributes":{"api_proxy_type":{"type":"string","description":"Optional. API Proxy type supported by the environment. The type can be set when creating\nthe Environment and cannot be changed. Possible values: [\"API_PROXY_TYPE_UNSPECIFIED\", \"PROGRAMMABLE\", \"CONFIGURABLE\"]","description_kind":"plain","optional":true,"computed":true},"deployment_type":{"type":"string","description":"Optional. Deployment type supported by the environment. The deployment type can be\nset when creating the environment and cannot be changed. When you enable archive\ndeployment, you will be prevented from performing a subset of actions within the\nenvironment, including:\nManaging the deployment of API proxy or shared flow revisions;\nCreating, updating, or deleting resource files;\nCreating, updating, or deleting target servers. Possible values: [\"DEPLOYMENT_TYPE_UNSPECIFIED\", \"PROXY\", \"ARCHIVE\"]","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the environment.","description_kind":"plain","optional":true},"forward_proxy_uri":{"type":"string","description":"Optional. URI of the forward proxy to be applied to the runtime instances in this environment. Must be in the format of {scheme}://{hostname}:{port}. Note that the scheme must be one of \"http\" or \"https\", and the port must be supplied.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee environment,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"type":{"type":"string","description":"Types that can be selected for an Environment. Each of the types are\nlimited by capability and capacity. Refer to Apigee's public documentation\nto understand about each of these types in details.\nAn Apigee org can support heterogeneous Environments. Possible values: [\"ENVIRONMENT_TYPE_UNSPECIFIED\", \"BASE\", \"INTERMEDIATE\", \"COMPREHENSIVE\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_config":{"nesting_mode":"list","block":{"attributes":{"current_aggregate_node_count":{"type":"string","description":"The current total number of gateway nodes that each environment currently has across\nall instances.","description_kind":"plain","computed":true},"max_node_count":{"type":"string","description":"The maximum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended maximum number of nodes for that gateway.","description_kind":"plain","optional":true},"min_node_count":{"type":"string","description":"The minimum total number of gateway nodes that the is reserved for all instances that\nhas the specified environment. If not specified, the default is determined by the\nrecommended minimum number of nodes for that gateway.","description_kind":"plain","optional":true}},"description":"NodeConfig for setting the min/max number of nodes associated with the environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_environment_iam_binding":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_member":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apigee_flowhook":{"version":0,"block":{"attributes":{"continue_on_error":{"type":"bool","description":"Flag that specifies whether execution should continue if the flow hook throws an exception. Set to true to continue execution. Set to false to stop execution if the flow hook throws an exception. Defaults to true.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the flow hook.","description_kind":"plain","optional":true},"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"flow_hook_point":{"type":"string","description":"Where in the API call flow the flow hook is invoked. Must be one of PreProxyFlowHook, PostProxyFlowHook, PreTargetFlowHook, or PostTargetFlowHook.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the environment","description_kind":"plain","required":true},"sharedflow":{"type":"string","description":"Id of the Sharedflow attaching to a flowhook point.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance":{"version":0,"block":{"attributes":{"consumer_accept_list":{"type":["list","string"],"description":"Optional. Customer accept list represents the list of projects (id/number) on customer\nside that can privately connect to the service attachment. It is an optional field\nwhich the customers can provide during the instance creation. By default, the customer\nproject associated with the Apigee organization will be included to the list.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"Description of the instance.","description_kind":"plain","optional":true},"disk_encryption_key_name":{"type":"string","description":"Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of the instance.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_range":{"type":"string","description":"IP range represents the customer-provided CIDR block of length 22 that will be used for\nthe Apigee instance creation. This optional range, if provided, should be freely\navailable as part of larger named range the customer has allocated to the Service\nNetworking peering. If this is not provided, Apigee will automatically request for any\navailable /22 CIDR block from Service Networking. The customer should use this CIDR block\nfor configuring their firewall needs to allow traffic from Apigee.\nInput format: \"a.b.c.d/22\"","description_kind":"plain","optional":true},"location":{"type":"string","description":"Required. Compute Engine location where the instance resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource ID of the instance.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance,\nin the format 'organizations/{{org_name}}'.","description_kind":"plain","required":true},"peering_cidr_range":{"type":"string","description":"The size of the CIDR block range that will be reserved by the instance. For valid values,\nsee [CidrRange](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances#CidrRange) on the documentation.","description_kind":"plain","optional":true,"computed":true},"port":{"type":"string","description":"Output only. Port number of the exposed Apigee endpoint.","description_kind":"plain","computed":true},"service_attachment":{"type":"string","description":"Output only. Resource name of the service attachment created for the instance in\nthe format: projects/*/regions/*/serviceAttachments/* Apigee customers can privately\nforward traffic to this service attachment using the PSC endpoints.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_instance_attachment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the newly created attachment (output parameter).","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_key_cert_file":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"cert":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Private Key content, omit if uploading to truststore","description_kind":"plain","optional":true,"sensitive":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"certs_info":{"nesting_mode":"list","block":{"block_types":{"cert_info":{"nesting_mode":"list","block":{"attributes":{"basic_constraints":{"type":"string","description":"X.509 basic constraints extension.","description_kind":"plain","optional":true,"computed":true},"expiry_date":{"type":"string","description":"X.509 notAfter validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"is_valid":{"type":"string","description":"Flag that specifies whether the certificate is valid. \nFlag is set to Yes if the certificate is valid, No if expired, or Not yet if not yet valid.","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"X.509 issuer.","description_kind":"plain","optional":true,"computed":true},"public_key":{"type":"string","description":"Public key component of the X.509 subject public key info.","description_kind":"plain","optional":true,"computed":true},"serial_number":{"type":"string","description":"X.509 serial number.","description_kind":"plain","optional":true,"computed":true},"sig_alg_name":{"type":"string","description":"X.509 signatureAlgorithm.","description_kind":"plain","optional":true,"computed":true},"subject":{"type":"string","description":"X.509 subject.","description_kind":"plain","optional":true,"computed":true},"subject_alternative_names":{"type":["list","string"],"description":"X.509 subject alternative names (SANs) extension.","description_kind":"plain","optional":true,"computed":true},"valid_from":{"type":"string","description":"X.509 notBefore validity period in milliseconds since epoch.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"X.509 version.","description_kind":"plain","optional":true,"computed":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Chain of certificates under this alias.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_pkcs12":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias Name","description_kind":"plain","required":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"Environment associated with the alias","description_kind":"plain","required":true},"file":{"type":"string","description":"Cert content","description_kind":"plain","required":true},"filehash":{"type":"string","description":"Hash of the pkcs file","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keystore":{"type":"string","description":"Keystore Name","description_kind":"plain","required":true},"org_id":{"type":"string","description":"Organization ID associated with the alias","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Private Key if it's encrypted","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_keystores_aliases_self_signed_cert":{"version":0,"block":{"attributes":{"alias":{"type":"string","description":"Alias for the key/certificate pair. Values must match the regular expression [\\w\\s-.]{1,255}.\nThis must be provided for all formats except selfsignedcert; self-signed certs may specify the alias in either\nthis parameter or the JSON body.","description_kind":"plain","required":true},"cert_validity_in_days":{"type":"number","description":"Validity duration of certificate, in days. Accepts positive non-zero value. Defaults to 365.","description_kind":"plain","optional":true},"certs_info":{"type":["list",["object",{"cert_info":["list",["object",{"basic_constraints":"string","expiry_date":"string","is_valid":"string","issuer":"string","public_key":"string","serial_number":"string","sig_alg_name":"string","subject":"string","subject_alternative_names":["list","string"],"valid_from":"string","version":"number"}]]}]],"description":"Chain of certificates under this alias.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The Apigee environment name","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_size":{"type":"string","description":"Key size. Default and maximum value is 2048 bits.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"The Apigee keystore name associated in an Apigee environment","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee environment","description_kind":"plain","required":true},"sig_alg":{"type":"string","description":"Signature algorithm to generate private key. Valid values are SHA512withRSA, SHA384withRSA, and SHA256withRSA","description_kind":"plain","required":true},"type":{"type":"string","description":"Optional.Type of Alias","description_kind":"plain","computed":true}},"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"Common name of the organization. Maximum length is 64 characters.","description_kind":"plain","optional":true},"country_code":{"type":"string","description":"Two-letter country code. Example, IN for India, US for United States of America.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address. Max 255 characters.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"City or town name. Maximum length is 128 characters.","description_kind":"plain","optional":true},"org":{"type":"string","description":"Organization name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"org_unit":{"type":"string","description":"Organization team name. Maximum length is 64 characters.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State or district name. Maximum length is 128 characters.","description_kind":"plain","optional":true}},"description":"Subject details.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alternative_dns_names":{"nesting_mode":"list","block":{"attributes":{"subject_alternative_name":{"type":"string","description":"Subject Alternative Name","description_kind":"plain","optional":true}},"description":"List of alternative host names. Maximum length is 255 characters for each value.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_nat_address":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The Apigee instance associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/instances/{{instance_name}}'.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"The allocated NAT IP address.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource ID of the NAT address.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the NAT IP address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_organization":{"version":0,"block":{"attributes":{"analytics_region":{"type":"string","description":"Primary GCP region for analytics data storage. For valid values, see [Create an Apigee organization](https://cloud.google.com/apigee/docs/api-platform/get-started/create-org).","description_kind":"plain","optional":true},"api_consumer_data_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting API consumer data.","description_kind":"plain","optional":true},"api_consumer_data_location":{"type":"string","description":"This field is needed only for customers using non-default data residency regions.\nApigee stores some control plane data only in single region.\nThis field determines which single region Apigee should use.","description_kind":"plain","optional":true},"apigee_project_id":{"type":"string","description":"Output only. Project ID of the Apigee Tenant Project.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"Compute Engine network used for Service Networking to be peered with Apigee runtime instances.\nSee [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started).\nValid only when 'RuntimeType' is set to CLOUD. The value can be updated only when there are no runtime instances. For example: \"default\".","description_kind":"plain","optional":true},"billing_type":{"type":"string","description":"Billing type of the Apigee organization. See [Apigee pricing](https://cloud.google.com/apigee/pricing).","description_kind":"plain","optional":true,"computed":true},"ca_certificate":{"type":"string","description":"Output only. Base64-encoded public certificate for the root CA of the Apigee organization.\nValid only when 'RuntimeType' is CLOUD. A base64-encoded string.","description_kind":"plain","computed":true},"control_plane_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting control plane data that is stored in a multi region.\nOnly used for the data residency region \"US\" or \"EU\".","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the Apigee organization.","description_kind":"plain","optional":true},"disable_vpc_peering":{"type":"bool","description":"Flag that specifies whether the VPC Peering through Private Google Access should be\ndisabled between the consumer network and Apigee. Required if an 'authorizedNetwork'\non the consumer project is not provided, in which case the flag should be set to 'true'.\nValid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation\nof any Apigee runtime instance and can be updated only when there are no runtime instances.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Apigee organization.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Name of the Apigee organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID associated with the Apigee organization.","description_kind":"plain","required":true},"retention":{"type":"string","description":"Optional. This setting is applicable only for organizations that are soft-deleted (i.e., BillingType\nis not EVALUATION). It controls how long Organization data will be retained after the initial delete\noperation completes. During this period, the Organization may be restored to its last known state.\nAfter this period, the Organization will no longer be able to be restored. Default value: \"DELETION_RETENTION_UNSPECIFIED\" Possible values: [\"DELETION_RETENTION_UNSPECIFIED\", \"MINIMUM\"]","description_kind":"plain","optional":true},"runtime_database_encryption_key_name":{"type":"string","description":"Cloud KMS key name used for encrypting the data that is stored and replicated across runtime instances.\nUpdate is not allowed after the organization is created.\nIf not specified, a Google-Managed encryption key will be used.\nValid only when 'RuntimeType' is CLOUD. For example: 'projects/foo/locations/us/keyRings/bar/cryptoKeys/baz'.","description_kind":"plain","optional":true},"runtime_type":{"type":"string","description":"Runtime type of the Apigee organization based on the Apigee subscription purchased. Default value: \"CLOUD\" Possible values: [\"CLOUD\", \"HYBRID\"]","description_kind":"plain","optional":true},"subscription_type":{"type":"string","description":"Output only. Subscription type of the Apigee organization.\nValid values include trial (free, limited, and for evaluation purposes only) or paid (full subscription has been purchased).","description_kind":"plain","computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"block_types":{"property":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of the property.","description_kind":"plain","optional":true}},"description":"List of all properties in the object.","description_kind":"plain"}}},"description":"Properties defined in the Apigee organization profile.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow":{"version":0,"block":{"attributes":{"config_bundle":{"type":"string","description":"Path to the config zip bundle","description_kind":"plain","required":true},"detect_md5hash":{"type":"string","description":"A hash of local config bundle in string, user needs to use a Terraform Hash function of their choice. A change in hash will trigger an update.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_revision_id":{"type":"string","description":"The id of the most recently created revision for this shared flow.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded config bundle.","description_kind":"plain","computed":true},"meta_data":{"type":["list",["object",{"created_at":"string","last_modified_at":"string","sub_type":"string"}]],"description":"Metadata describing the shared flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the shared flow.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The Apigee Organization name associated with the Apigee instance.","description_kind":"plain","required":true},"revision":{"type":["list","string"],"description":"A list of revisions of this shared flow.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sharedflow_deployment":{"version":0,"block":{"attributes":{"environment":{"type":"string","description":"The resource ID of the environment.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The Apigee Organization associated with the Apigee instance","description_kind":"plain","required":true},"revision":{"type":"string","description":"Revision of the Sharedflow to be deployed.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account represents the identity of the deployed proxy, and determines what permissions it has. The format must be {ACCOUNT_ID}@{PROJECT}.iam.gserviceaccount.com.","description_kind":"plain","optional":true},"sharedflow_id":{"type":"string","description":"Id of the Sharedflow to be deployed.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_sync_authorization":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Entity tag (ETag) used for optimistic concurrency control as a way to help prevent simultaneous updates from overwriting each other.\nUsed internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identities":{"type":["list","string"],"description":"Array of service accounts to grant access to control plane resources, each specified using the following format: 'serviceAccount:service-account-name'.\n\nThe 'service-account-name' is formatted like an email address. For example: my-synchronizer-manager-serviceAccount@my_project_id.iam.gserviceaccount.com\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.\n\nThe service accounts must have **Apigee Synchronizer Manager** role. See also [Create service accounts](https://cloud.google.com/apigee/docs/hybrid/v1.8/sa-about#create-the-service-accounts).","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Apigee organization.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apigee_target_server":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of this TargetServer.","description_kind":"plain","optional":true},"env_id":{"type":"string","description":"The Apigee environment group associated with the Apigee environment,\nin the format 'organizations/{{org_name}}/environments/{{env_name}}'.","description_kind":"plain","required":true},"host":{"type":"string","description":"The host name this target connects to. Value must be a valid hostname as described by RFC-1123.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_enabled":{"type":"bool","description":"Enabling/disabling a TargetServer is useful when TargetServers are used in load balancing configurations, and one or more TargetServers need to taken out of rotation periodically. Defaults to true.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id of this reference. Values must match the regular expression [\\w\\s-.]+.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number this target connects to on the given host. Value must be between 1 and 65535, inclusive.","description_kind":"plain","required":true},"protocol":{"type":"string","description":"Immutable. The protocol used by this TargetServer. Possible values: [\"HTTP\", \"HTTP2\", \"GRPC_TARGET\", \"GRPC\", \"EXTERNAL_CALLOUT\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"s_sl_info":{"nesting_mode":"list","block":{"attributes":{"ciphers":{"type":["list","string"],"description":"The SSL/TLS cipher suites to be used. For programmable proxies, it must be one of the cipher suite names listed in: http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites. For configurable proxies, it must follow the configuration specified in: https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration. This setting has no effect for configurable proxies when negotiating TLS 1.3.","description_kind":"plain","optional":true},"client_auth_enabled":{"type":"bool","description":"Enables two-way TLS.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables TLS. If false, neither one-way nor two-way TLS will be enabled.","description_kind":"plain","required":true},"ignore_validation_errors":{"type":"bool","description":"If true, Edge ignores TLS certificate errors. Valid when configuring TLS for target servers and target endpoints, and when configuring virtual hosts that use 2-way TLS. When used with a target endpoint/target server, if the backend system uses SNI and returns a cert with a subject Distinguished Name (DN) that does not match the hostname, there is no way to ignore the error and the connection fails.","description_kind":"plain","optional":true},"key_alias":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID for the alias containing the private key and cert.","description_kind":"plain","optional":true},"key_store":{"type":"string","description":"Required if clientAuthEnabled is true. The resource ID of the keystore.","description_kind":"plain","optional":true},"protocols":{"type":["list","string"],"description":"The TLS versioins to be used.","description_kind":"plain","optional":true},"trust_store":{"type":"string","description":"The resource ID of the truststore.","description_kind":"plain","optional":true}},"block_types":{"common_name":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The TLS Common Name string of the certificate.","description_kind":"plain","optional":true},"wildcard_match":{"type":"bool","description":"Indicates whether the cert should be matched against as a wildcard cert.","description_kind":"plain","optional":true}},"description":"The TLS Common Name of the certificate.","description_kind":"plain"},"max_items":1}},"description":"Specifies TLS configuration info for this TargetServer. The JSON name is sSLInfo for legacy/backwards compatibility reasons -- Edge originally supported SSL, and the name is still used for TLS configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apikeys_key":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human-readable display name of this API key. Modifiable by user.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_string":{"type":"string","description":"Output only. An encrypted and signed value held by this key. This field can be accessed only through the `GetKeyString` method.","description_kind":"plain","computed":true,"sensitive":true},"name":{"type":"string","description":"The resource name of the key. The name must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. In another word, the name must match the regular expression: `[a-z]([a-z0-9-]{0,61}[a-z0-9])?`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"Output only. Unique id in UUID4 format.","description_kind":"plain","computed":true}},"block_types":{"restrictions":{"nesting_mode":"list","block":{"block_types":{"android_key_restrictions":{"nesting_mode":"list","block":{"block_types":{"allowed_applications":{"nesting_mode":"list","block":{"attributes":{"package_name":{"type":"string","description":"The package name of the application.","description_kind":"plain","required":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 fingerprint of the application. For example, both sha1 formats are acceptable : DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09 or DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Output format is the latter.","description_kind":"plain","required":true}},"description":"A list of Android applications that are allowed to make API calls with this key.","description_kind":"plain"},"min_items":1}},"description":"The Android apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"api_targets":{"nesting_mode":"list","block":{"attributes":{"methods":{"type":["list","string"],"description":"Optional. List of one or more methods that can be called. If empty, all methods for the service are allowed. A wildcard (*) can be used as the last symbol. Valid examples: `google.cloud.translate.v2.TranslateService.GetSupportedLanguage` `TranslateText` `Get*` `translate.googleapis.com.Get*`","description_kind":"plain","optional":true},"service":{"type":"string","description":"The service for this restriction. It should be the canonical service name, for example: `translate.googleapis.com`. You can use `gcloud services list` to get a list of services that are enabled in the project.","description_kind":"plain","required":true}},"description":"A restriction for a specific service and optionally one or more specific methods. Requests are allowed if they match any of these restrictions. If no restrictions are specified, all targets are allowed.","description_kind":"plain"}},"browser_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_referrers":{"type":["list","string"],"description":"A list of regular expressions for the referrer URLs that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The HTTP referrers (websites) that are allowed to use the key.","description_kind":"plain"},"max_items":1},"ios_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_bundle_ids":{"type":["list","string"],"description":"A list of bundle IDs that are allowed when making API calls with this key.","description_kind":"plain","required":true}},"description":"The iOS apps that are allowed to use the key.","description_kind":"plain"},"max_items":1},"server_key_restrictions":{"nesting_mode":"list","block":{"attributes":{"allowed_ips":{"type":["list","string"],"description":"A list of the caller IP addresses that are allowed to make API calls with this key.","description_kind":"plain","required":true}},"description":"The IP addresses of callers that are allowed to use the key.","description_kind":"plain"},"max_items":1}},"description":"Key restrictions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"Identifier of the app.","description_kind":"plain","computed":true},"auth_domain":{"type":"string","description":"The domain to authenticate users with when using App Engine's User API.","description_kind":"plain","optional":true,"computed":true},"code_bucket":{"type":"string","description":"The GCS bucket code is being stored in for this app.","description_kind":"plain","computed":true},"database_type":{"type":"string","description_kind":"plain","optional":true,"computed":true},"default_bucket":{"type":"string","description":"The GCS bucket content is being stored in for this app.","description_kind":"plain","computed":true},"default_hostname":{"type":"string","description":"The default hostname for this app.","description_kind":"plain","computed":true},"gcr_domain":{"type":"string","description":"The GCR domain used for storing managed Docker images for this app.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location_id":{"type":"string","description":"The location to serve the app from.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique name of the app.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID to create the application under.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"The serving status of the app.","description_kind":"plain","optional":true,"computed":true},"url_dispatch_rule":{"type":["list",["object",{"domain":"string","path":"string","service":"string"}]],"description":"A list of dispatch rule blocks. Each block has a domain, path, and service field.","description_kind":"plain","computed":true}},"block_types":{"feature_settings":{"nesting_mode":"list","block":{"attributes":{"split_health_checks":{"type":"bool","description_kind":"plain","required":true}},"description":"A block of optional settings to configure specific App Engine features:","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Adapted for use with the app","description_kind":"plain","optional":true},"oauth2_client_id":{"type":"string","description":"OAuth2 client ID to use for the authentication flow.","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 client secret to use for the authentication flow. The SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field.","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"Hex-encoded SHA-256 hash of the client secret.","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_application_url_dispatch_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dispatch_rules":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name to match against. The wildcard \"*\" is supported if specified before a period: \"*.\".\nDefaults to matching all domains: \"*\".","description_kind":"plain","optional":true},"path":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true},"service":{"type":"string","description":"Pathname within the host. Must start with a \"/\". A single \"*\" can be included at the end of the path.\nThe sum of the lengths of the domain and path may not exceed 100 characters.","description_kind":"plain","required":true}},"description":"Rules to match an HTTP request and dispatch that request to a service.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_domain_mapping":{"version":0,"block":{"attributes":{"domain_name":{"type":"string","description":"Relative name of the domain serving the application. Example: example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the DomainMapping resource in the API. Example: apps/myapp/domainMapping/example.com.","description_kind":"plain","computed":true},"override_strategy":{"type":"string","description":"Whether the domain creation should override any existing mappings for this domain.\nBy default, overrides are rejected. Default value: \"STRICT\" Possible values: [\"STRICT\", \"OVERRIDE\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_records":{"type":["list",["object",{"name":"string","rrdata":"string","type":"string"}]],"description":"The resource records required to configure this domain mapping. These records must be added to the domain's DNS\nconfiguration in order to serve the application via this domain mapping.","description_kind":"plain","computed":true}},"block_types":{"ssl_settings":{"nesting_mode":"list","block":{"attributes":{"certificate_id":{"type":"string","description":"ID of the AuthorizedCertificate resource configuring SSL for the application. Clearing this field will\nremove SSL support.\nBy default, a managed certificate is automatically created for every domain mapping. To omit SSL support\nor to configure SSL manually, specify 'SslManagementType.MANUAL' on a 'CREATE' or 'UPDATE' request. You must be\nauthorized to administer the 'AuthorizedCertificate' resource to manually map it to a DomainMapping resource.\nExample: 12345.","description_kind":"plain","optional":true,"computed":true},"pending_managed_certificate_id":{"type":"string","description":"ID of the managed 'AuthorizedCertificate' resource currently being provisioned, if applicable. Until the new\nmanaged certificate has been successfully provisioned, the previous SSL state will be preserved. Once the\nprovisioning process completes, the 'certificateId' field will reflect the new managed certificate and this\nfield will be left empty. To remove SSL support while there is still a pending managed certificate, clear the\n'certificateId' field with an update request.","description_kind":"plain","computed":true},"ssl_management_type":{"type":"string","description":"SSL management type for this domain. If 'AUTOMATIC', a managed certificate is automatically provisioned.\nIf 'MANUAL', 'certificateId' must be manually specified in order to configure SSL for this domain. Possible values: [\"AUTOMATIC\", \"MANUAL\"]","description_kind":"plain","required":true}},"description":"SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_firewall_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to take if this rule matches. Possible values: [\"UNSPECIFIED_ACTION\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional string description of this rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"A positive integer that defines the order of rule evaluation.\nRules with the lowest priority are evaluated first.\n\nA default rule at priority Int32.MaxValue matches all IPv4 and\nIPv6 traffic when no previous rule matches. Only the action of\nthis rule can be modified by the user.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_range":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_flexible_app_version":{"version":0,"block":{"attributes":{"beta_settings":{"type":["map","string"],"description":"Metadata settings that are supplied to this version to enable beta runtime features.","description_kind":"plain","optional":true},"default_expiration":{"type":"string","description":"Duration that static files should be cached by web proxies and browsers.\nOnly applicable if the corresponding StaticFilesHandler does not specify its own expiration time.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application. As these are not returned in the API request, Terraform will not detect any changes made outside of the Terraform config.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nManualScaling: B1, B2, B4, B8, B4_1G\nDefaults to F1 for AutomaticScaling and B1 for ManualScaling.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"nobuild_files_regex":{"type":"string","description":"Files that match this pattern will not be built into this version. Only applicable for Go runtimes.","description_kind":"plain","optional":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true,"computed":true},"runtime_channel":{"type":"string","description":"The channel of the runtime to use. Only available for some runtimes.","description_kind":"plain","optional":true},"runtime_main_executable_path":{"type":"string","description":"The path or name of the app's main executable.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource. Can contain numbers, letters, and hyphens.","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as\ndefault if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"serving_status":{"type":"string","description":"Current serving status of this version. Only the versions with a SERVING status create instances and can be billed. Default value: \"SERVING\" Possible values: [\"SERVING\", \"STOPPED\"]","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens.\nReserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"api_config":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Action to take when users access resources that require authentication. Default value: \"AUTH_FAIL_ACTION_REDIRECT\" Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Level of login required to access this resource. Default value: \"LOGIN_OPTIONAL\" Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"script":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL to serve the endpoint at.","description_kind":"plain","optional":true}},"description":"Serving configuration for Google Cloud Endpoints.","description_kind":"plain"},"max_items":1},"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"cool_down_period":{"type":"string","description":"The time period that the Autoscaler should wait before it starts collecting information from a new instance.\nThis prevents the autoscaler from collecting information when the instance is initializing,\nduring which the collected usage would not be reliable. Default: 120s","description_kind":"plain","optional":true},"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true,"computed":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"max_total_instances":{"type":"number","description":"Maximum number of instances that should be started to handle requests for this version. Default: 20","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.","description_kind":"plain","optional":true},"min_total_instances":{"type":"number","description":"Minimum number of running instances that should be maintained for this version. Default: 2","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"aggregation_window_length":{"type":"string","description":"Period of time over which CPU utilization is calculated.","description_kind":"plain","optional":true},"target_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Must be between 0 and 1.","description_kind":"plain","required":true}},"description":"Target scaling by CPU usage.","description_kind":"plain"},"min_items":1,"max_items":1},"disk_utilization":{"nesting_mode":"list","block":{"attributes":{"target_read_bytes_per_second":{"type":"number","description":"Target bytes read per second.","description_kind":"plain","optional":true},"target_read_ops_per_second":{"type":"number","description":"Target ops read per seconds.","description_kind":"plain","optional":true},"target_write_bytes_per_second":{"type":"number","description":"Target bytes written per second.","description_kind":"plain","optional":true},"target_write_ops_per_second":{"type":"number","description":"Target ops written per second.","description_kind":"plain","optional":true}},"description":"Target scaling by disk usage.","description_kind":"plain"},"max_items":1},"network_utilization":{"nesting_mode":"list","block":{"attributes":{"target_received_bytes_per_second":{"type":"number","description":"Target bytes received per second.","description_kind":"plain","optional":true},"target_received_packets_per_second":{"type":"number","description":"Target packets received per second.","description_kind":"plain","optional":true},"target_sent_bytes_per_second":{"type":"number","description":"Target bytes sent per second.","description_kind":"plain","optional":true},"target_sent_packets_per_second":{"type":"number","description":"Target packets sent per second.","description_kind":"plain","optional":true}},"description":"Target scaling by network usage.","description_kind":"plain"},"max_items":1},"request_utilization":{"nesting_mode":"list","block":{"attributes":{"target_concurrent_requests":{"type":"number","description":"Target number of concurrent requests.","description_kind":"plain","optional":true},"target_request_count_per_second":{"type":"string","description":"Target requests per second.","description_kind":"plain","optional":true}},"description":"Target scaling by request utilization.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"cloud_build_options":{"nesting_mode":"list","block":{"attributes":{"app_yaml_path":{"type":"string","description":"Path to the yaml file used in deployment, used to determine runtime configuration details.","description_kind":"plain","required":true},"cloud_build_timeout":{"type":"string","description":"The Cloud Build timeout used as part of any dependent builds performed by version creation. Defaults to 10 minutes.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Options for the build operations performed as a part of the version deployment. Only applicable when creating a version using source code directly.","description_kind":"plain"},"max_items":1},"container":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"URI to the hosted container image in Google Container Registry. The URI must be fully qualified and include a tag or digest.\nExamples: \"gcr.io/my-project/image:tag\" or \"gcr.io/my-project/image@digest\"","description_kind":"plain","required":true}},"description":"The Docker image for the container that runs the version.","description_kind":"plain"},"max_items":1},"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"endpoints_api_service":{"nesting_mode":"list","block":{"attributes":{"config_id":{"type":"string","description":"Endpoints service configuration ID as specified by the Service Management API. For example \"2016-09-19r1\".\n\nBy default, the rollout strategy for Endpoints is \"FIXED\". This means that Endpoints starts up with a particular configuration ID.\nWhen a new configuration is rolled out, Endpoints must be given the new configuration ID. The configId field is used to give the configuration ID\nand is required in this case.\n\nEndpoints also has a rollout strategy called \"MANAGED\". When using this, Endpoints fetches the latest configuration and does not need\nthe configuration ID. In this case, configId must be omitted.","description_kind":"plain","optional":true},"disable_trace_sampling":{"type":"bool","description":"Enable or disable trace sampling. By default, this is set to false for enabled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Endpoints service name which is the name of the \"service\" resource in the Service Management API.\nFor example \"myapi.endpoints.myproject.cloud.goog\"","description_kind":"plain","required":true},"rollout_strategy":{"type":"string","description":"Endpoints rollout strategy. If FIXED, configId must be specified. If MANAGED, configId must be omitted. Default value: \"FIXED\" Possible values: [\"FIXED\", \"MANAGED\"]","description_kind":"plain","optional":true}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are\nuploaded as static data and are only served to end users; they cannot be read by the application. If enabled,\nuploads are charged against both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".\nDefault is '0s'","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory.\nThe path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files.\nStatic file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"liveness_check":{"nesting_mode":"list","block":{"attributes":{"check_interval":{"type":"string","description":"Interval between health checks.","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before considering the VM unhealthy. Default: 4.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"initial_delay":{"type":"string","description":"The initial delay before starting to execute the checks. Default: \"300s\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before considering the VM healthy. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Health checking configuration for VM instances. Unhealthy instances are killed and replaced with new instances.","description_kind":"plain"},"min_items":1,"max_items":1},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"forwarded_ports":{"type":["list","string"],"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain","optional":true},"instance_tag":{"type":"string","description":"Tag to apply to the instance during creation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Google Compute Engine network where the virtual machines are created. Specify the short name, not the resource path.","description_kind":"plain","required":true},"session_affinity":{"type":"bool","description":"Enable session affinity.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Google Cloud Platform sub-network where the virtual machines are created. Specify the short name, not the resource path.\n\nIf the network that the instance is being created in is a Legacy network, then the IP address is allocated from the IPv4Range.\nIf the network that the instance is being created in is an auto Subnet Mode Network, then only network name should be specified (not the subnetworkName) and the IP address is created from the IPCidrRange of the subnetwork that exists in that zone for that network.\nIf the network that the instance is being created in is a custom Subnet Mode Network, then the subnetworkName must be specified and the IP address is created from the IPCidrRange of the subnetwork.\nIf specified, the subnetwork must exist in the same region as the App Engine flexible environment application.","description_kind":"plain","optional":true}},"description":"Extra network settings","description_kind":"plain"},"max_items":1},"readiness_check":{"nesting_mode":"list","block":{"attributes":{"app_start_timeout":{"type":"string","description":"A maximum time limit on application initialization, measured from moment the application successfully\nreplies to a healthcheck until it is ready to serve traffic. Default: \"300s\"","description_kind":"plain","optional":true},"check_interval":{"type":"string","description":"Interval between health checks. Default: \"5s\".","description_kind":"plain","optional":true},"failure_threshold":{"type":"number","description":"Number of consecutive failed checks required before removing traffic. Default: 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host header to send when performing a HTTP Readiness check. Example: \"myapp.appspot.com\"","description_kind":"plain","optional":true},"path":{"type":"string","description":"The request path.","description_kind":"plain","required":true},"success_threshold":{"type":"number","description":"Number of consecutive successful checks required before receiving traffic. Default: 2.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time before the check is considered failed. Default: \"4s\"","description_kind":"plain","optional":true}},"description":"Configures readiness health checking for instances. Unhealthy instances are not put into the backend traffic rotation.","description_kind":"plain"},"min_items":1,"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"Number of CPU cores needed.","description_kind":"plain","optional":true},"disk_gb":{"type":"number","description":"Disk size (GB) needed.","description_kind":"plain","optional":true},"memory_gb":{"type":"number","description":"Memory (GB) needed.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Unique name for the volume.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Volume size in gigabytes.","description_kind":"plain","required":true},"volume_type":{"type":"string","description":"Underlying volume type, e.g. 'tmpfs'.","description_kind":"plain","required":true}},"description":"List of ports, or port pairs, to forward from the virtual machine to the application container.","description_kind":"plain"}}},"description":"Machine resources for a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_app_engine_service_network_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"network_settings":{"nesting_mode":"list","block":{"attributes":{"ingress_traffic_allowed":{"type":"string","description":"The ingress settings for version or service. Default value: \"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\" Possible values: [\"INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED\", \"INGRESS_TRAFFIC_ALLOWED_ALL\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB\"]","description_kind":"plain","optional":true}},"description":"Ingress settings for this service. Will apply to all versions.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_service_split_traffic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"migrate_traffic":{"type":"bool","description":"If set to true traffic will be migrated to this version.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service these settings apply to.","description_kind":"plain","required":true}},"block_types":{"split":{"nesting_mode":"list","block":{"attributes":{"allocations":{"type":["map","string"],"description":"Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.","description_kind":"plain","required":true},"shard_by":{"type":"string","description":"Mechanism used to determine which version a request is sent to. The traffic selection algorithm will be stable for either type until allocations are changed. Possible values: [\"UNSPECIFIED\", \"COOKIE\", \"IP\", \"RANDOM\"]","description_kind":"plain","optional":true}},"description":"Mapping that defines fractional HTTP traffic diversion to different versions within the service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_app_engine_standard_app_version":{"version":0,"block":{"attributes":{"app_engine_apis":{"type":"bool","description":"Allows App Engine second generation runtimes to access the legacy bundled services.","description_kind":"plain","optional":true},"delete_service_on_destroy":{"type":"bool","description":"If set to 'true', the service will be deleted if it is the last version.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Environment variables available to the application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inbound_services":{"type":["set","string"],"description":"A list of the types of messages that this application is able to receive. Possible values: [\"INBOUND_SERVICE_MAIL\", \"INBOUND_SERVICE_MAIL_BOUNCE\", \"INBOUND_SERVICE_XMPP_ERROR\", \"INBOUND_SERVICE_XMPP_MESSAGE\", \"INBOUND_SERVICE_XMPP_SUBSCRIBE\", \"INBOUND_SERVICE_XMPP_PRESENCE\", \"INBOUND_SERVICE_CHANNEL_PRESENCE\", \"INBOUND_SERVICE_WARMUP\"]","description_kind":"plain","optional":true},"instance_class":{"type":"string","description":"Instance class that is used to run this version. Valid values are\nAutomaticScaling: F1, F2, F4, F4_1G\nBasicScaling or ManualScaling: B1, B2, B4, B4_1G, B8\nDefaults to F1 for AutomaticScaling and B2 for ManualScaling and BasicScaling. If no scaling is specified, AutomaticScaling is chosen.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full path to the Version resource in the API. Example, \"v1\".","description_kind":"plain","computed":true},"noop_on_destroy":{"type":"bool","description":"If set to 'true', the application version will not be deleted.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"Desired runtime. Example python27.","description_kind":"plain","required":true},"runtime_api_version":{"type":"string","description":"The version of the API in the given runtime environment.\nPlease see the app.yaml reference for valid values at 'https://cloud.google.com/appengine/docs/standard/\u003clanguage\u003e/config/appref'\\\nSubstitute '\u003clanguage\u003e' with 'python', 'java', 'php', 'ruby', 'go' or 'nodejs'.","description_kind":"plain","optional":true},"service":{"type":"string","description":"AppEngine service resource","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The identity that the deployed version will run as. Admin API will use the App Engine Appspot service account as default if this field is neither provided in app.yaml file nor through CLI flag.","description_kind":"plain","optional":true,"computed":true},"threadsafe":{"type":"bool","description":"Whether multiple requests can be dispatched to this version at once.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"Relative name of the version within the service. For example, 'v1'. Version names can contain only lowercase letters, numbers, or hyphens. Reserved names,\"default\", \"latest\", and any name with the prefix \"ah-\".","description_kind":"plain","optional":true}},"block_types":{"automatic_scaling":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_requests":{"type":"number","description":"Number of concurrent requests an automatic scaling instance can accept before the scheduler spawns a new instance.\n\nDefaults to a runtime-specific value.","description_kind":"plain","optional":true},"max_idle_instances":{"type":"number","description":"Maximum number of idle instances that should be maintained for this version.","description_kind":"plain","optional":true},"max_pending_latency":{"type":"string","description":"Maximum amount of time that a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_idle_instances":{"type":"number","description":"Minimum number of idle instances that should be maintained for this version. Only applicable for the default version of a service.","description_kind":"plain","optional":true},"min_pending_latency":{"type":"string","description":"Minimum amount of time a request should wait in the pending queue before starting a new instance to handle it.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"standard_scheduler_settings":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances to run for this version. Set to zero to disable maxInstances configuration.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances to run for this version. Set to zero to disable minInstances configuration.","description_kind":"plain","optional":true},"target_cpu_utilization":{"type":"number","description":"Target CPU utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true},"target_throughput_utilization":{"type":"number","description":"Target throughput utilization ratio to maintain when scaling. Should be a value in the range [0.50, 0.95], zero, or a negative value.","description_kind":"plain","optional":true}},"description":"Scheduler settings for standard environment.","description_kind":"plain"},"max_items":1}},"description":"Automatic scaling is based on request rate, response latencies, and other application metrics.","description_kind":"plain"},"max_items":1},"basic_scaling":{"nesting_mode":"list","block":{"attributes":{"idle_timeout":{"type":"string","description":"Duration of time after the last request that an instance must wait before the instance is shut down.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum number of instances to create for this version. Must be in the range [1.0, 200.0].","description_kind":"plain","required":true}},"description":"Basic scaling creates instances when your application receives requests. Each instance will be shut down when the application becomes idle. Basic scaling is ideal for work that is intermittent or driven by user activity.","description_kind":"plain"},"max_items":1},"deployment":{"nesting_mode":"list","block":{"block_types":{"files":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description_kind":"plain","required":true},"sha1_sum":{"type":"string","description":"SHA1 checksum of the file","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Manifest of the files stored in Google Cloud Storage that are included as part of this version.\nAll files must be readable using the credentials supplied with this call.","description_kind":"plain"}},"zip":{"nesting_mode":"list","block":{"attributes":{"files_count":{"type":"number","description":"files count","description_kind":"plain","optional":true},"source_url":{"type":"string","description":"Source URL","description_kind":"plain","required":true}},"description":"Zip File","description_kind":"plain"},"max_items":1}},"description":"Code and application artifacts that make up this version.","description_kind":"plain"},"min_items":1,"max_items":1},"entrypoint":{"nesting_mode":"list","block":{"attributes":{"shell":{"type":"string","description":"The format should be a shell command that can be fed to bash -c.","description_kind":"plain","required":true}},"description":"The entrypoint for the application.","description_kind":"plain"},"min_items":1,"max_items":1},"handlers":{"nesting_mode":"list","block":{"attributes":{"auth_fail_action":{"type":"string","description":"Actions to take when the user is not logged in. Possible values: [\"AUTH_FAIL_ACTION_REDIRECT\", \"AUTH_FAIL_ACTION_UNAUTHORIZED\"]","description_kind":"plain","optional":true},"login":{"type":"string","description":"Methods to restrict access to a URL based on login status. Possible values: [\"LOGIN_OPTIONAL\", \"LOGIN_ADMIN\", \"LOGIN_REQUIRED\"]","description_kind":"plain","optional":true},"redirect_http_response_code":{"type":"string","description":"30x code to use when performing redirects for the secure field. Possible values: [\"REDIRECT_HTTP_RESPONSE_CODE_301\", \"REDIRECT_HTTP_RESPONSE_CODE_302\", \"REDIRECT_HTTP_RESPONSE_CODE_303\", \"REDIRECT_HTTP_RESPONSE_CODE_307\"]","description_kind":"plain","optional":true},"security_level":{"type":"string","description":"Security (HTTPS) enforcement for this URL. Possible values: [\"SECURE_DEFAULT\", \"SECURE_NEVER\", \"SECURE_OPTIONAL\", \"SECURE_ALWAYS\"]","description_kind":"plain","optional":true},"url_regex":{"type":"string","description":"URL prefix. Uses regular expression syntax, which means regexp special characters must be escaped, but should not contain groupings.\nAll URLs that begin with this prefix are handled by this handler, using the portion of the URL after the prefix as part of the file path.","description_kind":"plain","optional":true}},"block_types":{"script":{"nesting_mode":"list","block":{"attributes":{"script_path":{"type":"string","description":"Path to the script from the application root directory.","description_kind":"plain","required":true}},"description":"Executes a script to handle the requests that match this URL pattern.\nOnly the auto value is supported for Node.js in the App Engine standard environment, for example \"script:\" \"auto\".","description_kind":"plain"},"max_items":1},"static_files":{"nesting_mode":"list","block":{"attributes":{"application_readable":{"type":"bool","description":"Whether files should also be uploaded as code data. By default, files declared in static file handlers are uploaded as\nstatic data and are only served to end users; they cannot be read by the application. If enabled, uploads are charged\nagainst both your code and static data storage resource quotas.","description_kind":"plain","optional":true},"expiration":{"type":"string","description":"Time a static file served by this handler should be cached by web proxies and browsers.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"3.5s\".","description_kind":"plain","optional":true},"http_headers":{"type":["map","string"],"description":"HTTP headers to use for all responses from these URLs.\nAn object containing a list of \"key:value\" value pairs.\".","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"MIME type used to serve all files served by this handler.\nDefaults to file-specific MIME types, which are derived from each file's filename extension.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to the static files matched by the URL pattern, from the application root directory. The path can refer to text matched in groupings in the URL pattern.","description_kind":"plain","optional":true},"require_matching_file":{"type":"bool","description":"Whether this handler should match the request if the file referenced by the handler does not exist.","description_kind":"plain","optional":true},"upload_path_regex":{"type":"string","description":"Regular expression that matches the file paths for all files that should be referenced by this handler.","description_kind":"plain","optional":true}},"description":"Files served directly to the user for a given URL, such as images, CSS stylesheets, or JavaScript source files. Static file handlers describe which files in the application directory are static files, and which URLs serve them.","description_kind":"plain"},"max_items":1}},"description":"An ordered list of URL-matching patterns that should be applied to incoming requests.\nThe first matching URL handles the request and other request handlers are not attempted.","description_kind":"plain"}},"libraries":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the library. Example \"django\".","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of the library to select, or \"latest\".","description_kind":"plain","optional":true}},"description":"Configuration for third-party Python runtime libraries that are required by the application.","description_kind":"plain"}},"manual_scaling":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":"number","description":"Number of instances to assign to the service at the start.\n\n**Note:** When managing the number of instances at runtime through the App Engine Admin API or the (now deprecated) Python 2\nModules API set_num_instances() you must use 'lifecycle.ignore_changes = [\"manual_scaling\"[0].instances]' to prevent drift detection.","description_kind":"plain","required":true}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_access_connector":{"nesting_mode":"list","block":{"attributes":{"egress_setting":{"type":"string","description":"The egress setting for the connector, controlling what traffic is diverted through it.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Full Serverless VPC Access Connector name e.g. /projects/my-project/locations/us-central1/connectors/c1.","description_kind":"plain","required":true}},"description":"Enables VPC connectivity for standard apps.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Optional. Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Optional. Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"scope":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Required. Scope Type. \n Possible values:\nREGIONAL Possible values: [\"REGIONAL\"]","description_kind":"plain","required":true}},"description":"Scope of an application.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Service.","description_kind":"plain","optional":true},"discovered_service":{"type":"string","description":"Immutable. The resource name of the original discovered service.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of a Service. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}/services/{service-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The Service identifier.","description_kind":"plain","required":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying cloud resource that can comprise a Service.","description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference to an underlying networking resource that can comprise a Service.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Service state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Service' in the UUID4\nformat.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Required. Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_service_project_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"\"Identifier. The resource name of a ServiceProjectAttachment. Format:\\\"projects/{host-project-id}/locations/global/serviceProjectAttachments/{service-project-id}.\\\" \"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"\"Immutable. Service project name in the format: \\\"projects/abc\\\"\nor \\\"projects/123\\\". As input, project name with either project id or number\nare accepted. As output, this field will contain project number. \"","description_kind":"plain","optional":true},"service_project_attachment_id":{"type":"string","description":"Required. The service project attachment identifier must contain the project_id of the service project specified in the service_project_attachment.service_project field. Hint: \"projects/{project_id}\"","description_kind":"plain","required":true},"state":{"type":"string","description":"ServiceProjectAttachment state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier (in UUID4 format) for the 'ServiceProjectAttachment'.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_apphub_workload":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-defined description of a Workload.","description_kind":"plain","optional":true},"discovered_workload":{"type":"string","description":"Immutable. The resource name of the original discovered workload.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User-defined name for the Workload.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. Full resource name of a parent Application. Example: projects/{HOST_PROJECT_ID}/locations/{LOCATION}/applications/{APPLICATION_ID}","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of the Workload. Format:\"projects/{host-project-id}/locations/{location}/applications/{application-id}/workloads/{workload-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Workload state. Possible values: STATE_UNSPECIFIED CREATING ACTIVE DELETING DETACHED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (UUID) for the 'Workload' in the UUID4 format.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true},"workload_id":{"type":"string","description":"The Workload identifier.","description_kind":"plain","required":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description":"Properties of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description":"Reference of an underlying compute resource represented by the Workload.","description_kind":"plain","computed":true}},"block_types":{"attributes":{"nesting_mode":"list","block":{"block_types":{"business_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Business team that ensures user needs are met and value is delivered","description_kind":"plain"}},"criticality":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Criticality type. Possible values: [\"MISSION_CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"description":"Criticality of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"developer_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Developer team that owns development and coding.","description_kind":"plain"}},"environment":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Environment type. Possible values: [\"PRODUCTION\", \"STAGING\", \"TEST\", \"DEVELOPMENT\"]","description_kind":"plain","required":true}},"description":"Environment of the Application, Service, or Workload","description_kind":"plain"},"max_items":1},"operator_owners":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"Contact's name.","description_kind":"plain","optional":true},"email":{"type":"string","description":"Email address of the contacts.","description_kind":"plain","required":true}},"description":"Operator team that ensures runtime and operations.","description_kind":"plain"}}},"description":"Consumer provided attributes.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"cleanup_policies":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Policy action. Possible values: [\"DELETE\", \"KEEP\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"newer_than":{"type":"string","description":"Match versions newer than a duration.","description_kind":"plain","optional":true},"older_than":{"type":"string","description":"Match versions older than a duration.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_prefixes":{"type":["list","string"],"description":"Match versions by tag prefix. Applied on any prefix match.","description_kind":"plain","optional":true},"tag_state":{"type":"string","description":"Match versions by tag status. Default value: \"ANY\" Possible values: [\"TAGGED\", \"UNTAGGED\", \"ANY\"]","description_kind":"plain","optional":true},"version_name_prefixes":{"type":["list","string"],"description":"Match versions by version name prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for matching versions.","description_kind":"plain"},"max_items":1},"most_recent_versions":{"nesting_mode":"list","block":{"attributes":{"keep_count":{"type":"number","description":"Minimum number of versions to keep.","description_kind":"plain","optional":true},"package_name_prefixes":{"type":["list","string"],"description":"Match versions by package prefix. Applied on any prefix match.","description_kind":"plain","optional":true}},"description":"Policy condition for retaining a minimum number of versions. May only be\nspecified with a Keep action.","description_kind":"plain"},"max_items":1}},"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain"}},"docker_config":{"nesting_mode":"list","block":{"attributes":{"immutable_tags":{"type":"bool","description":"The repository which enabled this flag prevents all tags from being modified, moved or deleted. This does not prevent tags from being created.","description_kind":"plain","optional":true}},"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain"},"max_items":1},"maven_config":{"nesting_mode":"list","block":{"attributes":{"allow_snapshot_overwrites":{"type":"bool","description":"The repository with this flag will allow publishing the same\nsnapshot versions.","description_kind":"plain","optional":true},"version_policy":{"type":"string","description":"Version policy defines the versions that the registry will accept. Default value: \"VERSION_POLICY_UNSPECIFIED\" Possible values: [\"VERSION_POLICY_UNSPECIFIED\", \"RELEASE\", \"SNAPSHOT\"]","description_kind":"plain","optional":true}},"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain"},"max_items":1},"remote_repository_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the remote source.","description_kind":"plain","optional":true},"disable_upstream_validation":{"type":"bool","description":"If true, the remote repository upstream and upstream credentials will\nnot be validated.","description_kind":"plain","optional":true}},"block_types":{"apt_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Apt, e.g. '\"debian/dists/buster\"' Possible values: [\"DEBIAN\", \"UBUNTU\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base.","description_kind":"plain","required":true}},"description":"One of the publicly available Apt repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Apt remote repository.","description_kind":"plain"},"max_items":1},"docker_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"DOCKER_HUB\" Possible values: [\"DOCKER_HUB\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry-1.docker.io\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Docker remote repository.","description_kind":"plain"},"max_items":1},"maven_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"MAVEN_CENTRAL\" Possible values: [\"MAVEN_CENTRAL\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://repo.maven.apache.org/maven2\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Maven remote repository.","description_kind":"plain"},"max_items":1},"npm_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"NPMJS\" Possible values: [\"NPMJS\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://registry.npmjs.org\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Npm remote repository.","description_kind":"plain"},"max_items":1},"python_repository":{"nesting_mode":"list","block":{"attributes":{"public_repository":{"type":"string","description":"Address of the remote repository. Default value: \"PYPI\" Possible values: [\"PYPI\"]","description_kind":"plain","optional":true}},"block_types":{"custom_repository":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Specific uri to the registry, e.g. '\"https://pypi.io\"'","description_kind":"plain","optional":true}},"description":"Settings for a remote repository with a custom uri.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for a Python remote repository.","description_kind":"plain"},"max_items":1},"upstream_credentials":{"nesting_mode":"list","block":{"block_types":{"username_password_credentials":{"nesting_mode":"list","block":{"attributes":{"password_secret_version":{"type":"string","description":"The Secret Manager key version that holds the password to access the\nremote repository. Must be in the format of\n'projects/{project}/secrets/{secret}/versions/{version}'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The username to access the remote repository.","description_kind":"plain","optional":true}},"description":"Use username and password to access the remote repository.","description_kind":"plain"},"max_items":1}},"description":"The credentials used to access the remote repository.","description_kind":"plain"},"max_items":1},"yum_repository":{"nesting_mode":"list","block":{"block_types":{"public_repository":{"nesting_mode":"list","block":{"attributes":{"repository_base":{"type":"string","description":"A common public repository base for Yum. Possible values: [\"CENTOS\", \"CENTOS_DEBUG\", \"CENTOS_VAULT\", \"CENTOS_STREAM\", \"ROCKY\", \"EPEL\"]","description_kind":"plain","required":true},"repository_path":{"type":"string","description":"Specific repository from the base, e.g. '\"centos/8-stream/BaseOS/x86_64/os\"'","description_kind":"plain","required":true}},"description":"One of the publicly available Yum repositories supported by Artifact Registry.","description_kind":"plain"},"max_items":1}},"description":"Specific settings for an Yum remote repository.","description_kind":"plain"},"max_items":1}},"description":"Configuration specific for a Remote Repository.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_repository_config":{"nesting_mode":"list","block":{"block_types":{"upstream_policies":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The user-provided ID of the upstream policy.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"Entries with a greater priority value take precedence in the pull order.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"A reference to the repository resource, for example:\n\"projects/p1/locations/us-central1/repository/repo1\".","description_kind":"plain","optional":true}},"description":"Policies that configure the upstream artifacts distributed by the Virtual\nRepository. Upstream policies cannot be set on a standard repository.","description_kind":"plain"}}},"description":"Configuration specific for a Virtual Repository.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_assured_workloads_workload":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"Optional. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, `billingAccounts/012345-567890-ABCDEF`.","description_kind":"plain","optional":true},"compliance_regime":{"type":"string","description":"Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS, HIPAA, HITRUST, EU_REGIONS_AND_SUPPORT, CA_REGIONS_AND_SUPPORT, ITAR, AU_REGIONS_AND_US_SUPPORT, ASSURED_WORKLOADS_FOR_PARTNERS, ISR_REGIONS, ISR_REGIONS_AND_SUPPORT, CA_PROTECTED_B, IL5, IL2, JP_REGIONS_AND_SUPPORT","description_kind":"plain","required":true},"compliance_status":{"type":["list",["object",{"acknowledged_violation_count":["list","number"],"active_violation_count":["list","number"]}]],"description":"Output only. Count of active Violations in the Workload.","description_kind":"plain","computed":true},"compliant_but_disallowed_services":{"type":["list","string"],"description":"Output only. Urls for services which are compliant for this Assured Workload, but which are currently disallowed by the ResourceUsageRestriction org policy. Invoke workloads.restrictAllowedResources endpoint to allow your project developers to use these services in their environment.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Immutable. The Workload creation timestamp.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"ekm_provisioning_response":{"type":["list",["object",{"ekm_provisioning_error_domain":"string","ekm_provisioning_error_mapping":"string","ekm_provisioning_state":"string"}]],"description":"Optional. Represents the Ekm Provisioning State of the given workload.","description_kind":"plain","computed":true},"enable_sovereign_controls":{"type":"bool","description":"Optional. Indicates the sovereignty status of the given workload. Currently meant to be used by Europe/Canada customers.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kaj_enrollment_state":{"type":"string","description":"Output only. Represents the KAJ enrollment state of the given workload. Possible values: KAJ_ENROLLMENT_STATE_UNSPECIFIED, KAJ_ENROLLMENT_STATE_PENDING, KAJ_ENROLLMENT_STATE_COMPLETE","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels applied to the workload.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workload.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for the resource","description_kind":"plain","required":true},"partner":{"type":"string","description":"Optional. Partner regime associated with this workload. Possible values: PARTNER_UNSPECIFIED, LOCAL_CONTROLS_BY_S3NS, SOVEREIGN_CONTROLS_BY_T_SYSTEMS, SOVEREIGN_CONTROLS_BY_SIA_MINSAIT, SOVEREIGN_CONTROLS_BY_PSN","description_kind":"plain","optional":true},"provisioned_resources_parent":{"type":"string","description":"Input only. The parent resource for the resources managed by this Assured Workload. May be either empty or a folder resource which is a child of the Workload parent. If not specified all resources are created under the parent organization. Format: folders/{folder_id}","description_kind":"plain","optional":true},"resources":{"type":["list",["object",{"resource_id":"number","resource_type":"string"}]],"description":"Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.","description_kind":"plain","computed":true},"saa_enrollment_response":{"type":["list",["object",{"setup_errors":["list","string"],"setup_status":"string"}]],"description":"Output only. Represents the SAA enrollment response of the given workload. SAA enrollment response is queried during workloads.get call. In failure cases, user friendly error message is shown in SAA details page.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"violation_notifications_enabled":{"type":"bool","description":"Optional. Indicates whether the e-mail notification for a violation is enabled for a workload. This value will be by default True, and if not present will be considered as true. This should only be updated via updateWorkload call. Any Changes to this field during the createWorkload call will not be honored. This will always be true while creating the workload.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"kms_settings":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.","description_kind":"plain","required":true},"rotation_period":{"type":"string","description":"Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.","description_kind":"plain","required":true}},"description":"**DEPRECATED** Input only. Settings used to create a CMEK crypto key. When set, a project with a KMS CMEK key is provisioned. This field is deprecated as of Feb 28, 2022. In order to create a Keyring, callers should specify, ENCRYPTION_KEYS_PROJECT or KEYRING in ResourceSettings.resource_type field.","description_kind":"plain"},"max_items":1},"partner_permissions":{"nesting_mode":"list","block":{"attributes":{"assured_workloads_monitoring":{"type":"bool","description":"Optional. Allow partner to view violation alerts.","description_kind":"plain","optional":true},"data_logs_viewer":{"type":"bool","description":"Allow the partner to view inspectability logs and monitoring violations.","description_kind":"plain","optional":true},"service_access_approver":{"type":"bool","description":"Optional. Allow partner to view access approval logs.","description_kind":"plain","optional":true}},"description":"Optional. Permissions granted to the AW Partner SA account for the customer workload","description_kind":"plain"},"max_items":1},"resource_settings":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"User-assigned resource display name. If not empty it will be used to create a resource with the specified name.","description_kind":"plain","optional":true},"resource_id":{"type":"string","description":"Resource identifier. For a project this represents projectId. If the project is already taken, the workload creation will fail. For KeyRing, this represents the keyring_id. For a folder, don't set this value as folder_id is assigned by Google.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER","description_kind":"plain","optional":true}},"description":"Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","optional":true}},"block_types":{"application_endpoint":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Hostname or IP address of the remote application endpoint.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port of the remote application endpoint.","description_kind":"plain","required":true}},"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain"},"min_items":1,"max_items":1},"gateway":{"nesting_mode":"list","block":{"attributes":{"app_gateway":{"type":"string","description":"AppGateway name in following format: projects/{project_id}/locations/{locationId}/appgateways/{gateway_id}.","description_kind":"plain","required":true},"ingress_port":{"type":"number","description":"Ingress port reserved on the gateways for this AppConnection, if not specified or zero, the default port is 19443.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of hosting used by the gateway. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#Type_1\nfor a list of possible values.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description":"Gateway used by the AppConnection.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"principal_info":{"nesting_mode":"list","block":{"block_types":{"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Email address of the service account.","description_kind":"plain","required":true}},"description":"ServiceAccount represents a GCP service account.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_catalog":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the catalog. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the catalog. Only set after the catalog\nis deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this catalog is considered expired. Only set\nafter the catalog is deleted. Only set after the catalog is deleted.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the Catalog should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the Catalog. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last modification time of the catalog. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_database":{"version":0,"block":{"attributes":{"catalog":{"type":"string","description":"The parent catalog.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation time of the database. A timestamp in RFC3339\nUTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the database. Only set after the\ndatabase is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this database is considered expired. Only set\nafter the database is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the database.","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The last modification time of the database. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"location_uri":{"type":"string","description":"Cloud Storage folder URI where the database data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Stores user supplied Hive database parameters. An object containing a\nlist of\"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true}},"description":"Options of a Hive database.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_biglake_table":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation time of the table. A timestamp in RFC3339 UTC\n\"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"database":{"type":"string","description":"The id of the parent database.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"Output only. The deletion time of the table. Only set after the\ntable is deleted. A timestamp in RFC3339 UTC \"Zulu\" format, with\nnanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The checksum of a table object computed by the server based on the value\nof other fields. It may be sent on update requests to ensure the client\nhas an up-to-date value before proceeding. It is only checked for update\ntable operations.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. The time when this table is considered expired. Only set\nafter the table is deleted. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples:\n\"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The name of the Table. Format:\nprojects/{project_id_or_number}/locations/{locationId}/catalogs/{catalogId}/databases/{databaseId}/tables/{tableId}","description_kind":"plain","required":true},"type":{"type":"string","description":"The database type. Possible values: [\"HIVE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last modification time of the table. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and\n\"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"hive_options":{"nesting_mode":"list","block":{"attributes":{"parameters":{"type":["map","string"],"description":"Stores user supplied Hive table parameters. An object containing a\nlist of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"table_type":{"type":"string","description":"Hive table type. For example, MANAGED_TABLE, EXTERNAL_TABLE.","description_kind":"plain","optional":true}},"block_types":{"storage_descriptor":{"nesting_mode":"list","block":{"attributes":{"input_format":{"type":"string","description":"The fully qualified Java class name of the input format.","description_kind":"plain","optional":true},"location_uri":{"type":"string","description":"Cloud Storage folder URI where the table data is stored, starting with \"gs://\".","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The fully qualified Java class name of the output format.","description_kind":"plain","optional":true}},"description":"Stores physical storage information on the data.","description_kind":"plain"},"max_items":1}},"description":"Options of a Hive table.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the data exchange.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the data exchange. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), and must not start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the data exchange.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the data exchange.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_count":{"type":"number","description":"Number of listings contained in the data exchange.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this data exchange.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the data exchange, for example:\n\"projects/myproject/locations/US/dataExchanges/123\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the data exchange.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing":{"version":0,"block":{"attributes":{"categories":{"type":["list","string"],"description":"Categories of the listing. Up to two categories are allowed.","description_kind":"plain","optional":true},"data_exchange_id":{"type":"string","description":"The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"description":{"type":"string","description":"Short description of the listing. The description must not contain Unicode non-characters and C0 and C1 control codes except tabs (HT), new lines (LF), carriage returns (CR), and page breaks (FF).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human-readable display name of the listing. The display name must contain only Unicode letters, numbers (0-9), underscores (_), dashes (-), spaces ( ), ampersands (\u0026) and can't start or end with spaces.","description_kind":"plain","required":true},"documentation":{"type":"string","description":"Documentation describing the listing.","description_kind":"plain","optional":true},"icon":{"type":"string","description":"Base64 encoded image representing the listing.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description":"The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces.","description_kind":"plain","required":true},"location":{"type":"string","description":"The name of the location this data exchange listing.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the listing. e.g. \"projects/myproject/locations/US/dataExchanges/123/listings/456\"","description_kind":"plain","computed":true},"primary_contact":{"type":"string","description":"Email or URL of the primary point of contact of the listing.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_access":{"type":"string","description":"Email or URL of the request access of the listing. Subscribers can use this reference to request access.","description_kind":"plain","optional":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset":{"type":"string","description":"Resource name of the dataset source for this listing. e.g. projects/myproject/datasets/123","description_kind":"plain","required":true}},"description":"Shared dataset i.e. BigQuery dataset source.","description_kind":"plain"},"min_items":1,"max_items":1},"data_provider":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the data provider.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the data provider.","description_kind":"plain","optional":true}},"description":"Details of the data provider who owns the source data.","description_kind":"plain"},"max_items":1},"publisher":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the listing publisher.","description_kind":"plain","required":true},"primary_contact":{"type":"string","description":"Email or URL of the listing publisher.","description_kind":"plain","optional":true}},"description":"Details of the publisher who owns the listing and who can share the source data.","description_kind":"plain"},"max_items":1},"restricted_export_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, enable restricted export.","description_kind":"plain","optional":true},"restrict_query_result":{"type":"bool","description":"If true, restrict export of query result derived from restricted linked dataset table.","description_kind":"plain","optional":true}},"description":"If set, restricted export configuration will be propagated and enforced on the linked dataset.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_binding":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_member":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_bi_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"LOCATION_DESCRIPTION","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the singleton BI reservation. Reservation names have the form 'projects/{projectId}/locations/{locationId}/biReservation'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"Size of a reservation, in bytes.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The last update timestamp of a reservation.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"preferred_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset in the above project.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The assigned project ID of the project.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"The ID of the table in the above dataset.","description_kind":"plain","optional":true}},"description":"Preferred tables to use BI capacity for.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_capacity_commitment":{"version":0,"block":{"attributes":{"capacity_commitment_id":{"type":"string","description":"The optional capacity commitment ID. Capacity commitment name will be generated automatically if this field is\nempty. This field must only contain lower case alphanumeric characters or dashes. The first and last character\ncannot be a dash. Max length is 64 characters. NOTE: this ID won't be kept if the capacity commitment is split\nor merged.","description_kind":"plain","optional":true},"commitment_end_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"commitment_start_time":{"type":"string","description":"The start of the current commitment period. It is applicable only for ACTIVE capacity commitments.","description_kind":"plain","computed":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true},"enforce_single_admin_project_per_org":{"type":"string","description":"If true, fail the request if another project in the organization has a capacity commitment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the capacity commitment, e.g., projects/myproject/locations/US/capacityCommitments/123","description_kind":"plain","computed":true},"plan":{"type":"string","description":"Capacity commitment plan. Valid values are at https://cloud.google.com/bigquery/docs/reference/reservations/rpc/google.cloud.bigquery.reservation.v1#commitmentplan","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"renewal_plan":{"type":"string","description":"The plan this capacity commitment is converted to after commitmentEndTime passes. Once the plan is changed, committed period is extended according to commitment plan. Only applicable for some commitment plans.","description_kind":"plain","optional":true},"slot_count":{"type":"number","description":"Number of slots in this commitment.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the commitment","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description":"Optional connection id that should be assigned to the created connection.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A descriptive description for the connection","description_kind":"plain","optional":true},"friendly_name":{"type":"string","description":"A descriptive name for the connection","description_kind":"plain","optional":true},"has_credential":{"type":"bool","description":"True if the connection has credential assigned.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the connection in the form of:\n\"projects/{project_id}/locations/{location_id}/connections/{connectionId}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"block_types":{"access_role":{"nesting_mode":"list","block":{"attributes":{"iam_role_id":{"type":"string","description":"The user’s AWS IAM Role that trusts the Google-owned AWS IAM user Connection.","description_kind":"plain","required":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's AWS IAM Role.","description_kind":"plain","computed":true}},"description":"Authentication using Google owned service account to assume into customer's AWS IAM Role.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to Amazon Web Services.","description_kind":"plain"},"max_items":1},"azure":{"nesting_mode":"list","block":{"attributes":{"application":{"type":"string","description":"The name of the Azure Active Directory Application.","description_kind":"plain","computed":true},"client_id":{"type":"string","description":"The client id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"customer_tenant_id":{"type":"string","description":"The id of customer's directory that host the data.","description_kind":"plain","required":true},"federated_application_client_id":{"type":"string","description":"The Azure Application (client) ID where the federated credentials will be hosted.","description_kind":"plain","optional":true},"identity":{"type":"string","description":"A unique Google-owned and Google-generated identity for the Connection. This identity will be used to access the user's Azure Active Directory Application.","description_kind":"plain","computed":true},"object_id":{"type":"string","description":"The object id of the Azure Active Directory Application.","description_kind":"plain","computed":true},"redirect_uri":{"type":"string","description":"The URL user will be redirected to after granting consent during connection setup.","description_kind":"plain","computed":true}},"description":"Container for connection properties specific to Azure.","description_kind":"plain"},"max_items":1},"cloud_resource":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"description":"Container for connection properties for delegation of access to GCP resources.","description_kind":"plain"},"max_items":1},"cloud_spanner":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Cloud Spanner database in the form 'project/instance/database'.","description_kind":"plain","required":true},"database_role":{"type":"string","description":"Cloud Spanner database role for fine-grained access control. The Cloud Spanner admin should have provisioned the database role with appropriate permissions, such as 'SELECT' and 'INSERT'. Other users should only use roles provided by their Cloud Spanner admins. The database role name must start with a letter, and can only contain letters, numbers, and underscores. For more details, see https://cloud.google.com/spanner/docs/fgac-about.","description_kind":"plain","optional":true},"max_parallelism":{"type":"number","description":"Allows setting max parallelism per query when executing on Spanner independent compute resources. If unspecified, default values of parallelism are chosen that are dependent on the Cloud Spanner instance configuration. 'useParallelism' and 'useDataBoost' must be set when setting max parallelism.","description_kind":"plain","optional":true},"use_data_boost":{"type":"bool","description":"If set, the request will be executed via Spanner independent compute resources. 'use_parallelism' must be set when using data boost.","description_kind":"plain","optional":true},"use_parallelism":{"type":"bool","description":"If parallelism should be used when reading from Cloud Spanner.","description_kind":"plain","optional":true},"use_serverless_analytics":{"type":"bool","description":"If the serverless analytics service should be used to read data from Cloud Spanner. 'useParallelism' must be set when using serverless analytics.","description_kind":"plain","deprecated":true,"optional":true}},"description":"Connection properties specific to Cloud Spanner","description_kind":"plain"},"max_items":1},"cloud_sql":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"Cloud SQL instance ID in the form project:location:instance.","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"When the connection is used in the context of an operation in BigQuery, this service account will serve as the identity being used for connecting to the CloudSQL instance specified in this connection.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Type of the Cloud SQL database. Possible values: [\"DATABASE_TYPE_UNSPECIFIED\", \"POSTGRES\", \"MYSQL\"]","description_kind":"plain","required":true}},"block_types":{"credential":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password for database.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"Username for database.","description_kind":"plain","required":true}},"description":"Cloud SQL properties.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Connection properties specific to the Cloud SQL.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"service_account_id":{"type":"string","description":"The account ID of the service created for the purpose of this connection.","description_kind":"plain","computed":true}},"block_types":{"metastore_service_config":{"nesting_mode":"list","block":{"attributes":{"metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service in the form of projects/[projectId]/locations/[region]/services/[serviceId].","description_kind":"plain","optional":true}},"description":"Dataproc Metastore Service configuration for the connection.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the connection if the form of projects/[projectId]/regions/[region]/clusters/[cluster_name].","description_kind":"plain","optional":true}},"description":"Spark History Server configuration for the connection.","description_kind":"plain"},"max_items":1}},"description":"Container for connection properties to execute stored procedures for Apache Spark. resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_connection_iam_binding":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_member":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_data_transfer_config":{"version":0,"block":{"attributes":{"data_refresh_window_days":{"type":"number","description":"The number of days to look back to automatically refresh the data.\nFor example, if dataRefreshWindowDays = 10, then every day BigQuery\nreingests data for [today-10, today-1], rather than ingesting data for\njust [today-1]. Only valid if the data source supports the feature.\nSet the value to 0 to use the default value.","description_kind":"plain","optional":true},"data_source_id":{"type":"string","description":"The data source id. Cannot be changed once the transfer config is created.","description_kind":"plain","required":true},"destination_dataset_id":{"type":"string","description":"The BigQuery target dataset id.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"When set to true, no runs are scheduled for a given transfer.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The user specified display name for the transfer config.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the transfer config. Transfer config names have the\nform projects/{projectId}/locations/{location}/transferConfigs/{configId}\nor projects/{projectId}/transferConfigs/{configId},\nwhere configId is usually a uuid, but this is not required.\nThe name is ignored when creating a transfer config.","description_kind":"plain","computed":true},"notification_pubsub_topic":{"type":"string","description":"Pub/Sub topic where notifications will be sent after transfer runs\nassociated with this transfer config finish.","description_kind":"plain","optional":true},"params":{"type":["map","string"],"description":"Parameters specific to each data source. For more information see the bq tab in the 'Setting up a data transfer'\nsection for each data source. For example the parameters for Cloud Storage transfers are listed here:\nhttps://cloud.google.com/bigquery-transfer/docs/cloud-storage-transfer#bq\n\n**NOTE** : If you are attempting to update a parameter that cannot be updated (due to api limitations) [please force recreation of the resource](https://www.terraform.io/cli/state/taint#forcing-re-creation-of-resources).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Data transfer schedule. If the data source does not support a custom\nschedule, this should be empty. If it is empty, the default value for\nthe data source will be used. The specified times are in UTC. Examples\nof valid format: 1st,3rd monday of month 15:30, every wed,fri of jan,\njun 13:15, and first sunday of quarter 00:00. See more explanation\nabout the format here:\nhttps://cloud.google.com/appengine/docs/flexible/python/scheduling-jobs-with-cron-yaml#the_schedule_format\nNOTE: the granularity should be at least 8 hours, or less frequent.","description_kind":"plain","optional":true},"service_account_name":{"type":"string","description":"Service account email. If this field is set, transfer config will\nbe created with this service account credentials. It requires that\nrequesting user calling this API has permissions to act as this service account.","description_kind":"plain","optional":true}},"block_types":{"email_preferences":{"nesting_mode":"list","block":{"attributes":{"enable_failure_email":{"type":"bool","description":"If true, email notifications will be sent on transfer run failures.","description_kind":"plain","required":true}},"description":"Email notifications will be sent according to these preferences to the\nemail address of the user who owns this transfer config.","description_kind":"plain"},"max_items":1},"schedule_options":{"nesting_mode":"list","block":{"attributes":{"disable_auto_scheduling":{"type":"bool","description":"If true, automatic scheduling of data transfer runs for this\nconfiguration will be disabled. The runs can be started on ad-hoc\nbasis using transferConfigs.startManualRuns API. When automatic\nscheduling is disabled, the TransferConfig.schedule field will\nbe ignored.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Defines time to stop scheduling transfer runs. A transfer run cannot be\nscheduled at or after the end time. The end time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Specifies time to start scheduling transfer runs. The first run will be\nscheduled at or after the start time according to a recurrence pattern\ndefined in the schedule string. The start time can be changed at any\nmoment. The time when a data transfer can be triggered manually is not\nlimited by this option.","description_kind":"plain","optional":true}},"description":"Options customizing the data transfer schedule.","description_kind":"plain"},"max_items":1},"sensitive_params":{"nesting_mode":"list","block":{"attributes":{"secret_access_key":{"type":"string","description":"The Secret Access Key of the AWS account transferring data from.","description_kind":"plain","required":true,"sensitive":true}},"description":"Different parameters are configured primarily using the the 'params' field on this\nresource. This block contains the parameters which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: secret_access_key, will be the key\nin the 'params' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description":"User-assigned (human readable) ID of the data policy that needs to be unique within a project. Used as {dataPolicyId} in part of the resource name.","description_kind":"plain","required":true},"data_policy_type":{"type":"string","description":"The enrollment level of the service. Possible values: [\"COLUMN_LEVEL_SECURITY_POLICY\", \"DATA_MASKING_POLICY\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location of the data policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of this data policy, in the format of projects/{project_number}/locations/{locationId}/dataPolicies/{dataPolicyId}.","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description":"Policy tag resource name, in the format of projects/{project_number}/locations/{locationId}/taxonomies/{taxonomyId}/policyTags/{policyTag_id}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_masking_policy":{"nesting_mode":"list","block":{"attributes":{"predefined_expression":{"type":"string","description":"The available masking rules. Learn more here: https://cloud.google.com/bigquery/docs/column-data-masking-intro#masking_options. Possible values: [\"SHA256\", \"ALWAYS_NULL\", \"DEFAULT_MASKING_VALUE\", \"LAST_FOUR_CHARACTERS\", \"FIRST_FOUR_CHARACTERS\", \"EMAIL_MASK\", \"DATE_YEAR_MASK\"]","description_kind":"plain","optional":true},"routine":{"type":"string","description":"The name of the BigQuery routine that contains the custom masking routine, in the format of projects/{projectNumber}/datasets/{dataset_id}/routines/{routine_id}.","description_kind":"plain","optional":true}},"description":"The data masking policy that specifies the data masking rule to use.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_binding":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_member":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","optional":true,"computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","optional":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","optional":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","optional":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access":{"nesting_mode":"set","block":{"attributes":{"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles\nare supported. Predefined roles that have equivalent basic roles\nare swapped by the API to their basic counterparts. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain"}},"default_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination\nBigQuery table. The BigQuery Service Account associated with your project requires\naccess to this encryption key.","description_kind":"plain","required":true}},"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain"},"max_items":1},"external_dataset_reference":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"The connection id that is used to access the externalSource.\nFormat: projects/{projectId}/locations/{locationId}/connections/{connectionId}","description_kind":"plain","required":true},"external_source":{"type":"string","description":"External source that backs this dataset.","description_kind":"plain","required":true}},"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_dataset_access":{"version":0,"block":{"attributes":{"api_updated_member":{"type":"bool","description":"If true, represents that that the iam_member in the config was translated to a different member type by the API, and is stored in state as a different member type","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"domain":{"type":"string","description":"A domain to grant access to. Any users signed in with the\ndomain specified will be granted the specified access","description_kind":"plain","optional":true},"group_by_email":{"type":"string","description":"An email address of a Google Group to grant access to.","description_kind":"plain","optional":true},"iam_member":{"type":"string","description":"Some other type of member that appears in the IAM Policy but isn't a user,\ngroup, domain, or special group. For example: 'allUsers'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"Describes the rights granted to the user specified by the other\nmember of the access object. Basic, predefined, and custom roles are\nsupported. Predefined roles that have equivalent basic roles are\nswapped by the API to their basic counterparts, and will show a diff\npost-create. See\n[official docs](https://cloud.google.com/bigquery/docs/access-control).","description_kind":"plain","optional":true},"special_group":{"type":"string","description":"A special group to grant access to. Possible values include:\n\n\n* 'projectOwners': Owners of the enclosing project.\n\n\n* 'projectReaders': Readers of the enclosing project.\n\n\n* 'projectWriters': Writers of the enclosing project.\n\n\n* 'allAuthenticatedUsers': All authenticated BigQuery users.","description_kind":"plain","optional":true},"user_by_email":{"type":"string","description":"An email address of a user to grant access to. For example:\nfred@example.com","description_kind":"plain","optional":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"target_types":{"type":["list","string"],"description":"Which resources in the dataset this entry applies to. Currently, only views are supported,\nbut additional target types may be added in the future. Possible values: VIEWS","description_kind":"plain","required":true}},"block_types":{"dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true}},"description":"The dataset this entry applies to","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Grants all resources of particular types in a particular dataset read access to the current dataset.","description_kind":"plain"},"max_items":1},"routine":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"routine_id":{"type":"string","description":"The ID of the routine. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 256 characters.","description_kind":"plain","required":true}},"description":"A routine from a different dataset to grant access to. Queries\nexecuted against that routine will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that routine is updated by any user, access to the routine\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"view":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","required":true}},"description":"A view from a different dataset to grant access to. Queries\nexecuted against that view will have read access to tables in\nthis dataset. The role field is not required when this field is\nset. If that view is updated by any user, access to the view\nneeds to be granted again via an update operation.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_job":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description":"The ID of the job. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"job_timeout_ms":{"type":"string","description":"Job timeout in milliseconds. If this time limit is exceeded, BigQuery may attempt to terminate the job.","description_kind":"plain","optional":true},"job_type":{"type":"string","description":"The type of the job.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this job. You can use these to organize and group your jobs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location of the job. The default value is US.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"error_result":["list",["object",{"location":"string","message":"string","reason":"string"}]],"errors":["list",["object",{"location":"string","message":"string","reason":"string"}]],"state":"string"}]],"description":"The status of this job. Examine this value when polling an asynchronous job to see if the job is complete.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"user_email":{"type":"string","description":"Email address of the user who ran the job.","description_kind":"plain","computed":true}},"block_types":{"copy":{"nesting_mode":"list","block":{"attributes":{"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table.","description_kind":"plain"},"max_items":1},"source_tables":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Source tables to copy.","description_kind":"plain"},"min_items":1}},"description":"Copies a table.","description_kind":"plain"},"max_items":1},"extract":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"The compression type to use for exported files. Possible values include GZIP, DEFLATE, SNAPPY, and NONE.\nThe default value is NONE. DEFLATE and SNAPPY are only supported for Avro.","description_kind":"plain","optional":true},"destination_format":{"type":"string","description":"The exported file format. Possible values include CSV, NEWLINE_DELIMITED_JSON and AVRO for tables and SAVED_MODEL for models.\nThe default value for tables is CSV. Tables with nested or repeated fields cannot be exported as CSV.\nThe default value for models is SAVED_MODEL.","description_kind":"plain","optional":true,"computed":true},"destination_uris":{"type":["list","string"],"description":"A list of fully-qualified Google Cloud Storage URIs where the extracted table should be written.","description_kind":"plain","required":true},"field_delimiter":{"type":"string","description":"When extracting data in CSV format, this defines the delimiter to use between fields in the exported data.\nDefault is ','","description_kind":"plain","optional":true,"computed":true},"print_header":{"type":"bool","description":"Whether to print out a header row in the results. Default is true.","description_kind":"plain","optional":true},"use_avro_logical_types":{"type":"bool","description":"Whether to use logical types when extracting to AVRO format.","description_kind":"plain","optional":true}},"block_types":{"source_model":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this model.","description_kind":"plain","required":true},"model_id":{"type":"string","description":"The ID of the model.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this model.","description_kind":"plain","required":true}},"description":"A reference to the model being exported.","description_kind":"plain"},"max_items":1},"source_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"A reference to the table being exported.","description_kind":"plain"},"max_items":1}},"description":"Configures an extract job.","description_kind":"plain"},"max_items":1},"load":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Accept rows that are missing trailing optional columns. The missing values are treated as nulls.\nIf false, records with missing trailing columns are treated as bad records, and if there are too many bad records,\nan invalid error is returned in the job result. The default value is false. Only applicable to CSV, ignored for other formats.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file.\nThe default value is false.","description_kind":"plain","optional":true},"autodetect":{"type":"bool","description":"Indicates if we should automatically infer the options and schema for CSV and JSON sources.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.\nThe default value is UTF-8. BigQuery decodes the data after the raw, binary data\nhas been split using the values of the quote and fieldDelimiter properties.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file. The separator can be any ISO-8859-1 single-byte character.\nTo use a character in the range 128-255, you must encode the character as UTF8. BigQuery converts\nthe string to ISO-8859-1 encoding, and then uses the first byte of the encoded string to split the\ndata in its raw, binary state. BigQuery also supports the escape sequence \"\\t\" to specify a tab separator.\nThe default value is a comma (',').","description_kind":"plain","optional":true,"computed":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema.\nIf true, the extra values are ignored. If false, records with extra columns are treated as bad records,\nand if there are too many bad records, an invalid error is returned in the job result.\nThe default value is false. The sourceFormat property determines what BigQuery treats as an extra value:\nCSV: Trailing columns\nJSON: Named values that don't match any column names","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"If sourceFormat is set to newline-delimited JSON, indicates whether it should be processed as a JSON variant such as GeoJSON.\nFor a sourceFormat other than JSON, omit this field. If the sourceFormat is newline-delimited JSON: - for newline-delimited\nGeoJSON: set to GEOJSON.","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when running the job. If the number of bad records exceeds this value,\nan invalid error is returned in the job result. The default value is 0, which requires that all records are valid.","description_kind":"plain","optional":true},"null_marker":{"type":"string","description":"Specifies a string that represents a null value in a CSV file. For example, if you specify \"\\N\", BigQuery interprets \"\\N\" as a null value\nwhen loading a CSV file. The default value is the empty string. If you set this property to a custom value, BigQuery throws an error if an\nempty string is present for all data types except for STRING and BYTE. For STRING and BYTE columns, BigQuery interprets the empty string as\nan empty value.","description_kind":"plain","optional":true},"projection_fields":{"type":["list","string"],"description":"If sourceFormat is set to \"DATASTORE_BACKUP\", indicates which entity properties to load into BigQuery from a Cloud Datastore backup.\nProperty names are case sensitive and must be top-level properties. If no properties are specified, BigQuery loads all properties.\nIf any named property isn't found in the Cloud Datastore backup, an invalid error is returned in the job result.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. BigQuery converts the string to ISO-8859-1 encoding,\nand then uses the first byte of the encoded string to split the data in its raw, binary state.\nThe default value is a double-quote ('\"'). If your data does not contain quoted sections, set the property value to an empty string.\nIf your data contains quoted newline characters, you must also set the allowQuotedNewlines property to true.","description_kind":"plain","optional":true,"computed":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the load job if a schema is autodetected or\nsupplied in the job configuration. Schema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table, specified by partition decorators.\nFor normal tables, WRITE_TRUNCATE will always overwrite the schema. One or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when loading the data.\nThe default value is 0. This property is useful if you have header rows in the file that should be skipped.\nWhen autodetect is on, the behavior is the following:\nskipLeadingRows unspecified - Autodetect tries to detect headers in the first row. If they are not detected,\nthe row is read as data. Otherwise data is read starting from the second row.\nskipLeadingRows is 0 - Instructs autodetect that there are no headers and data should be read starting from the first row.\nskipLeadingRows = N \u003e 0 - Autodetect skips N-1 rows and tries to detect headers in row N. If headers are not detected,\nrow N is just skipped. Otherwise row N is used to extract column names for the detected schema.","description_kind":"plain","optional":true},"source_format":{"type":"string","description":"The format of the data files. For CSV files, specify \"CSV\". For datastore backups, specify \"DATASTORE_BACKUP\".\nFor newline-delimited JSON, specify \"NEWLINE_DELIMITED_JSON\". For Avro, specify \"AVRO\". For parquet, specify \"PARQUET\".\nFor orc, specify \"ORC\". [Beta] For Bigtable, specify \"BIGTABLE\".\nThe default value is CSV.","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"The fully-qualified URIs that point to your data in Google Cloud.\nFor Google Cloud Storage URIs: Each URI can contain one '\\*' wildcard character\nand it must come after the 'bucket' name. Size limits related to load jobs apply\nto external data sources. For Google Cloud Bigtable URIs: Exactly one URI can be\nspecified and it has be a fully specified and valid HTTPS URL for a Google Cloud Bigtable table.\nFor Google Cloud Datastore backups: Exactly one URI can be specified. Also, the '\\*' wildcard character is not allowed.","description_kind":"plain","required":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"The destination table to load the data into.","description_kind":"plain"},"min_items":1,"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"If sourceFormat is set to PARQUET, indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Parquet Options for load and make external tables.","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition. A wrapper is used here because 0 is an invalid value.","description_kind":"plain","optional":true},"field":{"type":"string","description":"If not set, the table is partitioned by pseudo column '_PARTITIONTIME'; if set, the table is partitioned by this field.\nThe field must be a top-level TIMESTAMP or DATE field. Its mode must be NULLABLE or REQUIRED.\nA wrapper is used here because an empty string is an invalid value.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The only type supported is DAY, which will generate one partition per day. Providing an empty string used to cause an error,\nbut in OnePlatform the field will be treated as unset.","description_kind":"plain","required":true}},"description":"Time-based partitioning specification for the destination table.","description_kind":"plain"},"max_items":1}},"description":"Configures a load job.","description_kind":"plain"},"max_items":1},"query":{"nesting_mode":"list","block":{"attributes":{"allow_large_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, allows the query to produce arbitrarily large result tables at a slight cost in performance.\nRequires destinationTable to be set. For standard SQL queries, this flag is ignored and large results are always allowed.\nHowever, you must still set destinationTable when result size exceeds the allowed maximum response size.","description_kind":"plain","optional":true},"create_disposition":{"type":"string","description":"Specifies whether the job is allowed to create new tables. The following values are supported:\nCREATE_IF_NEEDED: If the table does not exist, BigQuery creates the table.\nCREATE_NEVER: The table must already exist. If it does not, a 'notFound' error is returned in the job result.\nCreation, truncation and append actions occur as one atomic update upon job completion Default value: \"CREATE_IF_NEEDED\" Possible values: [\"CREATE_IF_NEEDED\", \"CREATE_NEVER\"]","description_kind":"plain","optional":true},"flatten_results":{"type":"bool","description":"If true and query uses legacy SQL dialect, flattens all nested and repeated fields in the query results.\nallowLargeResults must be true if this is set to false. For standard SQL queries, this flag is ignored and results are never flattened.","description_kind":"plain","optional":true},"maximum_billing_tier":{"type":"number","description":"Limits the billing tier for this job. Queries that have resource usage beyond this tier will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"maximum_bytes_billed":{"type":"string","description":"Limits the bytes billed for this job. Queries that will have bytes billed beyond this limit will fail (without incurring a charge).\nIf unspecified, this will be set to your project default.","description_kind":"plain","optional":true},"parameter_mode":{"type":"string","description":"Standard SQL only. Set to POSITIONAL to use positional (?) query parameters or to NAMED to use named (@myparam) query parameters in this query.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"Specifies a priority for the query. Default value: \"INTERACTIVE\" Possible values: [\"INTERACTIVE\", \"BATCH\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"SQL query text to execute. The useLegacySql field can be used to indicate whether the query uses legacy SQL or standard SQL.\n*NOTE*: queries containing [DML language](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-manipulation-language)\n('DELETE', 'UPDATE', 'MERGE', 'INSERT') must specify 'create_disposition = \"\"' and 'write_disposition = \"\"'.","description_kind":"plain","required":true},"schema_update_options":{"type":["list","string"],"description":"Allows the schema of the destination table to be updated as a side effect of the query job.\nSchema update options are supported in two cases: when writeDisposition is WRITE_APPEND;\nwhen writeDisposition is WRITE_TRUNCATE and the destination table is a partition of a table,\nspecified by partition decorators. For normal tables, WRITE_TRUNCATE will always overwrite the schema.\nOne or more of the following values are specified:\nALLOW_FIELD_ADDITION: allow adding a nullable field to the schema.\nALLOW_FIELD_RELAXATION: allow relaxing a required field in the original schema to nullable.","description_kind":"plain","optional":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL dialect for this query. The default value is true.\nIf set to false, the query will use BigQuery's standard SQL.","description_kind":"plain","optional":true},"use_query_cache":{"type":"bool","description":"Whether to look for the result in the query cache. The query cache is a best-effort cache that will be flushed whenever\ntables in the query are modified. Moreover, the query cache is only available when a query does not have a destination table specified.\nThe default value is true.","description_kind":"plain","optional":true},"write_disposition":{"type":"string","description":"Specifies the action that occurs if the destination table already exists. The following values are supported:\nWRITE_TRUNCATE: If the table already exists, BigQuery overwrites the table data and uses the schema from the query result.\nWRITE_APPEND: If the table already exists, BigQuery appends the data to the table.\nWRITE_EMPTY: If the table already exists and contains data, a 'duplicate' error is returned in the job result.\nEach action is atomic and only occurs if BigQuery is able to complete the job successfully.\nCreation, truncation and append actions occur as one atomic update upon job completion. Default value: \"WRITE_EMPTY\" Possible values: [\"WRITE_TRUNCATE\", \"WRITE_APPEND\", \"WRITE_EMPTY\"]","description_kind":"plain","optional":true}},"block_types":{"default_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset. Can be specified '{{dataset_id}}' if 'project_id' is also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}' if not.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the default dataset to use for unqualified table names in the query. Note that this does not alter behavior of unqualified dataset names.","description_kind":"plain"},"max_items":1},"destination_encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery table.\nThe BigQuery Service Account associated with your project requires access to this encryption key.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"Describes the Cloud KMS encryption key version used to protect destination BigQuery table.","description_kind":"plain","computed":true}},"description":"Custom encryption configuration (e.g., Cloud KMS keys)","description_kind":"plain"},"max_items":1},"destination_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","optional":true,"computed":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description":"The table. Can be specified '{{table_id}}' if 'project_id' and 'dataset_id' are also set,\nor of the form 'projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}' if not.","description_kind":"plain","required":true}},"description":"Describes the table where the query results should be stored.\nThis property must be set for large results that exceed the maximum response size.\nFor queries that produce anonymous (cached) results, this field will be populated by BigQuery.","description_kind":"plain"},"max_items":1},"script_options":{"nesting_mode":"list","block":{"attributes":{"key_result_statement":{"type":"string","description":"Determines which statement in the script represents the \"key result\",\nused to populate the schema and query results of the script job. Possible values: [\"LAST\", \"FIRST_SELECT\"]","description_kind":"plain","optional":true},"statement_byte_budget":{"type":"string","description":"Limit on the number of bytes billed per statement. Exceeding this budget results in an error.","description_kind":"plain","optional":true},"statement_timeout_ms":{"type":"string","description":"Timeout period for each statement in a script.","description_kind":"plain","optional":true}},"description":"Options controlling the execution of scripts.","description_kind":"plain"},"max_items":1},"user_defined_function_resources":{"nesting_mode":"list","block":{"attributes":{"inline_code":{"type":"string","description":"An inline resource that contains code for a user-defined function (UDF).\nProviding a inline code resource is equivalent to providing a URI for a file containing the same code.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"A code resource to load from a Google Cloud Storage URI (gs://bucket/path).","description_kind":"plain","optional":true}},"description":"Describes user-defined function resources used in the query.","description_kind":"plain"}}},"description":"Configures a query job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation":{"version":0,"block":{"attributes":{"concurrency":{"type":"number","description":"Maximum number of queries that are allowed to run concurrently in this reservation. This is a soft limit due to asynchronous nature of the system and various optimizations for small queries. Default value is 0 which means that concurrency will be automatically set based on the reservation size.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition type. Valid values are STANDARD, ENTERPRISE, ENTERPRISE_PLUS","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_idle_slots":{"type":"bool","description":"If false, any query using this reservation will use idle slots from other reservations within\nthe same admin project. If true, a query using this reservation will execute with the slot\ncapacity specified above at most.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"multi_region_auxiliary":{"type":"bool","description":"Applicable only for reservations located within one of the BigQuery multi-regions (US or EU).\nIf set to true, this reservation is placed in the organization's secondary region which is designated for disaster recovery purposes. If false, this reservation is placed in the organization's default region.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the reservation. This field must only contain alphanumeric characters or dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"slot_capacity":{"type":"number","description":"Minimum slots available to this reservation. A slot is a unit of computational power in BigQuery, and serves as the\nunit of parallelism. Queries using this reservation might use more slots during runtime if ignoreIdleSlots is set to false.","description_kind":"plain","required":true}},"block_types":{"autoscale":{"nesting_mode":"list","block":{"attributes":{"current_slots":{"type":"number","description":"The slot capacity added to this reservation when autoscale happens. Will be between [0, max_slots].","description_kind":"plain","computed":true},"max_slots":{"type":"number","description":"Number of slots to be scaled when needed.","description_kind":"plain","optional":true}},"description":"The configuration parameters for the auto scaling feature.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_reservation_assignment":{"version":0,"block":{"attributes":{"assignee":{"type":"string","description":"The resource which will use the reservation. E.g. projects/myproject, folders/123, organizations/456.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_type":{"type":"string","description":"Types of job, which could be specified when using the reservation. Possible values: JOB_TYPE_UNSPECIFIED, PIPELINE, QUERY","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. The resource name of the assignment.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reservation":{"type":"string","description":"The reservation for the resource","description_kind":"plain","required":true},"state":{"type":"string","description":"Assignment will remain in PENDING state if no active capacity commitment is present. It will become ACTIVE when some capacity commitment becomes active. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_routine":{"version":0,"block":{"attributes":{"creation_time":{"type":"number","description":"The time when this routine was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"data_governance_type":{"type":"string","description":"If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask Possible values: [\"DATA_MASKING\"]","description_kind":"plain","optional":true},"dataset_id":{"type":"string","description":"The ID of the dataset containing this routine","description_kind":"plain","required":true},"definition_body":{"type":"string","description":"The body of the routine. For functions, this is the expression in the AS clause.\nIf language=SQL, it is the substring inside (but excluding) the parentheses.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the routine if defined.","description_kind":"plain","optional":true},"determinism_level":{"type":"string","description":"The determinism level of the JavaScript UDF if defined. Possible values: [\"DETERMINISM_LEVEL_UNSPECIFIED\", \"DETERMINISTIC\", \"NOT_DETERMINISTIC\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"imported_libraries":{"type":["list","string"],"description":"Optional. If language = \"JAVASCRIPT\", this field stores the path of the\nimported JAVASCRIPT libraries.","description_kind":"plain","optional":true},"language":{"type":"string","description":"The language of the routine. Possible values: [\"SQL\", \"JAVASCRIPT\", \"PYTHON\", \"JAVA\", \"SCALA\"]","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this routine was modified, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"return_table_type":{"type":"string","description":"Optional. Can be set only if routineType = \"TABLE_VALUED_FUNCTION\".\n\nIf absent, the return table type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the columns in the evaluated table result will\nbe cast to match the column types specificed in return table type, at query time.","description_kind":"plain","optional":true},"return_type":{"type":"string","description":"A JSON schema for the return type. Optional if language = \"SQL\"; required otherwise.\nIf absent, the return type is inferred from definitionBody at query time in each query\nthat references this routine. If present, then the evaluated result will be cast to\nthe specified returned type at query time. ~\u003e**NOTE**: Because this field expects a JSON\nstring, any changes to the string will create a diff, even if the JSON itself hasn't\nchanged. If the API returns a different value for the same schema, e.g. it switche\nd the order of values or replaced STRUCT field type with RECORD field type, we currently\ncannot suppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"routine_id":{"type":"string","description":"The ID of the the routine. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 256 characters.","description_kind":"plain","required":true},"routine_type":{"type":"string","description":"The type of routine. Possible values: [\"SCALAR_FUNCTION\", \"PROCEDURE\", \"TABLE_VALUED_FUNCTION\"]","description_kind":"plain","required":true}},"block_types":{"arguments":{"nesting_mode":"list","block":{"attributes":{"argument_kind":{"type":"string","description":"Defaults to FIXED_TYPE. Default value: \"FIXED_TYPE\" Possible values: [\"FIXED_TYPE\", \"ANY_TYPE\"]","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"A JSON schema for the data type. Required unless argumentKind = ANY_TYPE.\n~\u003e**NOTE**: Because this field expects a JSON string, any changes to the string\nwill create a diff, even if the JSON itself hasn't changed. If the API returns\na different value for the same schema, e.g. it switched the order of values\nor replaced STRUCT field type with RECORD field type, we currently cannot\nsuppress the recurring diff this causes. As a workaround, we recommend using\nthe schema as returned by the API.","description_kind":"plain","optional":true},"mode":{"type":"string","description":"Specifies whether the argument is input or output. Can be set for procedures only. Possible values: [\"IN\", \"OUT\", \"INOUT\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this argument. Can be absent for function return argument.","description_kind":"plain","optional":true}},"description":"Input/output argument of a function or a stored procedure.","description_kind":"plain"}},"remote_function_options":{"nesting_mode":"list","block":{"attributes":{"connection":{"type":"string","description":"Fully qualified name of the user-provided connection object which holds\nthe authentication information to send requests to the remote service.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"Endpoint of the user-provided remote service, e.g.\n'https://us-east1-my_gcf_project.cloudfunctions.net/remote_add'","description_kind":"plain","optional":true},"max_batching_rows":{"type":"string","description":"Max number of rows in each batch sent to the remote service. If absent or if 0,\nBigQuery dynamically decides the number of rows in a batch.","description_kind":"plain","optional":true},"user_defined_context":{"type":["map","string"],"description":"User-defined context as a set of key/value pairs, which will be sent as function\ninvocation context together with batched arguments in the requests to the remote\nservice. The total number of bytes of keys and values must be less than 8KB.\n\nAn object containing a list of \"key\": value pairs. Example:\n'{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote function specific options.","description_kind":"plain"},"max_items":1},"spark_options":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Archive files to be extracted into the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"connection":{"type":"string","description":"Fully qualified name of the user-provided Spark connection object.\nFormat: \"projects/{projectId}/locations/{locationId}/connections/{connectionId}\"","description_kind":"plain","optional":true},"container_image":{"type":"string","description":"Custom container image for the runtime environment.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Files to be placed in the working directory of each executor. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"jar_uris":{"type":["list","string"],"description":"JARs to include on the driver and executor CLASSPATH. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"main_class":{"type":"string","description":"The fully qualified name of a class in jarUris, for example, com.example.wordcount.\nExactly one of mainClass and main_jar_uri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"main_file_uri":{"type":"string","description":"The main file/jar URI of the Spark application.\nExactly one of the definitionBody field and the mainFileUri field must be set for Python.\nExactly one of mainClass and mainFileUri field should be set for Java/Scala language type.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Configuration properties as a set of key/value pairs, which will be passed on to the Spark application.\nFor more information, see Apache Spark and the procedure option list.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"py_file_uris":{"type":["list","string"],"description":"Python files to be placed on the PYTHONPATH for PySpark application. Supported file types: .py, .egg, and .zip. For more information about Apache Spark, see Apache Spark.","description_kind":"plain","optional":true,"computed":true},"runtime_version":{"type":"string","description":"Runtime version. If not specified, the default runtime version is used.","description_kind":"plain","optional":true}},"description":"Optional. If language is one of \"PYTHON\", \"JAVA\", \"SCALA\", this field stores the options for spark stored procedure.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigquery_table":{"version":0,"block":{"attributes":{"clustering":{"type":["list","string"],"description":"Specifies column names to use for data clustering. Up to four top-level columns are allowed, and should be specified in descending priority order.","description_kind":"plain","optional":true},"creation_time":{"type":"number","description":"The time when this table was created, in milliseconds since the epoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"The dataset ID to create the table in. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":"The field description.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"expiration_time":{"type":"number","description":"The time when this table expires, in milliseconds since the epoch. If not present, the table will persist indefinitely. Expired tables will be deleted and their storage reclaimed.","description_kind":"plain","optional":true,"computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the table.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modified_time":{"type":"number","description":"The time when this table was last modified, in milliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"max_staleness":{"type":"string","description":"The maximum staleness of data that could be returned when the table (or stale MV) is queried. Staleness encoded as a string encoding of [SQL IntervalValue type](https://cloud.google.com/bigquery/docs/reference/standard-sql/data-types#interval_type).","description_kind":"plain","optional":true},"num_bytes":{"type":"number","description":"The geographic location where the table resides. This value is inherited from the dataset.","description_kind":"plain","computed":true},"num_long_term_bytes":{"type":"number","description":"The number of bytes in the table that are considered \"long-term storage\".","description_kind":"plain","computed":true},"num_rows":{"type":"number","description":"The number of rows of data in this table, excluding any data in the streaming buffer.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the table.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"table_id":{"type":"string","description":"A unique ID for the resource. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Describes the table type.","description_kind":"plain","computed":true}},"block_types":{"encryption_configuration":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The self link or full name of a key which should be used to encrypt this table. Note that the default bigquery service account will need to have encrypt/decrypt permissions on this key - you may want to see the google_bigquery_default_service_account datasource and the google_kms_crypto_key_iam_binding resource.","description_kind":"plain","required":true},"kms_key_version":{"type":"string","description":"The self link or full name of the kms key version used to encrypt this table.","description_kind":"plain","computed":true}},"description":"Specifies how the table should be encrypted. If left blank, the table will be encrypted with a Google-managed key; that process is transparent to the user.","description_kind":"plain"},"max_items":1},"external_data_configuration":{"nesting_mode":"list","block":{"attributes":{"autodetect":{"type":"bool","description":"Let BigQuery try to autodetect the schema and format of the table.","description_kind":"plain","required":true},"compression":{"type":"string","description":"The compression type of the data source. Valid values are \"NONE\" or \"GZIP\".","description_kind":"plain","optional":true},"connection_id":{"type":"string","description":"The connection specifying the credentials to be used to read external storage, such as Azure Blob, Cloud Storage, or S3. The connectionId can have the form \"{{project}}.{{location}}.{{connection_id}}\" or \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\".","description_kind":"plain","optional":true},"file_set_spec_type":{"type":"string","description":"Specifies how source URIs are interpreted for constructing the file set to load. By default source URIs are expanded against the underlying storage. Other options include specifying manifest files. Only applicable to object storage systems.","description_kind":"plain","optional":true},"ignore_unknown_values":{"type":"bool","description":"Indicates if BigQuery should allow extra values that are not represented in the table schema. If true, the extra values are ignored. If false, records with extra columns are treated as bad records, and if there are too many bad records, an invalid error is returned in the job result. The default value is false.","description_kind":"plain","optional":true},"json_extension":{"type":"string","description":"Load option to be used together with sourceFormat newline-delimited JSON to indicate that a variant of JSON is being loaded. To load newline-delimited GeoJSON, specify GEOJSON (and sourceFormat must be set to NEWLINE_DELIMITED_JSON).","description_kind":"plain","optional":true},"max_bad_records":{"type":"number","description":"The maximum number of bad records that BigQuery can ignore when reading data.","description_kind":"plain","optional":true},"metadata_cache_mode":{"type":"string","description":"Metadata Cache Mode for the table. Set this to enable caching of metadata from external data source.","description_kind":"plain","optional":true},"object_metadata":{"type":"string","description":"Object Metadata is used to create Object Tables. Object Tables contain a listing of objects (with their metadata) found at the sourceUris. If ObjectMetadata is set, sourceFormat should be omitted.","description_kind":"plain","optional":true},"reference_file_schema_uri":{"type":"string","description":"When creating an external table, the user can provide a reference file with the table schema. This is enabled for the following formats: AVRO, PARQUET, ORC.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"A JSON schema for the external table. Schema is required for CSV and JSON formats and is disallowed for Google Cloud Bigtable, Cloud Datastore backups, and Avro formats when using external tables.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":" Please see sourceFormat under ExternalDataConfiguration in Bigquery's public API documentation (https://cloud.google.com/bigquery/docs/reference/rest/v2/tables#externaldataconfiguration) for supported formats. To use \"GOOGLE_SHEETS\" the scopes must include \"googleapis.com/auth/drive.readonly\".","description_kind":"plain","optional":true},"source_uris":{"type":["list","string"],"description":"A list of the fully-qualified URIs that point to your data in Google Cloud.","description_kind":"plain","required":true}},"block_types":{"avro_options":{"nesting_mode":"list","block":{"attributes":{"use_avro_logical_types":{"type":"bool","description":"If sourceFormat is set to \"AVRO\", indicates whether to interpret logical types as the corresponding BigQuery data type (for example, TIMESTAMP), instead of using the raw type (for example, INTEGER).","description_kind":"plain","required":true}},"description":"Additional options if source_format is set to \"AVRO\"","description_kind":"plain"},"max_items":1},"csv_options":{"nesting_mode":"list","block":{"attributes":{"allow_jagged_rows":{"type":"bool","description":"Indicates if BigQuery should accept rows that are missing trailing optional columns.","description_kind":"plain","optional":true},"allow_quoted_newlines":{"type":"bool","description":"Indicates if BigQuery should allow quoted data sections that contain newline characters in a CSV file. The default value is false.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8 or ISO-8859-1.","description_kind":"plain","optional":true},"field_delimiter":{"type":"string","description":"The separator for fields in a CSV file.","description_kind":"plain","optional":true},"quote":{"type":"string","description":"The value that is used to quote data sections in a CSV file. If your data does not contain quoted sections, set the property value to an empty string. If your data contains quoted newline characters, you must also set the allow_quoted_newlines property to true. The API-side default is \", specified in Terraform escaped as \\\". Due to limitations with Terraform default values, this value is required to be explicitly set.","description_kind":"plain","required":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of a CSV file that BigQuery will skip when reading the data.","description_kind":"plain","optional":true}},"description":"Additional properties to set if source_format is set to \"CSV\".","description_kind":"plain"},"max_items":1},"google_sheets_options":{"nesting_mode":"list","block":{"attributes":{"range":{"type":"string","description":"Range of a sheet to query from. Only used when non-empty. At least one of range or skip_leading_rows must be set. Typical format: \"sheet_name!top_left_cell_id:bottom_right_cell_id\" For example: \"sheet1!A1:B20\"","description_kind":"plain","optional":true},"skip_leading_rows":{"type":"number","description":"The number of rows at the top of the sheet that BigQuery will skip when reading the data. At least one of range or skip_leading_rows must be set.","description_kind":"plain","optional":true}},"description":"Additional options if source_format is set to \"GOOGLE_SHEETS\".","description_kind":"plain"},"max_items":1},"hive_partitioning_options":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"When set, what mode of hive partitioning to use when reading data.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","optional":true},"source_uri_prefix":{"type":"string","description":"When hive partition detection is requested, a common for all source uris must be required. The prefix must end immediately before the partition key encoding begins.","description_kind":"plain","optional":true}},"description":"When set, configures hive partitioning support. Not all storage formats support hive partitioning -- requesting hive partitioning on an unsupported format will lead to an error, as will providing an invalid specification.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The character encoding of the data. The supported values are UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, and UTF-32LE. The default value is UTF-8.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to JSON.\"","description_kind":"plain"},"max_items":1},"parquet_options":{"nesting_mode":"list","block":{"attributes":{"enable_list_inference":{"type":"bool","description":"Indicates whether to use schema inference specifically for Parquet LIST logical type.","description_kind":"plain","optional":true},"enum_as_string":{"type":"bool","description":"Indicates whether to infer Parquet ENUM logical type as STRING instead of BYTES by default.","description_kind":"plain","optional":true}},"description":"Additional properties to set if sourceFormat is set to PARQUET.\"","description_kind":"plain"},"max_items":1}},"description":"Describes the data format, location, and other properties of a table stored outside of BigQuery. By defining these properties, the data source can then be queried as if it were a standard BigQuery table.","description_kind":"plain"},"max_items":1},"materialized_view":{"nesting_mode":"list","block":{"attributes":{"allow_non_incremental_definition":{"type":"bool","description":"Allow non incremental materialized view definition. The default value is false.","description_kind":"plain","optional":true},"enable_refresh":{"type":"bool","description":"Specifies if BigQuery should automatically refresh materialized view when the base table is updated. The default is true.","description_kind":"plain","optional":true},"query":{"type":"string","description":"A query whose result is persisted.","description_kind":"plain","required":true},"refresh_interval_ms":{"type":"number","description":"Specifies maximum frequency at which this materialized view will be refreshed. The default is 1800000.","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a materialized view.","description_kind":"plain"},"max_items":1},"range_partitioning":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The field used to determine how to create a range-based partition.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"end":{"type":"number","description":"End of the range partitioning, exclusive.","description_kind":"plain","required":true},"interval":{"type":"number","description":"The width of each range within the partition.","description_kind":"plain","required":true},"start":{"type":"number","description":"Start of the range partitioning, inclusive.","description_kind":"plain","required":true}},"description":"Information required to partition based on ranges. Structure is documented below.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If specified, configures range-based partitioning for this table.","description_kind":"plain"},"max_items":1},"table_constraints":{"nesting_mode":"list","block":{"block_types":{"foreign_keys":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Set only if the foreign key constraint is named.","description_kind":"plain","optional":true}},"block_types":{"column_references":{"nesting_mode":"list","block":{"attributes":{"referenced_column":{"type":"string","description":"The column in the primary key that are referenced by the referencingColumn.","description_kind":"plain","required":true},"referencing_column":{"type":"string","description":"The column that composes the foreign key.","description_kind":"plain","required":true}},"description":"The pair of the foreign key column and primary key column.","description_kind":"plain"},"min_items":1,"max_items":1},"referenced_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). The maximum length is 1,024 characters. Certain operations allow suffixing of the table ID with a partition decorator, such as sample_table$20190123.","description_kind":"plain","required":true}},"description":"The table that holds the primary key and is referenced by this foreign key.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Present only if the table has a foreign key. The foreign key is not enforced.","description_kind":"plain"}},"primary_key":{"nesting_mode":"list","block":{"attributes":{"columns":{"type":["list","string"],"description":"The columns that are composed of the primary key constraint.","description_kind":"plain","required":true}},"description":"Represents a primary key constraint on a table's columns. Present only if the table has a primary key. The primary key is not enforced.","description_kind":"plain"},"max_items":1}},"description":"Defines the primary key and foreign keys.","description_kind":"plain"},"max_items":1},"table_replication_info":{"nesting_mode":"list","block":{"attributes":{"replication_interval_ms":{"type":"number","description":"The interval at which the source materialized view is polled for updates. The default is 300000.","description_kind":"plain","optional":true},"source_dataset_id":{"type":"string","description":"The ID of the source dataset.","description_kind":"plain","required":true},"source_project_id":{"type":"string","description":"The ID of the source project.","description_kind":"plain","required":true},"source_table_id":{"type":"string","description":"The ID of the source materialized view.","description_kind":"plain","required":true}},"description":"Replication info of a table created using \"AS REPLICA\" DDL like: \"CREATE MATERIALIZED VIEW mv1 AS REPLICA OF src_mv\".","description_kind":"plain"},"max_items":1},"time_partitioning":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"number","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true,"computed":true},"field":{"type":"string","description":"The field used to determine how to create a time-based partition. If time-based partitioning is enabled without this value, the table is partitioned based on the load time.","description_kind":"plain","optional":true},"require_partition_filter":{"type":"bool","description":"If set to true, queries over this table require a partition filter that can be used for partition elimination to be specified.","description_kind":"plain","deprecated":true,"optional":true},"type":{"type":"string","description":"The supported types are DAY, HOUR, MONTH, and YEAR, which will generate one partition per day, hour, month, and year, respectively.","description_kind":"plain","required":true}},"description":"If specified, configures time-based partitioning for this table.","description_kind":"plain"},"max_items":1},"view":{"nesting_mode":"list","block":{"attributes":{"query":{"type":"string","description":"A query that BigQuery executes when the view is referenced.","description_kind":"plain","required":true},"use_legacy_sql":{"type":"bool","description":"Specifies whether to use BigQuery's legacy SQL for this view. The default value is true. If set to false, the view will use BigQuery's standard SQL","description_kind":"plain","optional":true}},"description":"If specified, configures this table as a view.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_app_profile":{"version":0,"block":{"attributes":{"app_profile_id":{"type":"string","description":"The unique name of the app profile in the form '[_a-zA-Z0-9][-_.a-zA-Z0-9]*'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Long form description of the use case for this app profile.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_warnings":{"type":"bool","description":"If true, ignore safety checks when deleting/updating the app profile.","description_kind":"plain","optional":true},"instance":{"type":"string","description":"The name of the instance to create the app profile within.","description_kind":"plain","optional":true},"multi_cluster_routing_cluster_ids":{"type":["list","string"],"description":"The set of clusters to route to. The order is ignored; clusters will be tried in order of distance. If left empty, all clusters are eligible.","description_kind":"plain","optional":true},"multi_cluster_routing_use_any":{"type":"bool","description":"If true, read/write requests are routed to the nearest cluster in the instance, and will fail over to the nearest cluster that is available\nin the event of transient errors or delays. Clusters in a region are considered equidistant. Choosing this option sacrifices read-your-writes\nconsistency to improve availability.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique name of the requested app profile. Values are of the form 'projects/\u003cproject\u003e/instances/\u003cinstance\u003e/appProfiles/\u003cappProfileId\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"single_cluster_routing":{"nesting_mode":"list","block":{"attributes":{"allow_transactional_writes":{"type":"bool","description":"If true, CheckAndMutateRow and ReadModifyWriteRow requests are allowed by this app profile.\nIt is unsafe to send these requests to the same table/row/column in multiple clusters.","description_kind":"plain","optional":true},"cluster_id":{"type":"string","description":"The cluster to which read/write requests should be routed.","description_kind":"plain","required":true}},"description":"Use a single-cluster routing policy.","description_kind":"plain"},"max_items":1},"standard_isolation":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"string","description":"The priority of requests sent using this app profile. Possible values: [\"PRIORITY_LOW\", \"PRIORITY_MEDIUM\", \"PRIORITY_HIGH\"]","description_kind":"plain","required":true}},"description":"The standard options used for isolating this app profile's traffic from other use cases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_gc_policy":{"version":0,"block":{"attributes":{"column_family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true},"deletion_policy":{"type":"string","description":"The deletion policy for the GC policy. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for GC policy as it cannot be deleted\n\t\t\t\tin a replicated instance. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"gc_rules":{"type":"string","description":"Serialized JSON string for garbage collection policy. Conflicts with \"mode\", \"max_age\" and \"max_version\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. If multiple policies are set, you should choose between UNION OR INTERSECTION.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"block_types":{"max_age":{"nesting_mode":"list","block":{"attributes":{"days":{"type":"number","description":"Number of days before applying GC policy.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"duration":{"type":"string","description":"Duration before applying GC policy","description_kind":"plain","optional":true,"computed":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all cells older than the given age.","description_kind":"plain"},"max_items":1},"max_version":{"nesting_mode":"list","block":{"attributes":{"number":{"type":"number","description":"Number of version before applying the GC policy.","description_kind":"plain","required":true}},"description":"NOTE: 'gc_rules' is more flexible, and should be preferred over this field for new resources. This field may be deprecated in the future. GC policy that applies to all versions of a cell except for the most recent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance":{"version":1,"block":{"attributes":{"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the instance will fail.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable display name of the Bigtable instance. Defaults to the instance name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The instance type to create. One of \"DEVELOPMENT\" or \"PRODUCTION\". Defaults to \"PRODUCTION\".","description_kind":"plain","deprecated":true,"optional":true},"labels":{"type":["map","string"],"description":"A mapping of labels to assign to the resource.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name (also called Instance Id in the Cloud Console) of the Cloud Bigtable instance. Must be 6-33 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The ID of the Cloud Bigtable cluster. Must be 6-30 characters and must only contain hyphens, lowercase letters and numbers.","description_kind":"plain","required":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect the destination Bigtable cluster. The requirements for this key are: 1) The Cloud Bigtable service account associated with the project that contains this cluster must be granted the cloudkms.cryptoKeyEncrypterDecrypter role on the CMEK key. 2) Only regional keys can be used and the region of the CMEK key must match the region of the cluster. 3) All clusters within an instance must use the same CMEK key. Values are of the form projects/{project}/locations/{location}/keyRings/{keyring}/cryptoKeys/{key}","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes in the cluster. If no value is set, Cloud Bigtable automatically allocates nodes based on your data footprint and optimized for 50% storage utilization.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the cluster","description_kind":"plain","computed":true},"storage_type":{"type":"string","description":"The storage type to use. One of \"SSD\" or \"HDD\". Defaults to \"SSD\".","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone to create the Cloud Bigtable cluster in. Each cluster must have a different zone in the same region. Zones that support Bigtable instances are noted on the Cloud Bigtable locations page.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"cpu_target":{"type":"number","description":"The target CPU utilization for autoscaling. Value must be between 10 and 80.","description_kind":"plain","required":true},"max_nodes":{"type":"number","description":"The maximum number of nodes for autoscaling.","description_kind":"plain","required":true},"min_nodes":{"type":"number","description":"The minimum number of nodes for autoscaling.","description_kind":"plain","required":true},"storage_target":{"type":"number","description":"The target storage utilization for autoscaling, in GB, for each node in a cluster. This number is limited between 2560 (2.5TiB) and 5120 (5TiB) for a SSD cluster and between 8192 (8TiB) and 16384 (16 TiB) for an HDD cluster. If not set, whatever is already set for the cluster will not change, or if the cluster is just being created, it will use the default value of 2560 for SSD clusters and 8192 for HDD clusters.","description_kind":"plain","optional":true,"computed":true}},"description":"A list of Autoscaling configurations. Only one element is used and allowed.","description_kind":"plain"},"max_items":1}},"description":"A block of cluster configuration options. This can be specified at least once.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table":{"version":0,"block":{"attributes":{"change_stream_retention":{"type":"string","description":"Duration to retain change stream data for the table. Set to 0 to disable. Must be between 1 and 7 days.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"string","description":"A field to make the table protected against data loss i.e. when set to PROTECTED, deleting the table, the column families in the table, and the instance containing the table would be prohibited. If not provided, currently deletion protection will be set to UNPROTECTED as it is the API default value.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description":"The name of the Bigtable instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the table. Must be 1-50 characters and must only contain hyphens, underscores, periods, letters and numbers.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"split_keys":{"type":["list","string"],"description":"A list of predefined keys to split the table on. !\u003e Warning: Modifying the split_keys of an existing table will cause Terraform to delete/recreate the entire google_bigtable_table resource.","description_kind":"plain","optional":true}},"block_types":{"column_family":{"nesting_mode":"set","block":{"attributes":{"family":{"type":"string","description":"The name of the column family.","description_kind":"plain","required":true}},"description":"A group of columns within a table which share a common configuration. This can be specified multiple times.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_bigtable_table_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"table":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account_iam_binding":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_member":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_budget":{"version":1,"block":{"attributes":{"billing_account":{"type":"string","description":"ID of the billing account to set a budget on.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"User data for display name in UI. Must be \u003c= 60 chars.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the budget. The resource name\nimplies the scope of a budget. Values are of the form\nbillingAccounts/{billingAccountId}/budgets/{budgetId}.","description_kind":"plain","computed":true},"ownership_scope":{"type":"string","description":"The ownership scope of the budget. The ownership scope and users'\nIAM permissions determine who has full access to the budget's data. Possible values: [\"OWNERSHIP_SCOPE_UNSPECIFIED\", \"ALL_USERS\", \"BILLING_ACCOUNT\"]","description_kind":"plain","optional":true}},"block_types":{"all_updates_rule":{"nesting_mode":"list","block":{"attributes":{"disable_default_iam_recipients":{"type":"bool","description":"Boolean. When set to true, disables default notifications sent\nwhen a threshold is exceeded. Default recipients are\nthose with Billing Account Administrators and Billing\nAccount Users IAM roles for the target account.","description_kind":"plain","optional":true},"monitoring_notification_channels":{"type":["list","string"],"description":"The full resource name of a monitoring notification\nchannel in the form\nprojects/{project_id}/notificationChannels/{channel_id}.\nA maximum of 5 channels are allowed.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of the Cloud Pub/Sub topic where budget related\nmessages will be published, in the form\nprojects/{project_id}/topics/{topic_id}. Updates are sent\nat regular intervals to the topic.","description_kind":"plain","optional":true},"schema_version":{"type":"string","description":"The schema version of the notification. Only \"1.0\" is\naccepted. It represents the JSON schema as defined in\nhttps://cloud.google.com/billing/docs/how-to/budgets#notification_format.","description_kind":"plain","optional":true}},"description":"Defines notifications that are sent on every update to the\nbilling account's spend, regardless of the thresholds defined\nusing threshold rules.","description_kind":"plain"},"max_items":1},"amount":{"nesting_mode":"list","block":{"attributes":{"last_period_amount":{"type":"bool","description":"Configures a budget amount that is automatically set to 100% of\nlast period's spend.\nBoolean. Set value to true to use. Do not set to false, instead\nuse the 'specified_amount' block.","description_kind":"plain","optional":true}},"block_types":{"specified_amount":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The 3-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true,"computed":true},"nanos":{"type":"number","description":"Number of nano (10^-9) units of the amount.\nThe value must be between -999,999,999 and +999,999,999\ninclusive. If units is positive, nanos must be positive or\nzero. If units is zero, nanos can be positive, zero, or\nnegative. If units is negative, nanos must be negative or\nzero. For example $-1.75 is represented as units=-1 and\nnanos=-750,000,000.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode\nis \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"A specified amount to use as the budget. currencyCode is\noptional. If specified, it must match the currency of the\nbilling account. The currencyCode is provided on output.","description_kind":"plain"},"max_items":1}},"description":"The budgeted amount for each usage period.","description_kind":"plain"},"min_items":1,"max_items":1},"budget_filter":{"nesting_mode":"list","block":{"attributes":{"calendar_period":{"type":"string","description":"A CalendarPeriod represents the abstract concept of a recurring time period that has a\ncanonical start. Grammatically, \"the start of the current CalendarPeriod\".\nAll calendar times begin at 12 AM US and Canadian Pacific Time (UTC-8).\n\nExactly one of 'calendar_period', 'custom_period' must be provided. Possible values: [\"MONTH\", \"QUARTER\", \"YEAR\", \"CALENDAR_PERIOD_UNSPECIFIED\"]","description_kind":"plain","optional":true},"credit_types":{"type":["list","string"],"description":"Optional. If creditTypesTreatment is INCLUDE_SPECIFIED_CREDITS,\nthis is a list of credit types to be subtracted from gross cost to determine the spend for threshold calculations. See a list of acceptable credit type values.\nIf creditTypesTreatment is not INCLUDE_SPECIFIED_CREDITS, this field must be empty.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true},"credit_types_treatment":{"type":"string","description":"Specifies how credits should be treated when determining spend\nfor threshold calculations. Default value: \"INCLUDE_ALL_CREDITS\" Possible values: [\"INCLUDE_ALL_CREDITS\", \"EXCLUDE_ALL_CREDITS\", \"INCLUDE_SPECIFIED_CREDITS\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A single label and value pair specifying that usage from only\nthis set of labeled resources should be included in the budget.","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["set","string"],"description":"A set of projects of the form projects/{project_number},\nspecifying that usage from only this set of projects should be\nincluded in the budget. If omitted, the report will include\nall usage for the billing account, regardless of which project\nthe usage occurred on.","description_kind":"plain","optional":true},"resource_ancestors":{"type":["set","string"],"description":"A set of folder and organization names of the form folders/{folderId} or organizations/{organizationId},\nspecifying that usage from only this set of folders and organizations should be included in the budget.\nIf omitted, the budget includes all usage that the billing account pays for. If the folder or organization\ncontains projects that are paid for by a different Cloud Billing account, the budget doesn't apply to those projects.","description_kind":"plain","optional":true},"services":{"type":["list","string"],"description":"A set of services of the form services/{service_id},\nspecifying that usage from only this set of services should be\nincluded in the budget. If omitted, the report will include\nusage for all the services. The service names are available\nthrough the Catalog API:\nhttps://cloud.google.com/billing/v1/how-tos/catalog-api.","description_kind":"plain","optional":true,"computed":true},"subaccounts":{"type":["list","string"],"description":"A set of subaccounts of the form billingAccounts/{account_id},\nspecifying that usage from only this set of subaccounts should\nbe included in the budget. If a subaccount is set to the name of\nthe parent account, usage from the parent account will be included.\nIf the field is omitted, the report will include usage from the parent\naccount and all subaccounts, if they exist.\n\n**Note:** If the field has a value in the config and needs to be removed, the field has to be an emtpy array in the config.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"custom_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"Optional. The end date of the time period. Budgets with elapsed end date won't be processed.\nIf unset, specifies to track all usage incurred since the startDate.","description_kind":"plain"},"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"A start date is required. The start date must be after January 1, 2017.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies to track usage from any start date (required) to any end date (optional).\nThis time period is static, it does not recur.\n\nExactly one of 'calendar_period', 'custom_period' must be provided.","description_kind":"plain"},"max_items":1}},"description":"Filters that define which resources are used to compute the actual\nspend against the budget.","description_kind":"plain"},"max_items":1},"threshold_rules":{"nesting_mode":"list","block":{"attributes":{"spend_basis":{"type":"string","description":"The type of basis used to determine if spend has passed\nthe threshold. Default value: \"CURRENT_SPEND\" Possible values: [\"CURRENT_SPEND\", \"FORECASTED_SPEND\"]","description_kind":"plain","optional":true},"threshold_percent":{"type":"number","description":"Send an alert when this threshold is exceeded. This is a\n1.0-based percentage, so 0.5 = 50%. Must be \u003e= 0.","description_kind":"plain","required":true}},"description":"Rules that trigger alerts (notifications of thresholds being\ncrossed) when spend exceeds the specified percentages of the\nbudget.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_project_info":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The ID of the billing account associated with the project, if\nany. Set to empty string to disable billing for the project.\nFor example, '\"012345-567890-ABCDEF\"' or '\"\"'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_billing_subaccount":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"master_billing_account":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment. This field may be updated. The field may be\ndisplayed in chooser dialogs.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"attestation_authority_note":{"nesting_mode":"list","block":{"attributes":{"delegation_service_account_email":{"type":"string","description":"This field will contain the service account email address that\nthis Attestor will use as the principal when querying Container\nAnalysis. Attestor administrators must grant this service account\nthe IAM role needed to read attestations from the noteReference in\nContainer Analysis (containeranalysis.notes.occurrences.viewer).\nThis email address is fixed for the lifetime of the Attestor, but\ncallers should not make any other assumptions about the service\naccount email; future versions may use an email based on a\ndifferent naming pattern.","description_kind":"plain","computed":true},"note_reference":{"type":"string","description":"The resource name of a ATTESTATION_AUTHORITY Note, created by the\nuser. If the Note is in a different project from the Attestor, it\nshould be specified in the format 'projects/*/notes/*' (or the legacy\n'providers/*/notes/*'). This field may not be updated.\nAn attestation by this attestor is stored as a Container Analysis\nATTESTATION_AUTHORITY Occurrence that names a container image\nand that links to this Note.","description_kind":"plain","required":true}},"block_types":{"public_keys":{"nesting_mode":"list","block":{"attributes":{"ascii_armored_pgp_public_key":{"type":"string","description":"ASCII-armored representation of a PGP public key, as the\nentire output by the command\n'gpg --export --armor foo@example.com' (either LF or CRLF\nline endings). When using this field, id should be left\nblank. The BinAuthz API handlers will calculate the ID\nand fill it in automatically. BinAuthz computes this ID\nas the OpenPGP RFC4880 V4 fingerprint, represented as\nupper-case hex. If id is provided by the caller, it will\nbe overwritten by the API-calculated ID.","description_kind":"plain","optional":true},"comment":{"type":"string","description":"A descriptive comment. This field may be updated.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The ID of this public key. Signatures verified by BinAuthz\nmust include the ID of the public key that can be used to\nverify them, and that ID must match the contents of this\nfield exactly. Additional restrictions on this field can\nbe imposed based on which public key type is encapsulated.\nSee the documentation on publicKey cases below for details.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"pkix_public_key":{"nesting_mode":"list","block":{"attributes":{"public_key_pem":{"type":"string","description":"A PEM-encoded public key, as described in\n'https://tools.ietf.org/html/rfc7468#section-13'","description_kind":"plain","optional":true},"signature_algorithm":{"type":"string","description":"The signature algorithm used to verify a message against\na signature using this key. These signature algorithm must\nmatch the structure and any object identifiers encoded in\npublicKeyPem (i.e. this algorithm must match that of the\npublic key).","description_kind":"plain","optional":true}},"description":"A raw PKIX SubjectPublicKeyInfo format public key.\n\nNOTE: id may be explicitly provided by the caller when using this\ntype of public key, but it MUST be a valid RFC3986 URI. If id is left\nblank, a default one will be computed based on the digest of the DER\nencoding of the public key.","description_kind":"plain"},"max_items":1}},"description":"Public keys that verify attestations signed by this attestor. This\nfield may be updated.\nIf this field is non-empty, one of the specified public keys must\nverify that an attestation was signed by this attestor for the\nimage specified in the admission request.\nIf this field is empty, this attestor always returns that no valid\nattestations exist.","description_kind":"plain"}}},"description":"A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_binding":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_member":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_binary_authorization_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A descriptive comment.","description_kind":"plain","optional":true},"global_policy_evaluation_mode":{"type":"string","description":"Controls the evaluation of a Google-maintained global admission policy\nfor common system-level images. Images not covered by the global\npolicy will be subject to the project admission policy. Possible values: [\"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"admission_whitelist_patterns":{"nesting_mode":"list","block":{"attributes":{"name_pattern":{"type":"string","description":"An image name pattern to whitelist, in the form\n'registry/path/to/image'. This supports a trailing * as a\nwildcard, but this is allowed only in text after the registry/\npart.","description_kind":"plain","required":true}},"description":"A whitelist of image patterns to exclude from admission rules. If an\nimage's name matches a whitelist pattern, the image's admission\nrequests will always be permitted regardless of your admission rules.","description_kind":"plain"}},"cluster_admission_rules":{"nesting_mode":"set","block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Per-cluster admission rules. An admission rule specifies either that\nall container images used in a pod creation request must be attested\nto by one or more attestors, that all pod creations will be allowed,\nor that all pod creations will be denied. There can be at most one\nadmission rule per cluster spec.\n\n\nIdentifier format: '{{location}}.{{clusterId}}'.\nA location is either a compute zone (e.g. 'us-central1-a') or a region\n(e.g. 'us-central1').","description_kind":"plain"}},"default_admission_rule":{"nesting_mode":"list","block":{"attributes":{"enforcement_mode":{"type":"string","description":"The action when a pod creation is denied by the admission rule. Possible values: [\"ENFORCED_BLOCK_AND_AUDIT_LOG\", \"DRYRUN_AUDIT_LOG_ONLY\"]","description_kind":"plain","required":true},"evaluation_mode":{"type":"string","description":"How this admission rule will be evaluated. Possible values: [\"ALWAYS_ALLOW\", \"REQUIRE_ATTESTATION\", \"ALWAYS_DENY\"]","description_kind":"plain","required":true},"require_attestations_by":{"type":["set","string"],"description":"The resource names of the attestors that must attest to a\ncontainer image. If the attestor is in a different project from the\npolicy, it should be specified in the format 'projects/*/attestors/*'.\nEach attestor must exist before a policy can reference it. To add an\nattestor to a policy the principal issuing the policy change\nrequest must be able to read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field\nspecifies REQUIRE_ATTESTATION, otherwise it must be empty.","description_kind":"plain","optional":true}},"description":"Default admission rule for a cluster without a per-cluster admission\nrule.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_blockchain_node_engine_blockchain_nodes":{"version":0,"block":{"attributes":{"blockchain_node_id":{"type":"string","description":"ID of the requesting object.","description_kind":"plain","required":true},"blockchain_type":{"type":"string","description":"User-provided key-value pairs Possible values: [\"ETHEREUM\"]","description_kind":"plain","optional":true},"connection_info":{"type":["list",["object",{"endpoint_info":["list",["object",{"json_rpc_api_endpoint":"string","websockets_api_endpoint":"string"}]],"service_attachment":"string"}]],"description":"The connection information through which to interact with a blockchain node.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp at which the blockchain node was first created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-provided key-value pairs\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of Blockchain Node being created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The fully qualified name of the blockchain node. e.g. projects/my-project/locations/us-central1/blockchainNodes/my-node.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp at which the blockchain node was last updated.","description_kind":"plain","computed":true}},"block_types":{"ethereum_details":{"nesting_mode":"list","block":{"attributes":{"additional_endpoints":{"type":["list",["object",{"beacon_api_endpoint":"string","beacon_prometheus_metrics_api_endpoint":"string","execution_client_prometheus_metrics_api_endpoint":"string"}]],"description":"User-provided key-value pairs","description_kind":"plain","computed":true},"api_enable_admin":{"type":"bool","description":"Enables JSON-RPC access to functions in the admin namespace. Defaults to false.","description_kind":"plain","optional":true},"api_enable_debug":{"type":"bool","description":"Enables JSON-RPC access to functions in the debug namespace. Defaults to false.","description_kind":"plain","optional":true},"consensus_client":{"type":"string","description":"The consensus client Possible values: [\"CONSENSUS_CLIENT_UNSPECIFIED\", \"LIGHTHOUSE\"]","description_kind":"plain","optional":true},"execution_client":{"type":"string","description":"The execution client Possible values: [\"EXECUTION_CLIENT_UNSPECIFIED\", \"GETH\", \"ERIGON\"]","description_kind":"plain","optional":true},"network":{"type":"string","description":"The Ethereum environment being accessed. Possible values: [\"MAINNET\", \"TESTNET_GOERLI_PRATER\", \"TESTNET_SEPOLIA\"]","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"The type of Ethereum node. Possible values: [\"LIGHT\", \"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"block_types":{"geth_details":{"nesting_mode":"list","block":{"attributes":{"garbage_collection_mode":{"type":"string","description":"Blockchain garbage collection modes. Only applicable when NodeType is FULL or ARCHIVE. Possible values: [\"FULL\", \"ARCHIVE\"]","description_kind":"plain","optional":true}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"validator_config":{"nesting_mode":"list","block":{"attributes":{"mev_relay_urls":{"type":["list","string"],"description":"URLs for MEV-relay services to use for block building. When set, a managed MEV-boost service is configured on the beacon client.","description_kind":"plain","optional":true}},"description":"Configuration for validator-related parameters on the beacon client, and for any managed validator client.","description_kind":"plain"},"max_items":1}},"description":"User-provided key-value pairs","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Certificate resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate. Certificate names must be unique\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The scope of the certificate.\n\nDEFAULT: Certificates with default scope are served from core Google data centers.\nIf unsure, choose this option.\n\nEDGE_CACHE: Certificates with scope EDGE_CACHE are special-purposed certificates, served from Edge Points of Presence.\nSee https://cloud.google.com/vpc/docs/edge-locations.\n\nALL_REGIONS: Certificates with ALL_REGIONS scope are served from all GCP regions (You can only use ALL_REGIONS with global certs).\nSee https://cloud.google.com/compute/docs/regions-zones","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"authorization_attempt_info":{"type":["list",["object",{"details":"string","domain":"string","failure_reason":"string","state":"string"}]],"description":"Detailed state of the latest authorization attempt for each domain\nspecified for this Managed Certificate.","description_kind":"plain","computed":true},"dns_authorizations":{"type":["list","string"],"description":"Authorizations that will be used for performing domain authorization. Either issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"domains":{"type":["list","string"],"description":"The domains for which a managed SSL certificate will be generated.\nWildcard domains are only supported with DNS challenge resolution","description_kind":"plain","optional":true},"issuance_config":{"type":"string","description":"The resource name for a CertificateIssuanceConfig used to configure private PKI certificates in the format projects/*/locations/*/certificateIssuanceConfigs/*.\nIf this field is not set, the certificates will instead be publicly signed as documented at https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs#caa.\nEither issuanceConfig or dnsAuthorizations should be specificed, but not both.","description_kind":"plain","optional":true},"provisioning_issue":{"type":["list",["object",{"details":"string","reason":"string"}]],"description":"Information about issues with provisioning this Managed Certificate.","description_kind":"plain","computed":true},"state":{"type":"string","description":"A state of this Managed Certificate.","description_kind":"plain","computed":true}},"description":"Configuration and state of a Managed Certificate.\nCertificate Manager provisions and renews Managed Certificates\nautomatically, for as long as it's authorized to do so.","description_kind":"plain"},"max_items":1},"self_managed":{"nesting_mode":"list","block":{"attributes":{"certificate_pem":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true},"pem_certificate":{"type":"string","description":"The certificate chain in PEM-encoded form.\n\nLeaf certificate comes first, followed by intermediate ones if any.","description_kind":"plain","optional":true},"pem_private_key":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","optional":true,"sensitive":true},"private_key_pem":{"type":"string","description":"The private key of the leaf certificate in PEM-encoded form.","description_kind":"plain","deprecated":true,"optional":true,"sensitive":true}},"description":"Certificate data for a SelfManaged Certificate.\nSelfManaged Certificates are uploaded by the user. Updating such\ncertificates before they expire remains the user's responsibility.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_issuance_config":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a CertificateIssuanceConfig.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description":"Key algorithm to use when generating the private key. Possible values: [\"RSA_2048\", \"ECDSA_P256\"]","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"'Set of label tags associated with the CertificateIssuanceConfig resource.\n An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"Lifetime of issued certificates. A duration in seconds with up to nine fractional digits, ending with 's'.\nExample: \"1814400s\". Valid values are from 21 days (1814400s) to 30 days (2592000s)","description_kind":"plain","required":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the certificate issuance config.\nCertificateIssuanceConfig names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rotation_window_percentage":{"type":"number","description":"It specifies the percentage of elapsed time of the certificate lifetime to wait before renewing the certificate.\nMust be a number between 1-99, inclusive.\nYou must set the rotation window percentage in relation to the certificate lifetime so that certificate renewal occurs at least 7 days after\nthe certificate has been issued and at least 7 days before it expires.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a CertificateIssuanceConfig. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"certificate_authority_config":{"nesting_mode":"list","block":{"block_types":{"certificate_authority_service_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"A CA pool resource used to issue a certificate.\nThe CA pool string has a relative resource path following the form\n\"projects/{project}/locations/{location}/caPools/{caPool}\".","description_kind":"plain","required":true}},"description":"Defines a CertificateAuthorityServiceConfig.","description_kind":"plain"},"max_items":1}},"description":"The CA that issues the workload certificate. It includes the CA address, type, authentication to CA service, etc.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_certificate_map_entry":{"version":0,"block":{"attributes":{"certificates":{"type":["list","string"],"description":"A set of Certificates defines for the given hostname.\nThere can be defined up to fifteen certificates in each Certificate Map Entry.\nEach certificate must match pattern projects/*/locations/*/certificates/*.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A Hostname (FQDN, e.g. example.com) or a wildcard hostname expression (*.example.com)\nfor a set of hostnames with common suffix. Used as Server Name Indication (SNI) for\nselecting a proper certificate.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map Entry.\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"map":{"type":"string","description":"A map entry that is inputted into the cetrificate map","description_kind":"plain","required":true},"matcher":{"type":"string","description":"A predefined matcher for particular cases, other than SNI selection","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map Entry. Certificate Map Entry\nnames must be unique globally and match pattern\n'projects/*/locations/*/certificateMaps/*/certificateMapEntries/*'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"A serving state of this Certificate Map Entry.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map Entry. Timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_dns_authorization":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"dns_resource_record":{"type":["list",["object",{"data":"string","name":"string","type":"string"}]],"description":"The structure describing the DNS Resource Record that needs to be added\nto DNS configuration for the authorization to be usable by\ncertificate.","description_kind":"plain","computed":true},"domain":{"type":"string","description":"A domain which is being authorized. A DnsAuthorization resource covers a\nsingle domain and its wildcard, e.g. authorization for \"example.com\" can\nbe used to issue certificates for \"example.com\" and \"*.example.com\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the DNS Authorization resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Certificate Manager location. If not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"type of DNS authorization. If unset during the resource creation, FIXED_RECORD will\nbe used for global resources, and PER_PROJECT_RECORD will be used for other locations.\n\nFIXED_RECORD DNS authorization uses DNS-01 validation method\n\nPER_PROJECT_RECORD DNS authorization allows for independent management\nof Google-managed certificates with DNS authorization across multiple\nprojects. Possible values: [\"FIXED_RECORD\", \"PER_PROJECT_RECORD\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_certificate_manager_trust_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"One or more paragraphs of text description of a trust config.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the trust config.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The trust config location.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the trust config. Trust config names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a TrustConfig.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trust_stores":{"nesting_mode":"list","block":{"block_types":{"intermediate_cas":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM intermediate certificate used for building up paths for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"Set of intermediate CA certificates used for the path building phase of chain validation.\nThe field is currently not supported if trust config is used for the workload certificate feature.","description_kind":"plain"}},"trust_anchors":{"nesting_mode":"list","block":{"attributes":{"pem_certificate":{"type":"string","description":"PEM root certificate of the PKI used for validation.\nEach certificate provided in PEM format may occupy up to 5kB.","description_kind":"plain","optional":true,"sensitive":true}},"description":"List of Trust Anchors to be used while performing validation against a given TrustStore.","description_kind":"plain"}}},"description":"Set of trust stores to perform validation against.\nThis field is supported when TrustConfig is configured with Load Balancers, currently not supported for SPIFFE certificate validation.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_folder_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"folder":{"type":"string","description":"The folder this feed should be created in.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The ID of the folder where this feed has been created. Both [FOLDER_NUMBER]\nand folders/[FOLDER_NUMBER] are accepted.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be folders/{folder_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_organization_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing.","description_kind":"plain","required":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be organizations/{organization_number}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The organization this feed should be created in.","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_asset_project_feed":{"version":0,"block":{"attributes":{"asset_names":{"type":["list","string"],"description":"A list of the full names of the assets to receive updates. You must specify either or both of\nassetNames and assetTypes. Only asset updates matching specified assetNames and assetTypes are\nexported to the feed. For example: //compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.\nSee https://cloud.google.com/apis/design/resourceNames#fullResourceName for more info.","description_kind":"plain","optional":true},"asset_types":{"type":["list","string"],"description":"A list of types of the assets to receive updates. You must specify either or both of assetNames\nand assetTypes. Only asset updates matching specified assetNames and assetTypes are exported to\nthe feed. For example: \"compute.googleapis.com/Disk\"\nSee https://cloud.google.com/asset-inventory/docs/supported-asset-types for a list of all\nsupported asset types.","description_kind":"plain","optional":true},"billing_project":{"type":"string","description":"The project whose identity will be used when sending messages to the\ndestination pubsub topic. It also specifies the project for API\nenablement check, quota, and billing. If not specified, the resource's\nproject will be used.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Asset content type. If not specified, no content but the asset name and type will be returned. Possible values: [\"CONTENT_TYPE_UNSPECIFIED\", \"RESOURCE\", \"IAM_POLICY\", \"ORG_POLICY\", \"OS_INVENTORY\", \"ACCESS_POLICY\"]","description_kind":"plain","optional":true},"feed_id":{"type":"string","description":"This is the client-assigned asset feed identifier and it needs to be unique under a specific parent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The format will be projects/{projectNumber}/feeds/{client-assigned_feed_identifier}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file\nname and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether an asset update should be published. If specified, an asset\nwill be returned only when the expression evaluates to true. When set, expression field\nmust be a valid CEL expression on a TemporalAsset with name temporal_asset. Example: a Feed with\nexpression \"temporal_asset.deleted == true\" will only publish Asset deletions. Other fields of\ncondition are optional.","description_kind":"plain"},"max_items":1},"feed_output_config":{"nesting_mode":"list","block":{"block_types":{"pubsub_destination":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Destination on Cloud Pubsub topic.","description_kind":"plain","required":true}},"description":"Destination on Cloud Pubsub.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Output configuration for asset feed destination.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group":{"version":0,"block":{"attributes":{"additional_group_keys":{"type":["list",["object",{"id":"string","namespace":"string"}]],"description":"Additional group keys associated with the Group","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the Group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An extended description to help users determine the purpose of a Group.\nMust not be longer than 4,096 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_group_config":{"type":"string","description":"The initial configuration options for creating a Group.\n\nSee the\n[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)\nfor possible values. Default value: \"EMPTY\" Possible values: [\"INITIAL_GROUP_CONFIG_UNSPECIFIED\", \"WITH_INITIAL_OWNER\", \"EMPTY\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.\n\nGoogle Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.\n\nExisting Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.\n\nDynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.\n\nIdentity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the Group in the format: groups/{group_id}, where group_id\nis the unique ID assigned to the Group.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the Group was last updated.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the Group.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_identity_group_membership":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the Membership was created.","description_kind":"plain","computed":true},"group":{"type":"string","description":"The name of the Group to create this membership in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the membership.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the Membership was last updated.","description_kind":"plain","computed":true}},"block_types":{"preferred_member_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity.\n\nFor Google-managed entities, the id must be the email address of an existing\ngroup or user.\n\nFor external-identity-mapped entities, the id must be a string conforming\nto the Identity Source's requirements.\n\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists.\n\nIf not specified, the EntityKey represents a Google-managed entity\nsuch as a Google user or a Google Group.\n\nIf specified, the EntityKey represents an external-identity-mapped group.\nThe namespace must correspond to an identity source created in Admin Console\nand must be in the form of 'identitysources/{identity_source_id}'.","description_kind":"plain","optional":true}},"description":"EntityKey of the member.","description_kind":"plain"},"max_items":1},"roles":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER. Possible values: [\"OWNER\", \"MANAGER\", \"MEMBER\"]","description_kind":"plain","required":true}},"block_types":{"expiry_detail":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time at which the MembershipRole will expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.\n\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"The MembershipRole expiry details, only supported for MEMBER role.\nOther roles cannot be accompanied with MEMBER role having expiry.","description_kind":"plain"},"max_items":1}},"description":"The MembershipRoles that apply to the Membership.\nMust not contain duplicate MembershipRoles with the same name.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_ids_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC 3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the endpoint.","description_kind":"plain","optional":true},"endpoint_forwarding_rule":{"type":"string","description":"URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"Internal IP address of the endpoint's network entry point.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the endpoint.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like \"src-net\") or the full URL to the network (like \"projects/{project_id}/global/networks/src-net\").","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The minimum alert severity level that is reported by the endpoint. Possible values: [\"INFORMATIONAL\", \"LOW\", \"MEDIUM\", \"HIGH\", \"CRITICAL\"]","description_kind":"plain","required":true},"threat_exceptions":{"type":["list","string"],"description":"Configuration for threat IDs excluded from generating alerts. Limit: 99 IDs.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Last update timestamp in RFC 3339 text format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_quotas_quota_preference":{"version":0,"block":{"attributes":{"contact_email":{"type":"string","description":"An email address that can be used for quota related communication between the Google Cloud and the user in case the Google Cloud needs further information to make a decision on whether the user preferred quota can be granted.\n\nThe Google account for the email address must have quota update permission for the project, folder or organization this quota preference is for.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dimensions":{"type":["map","string"],"description":"The dimensions that this quota preference applies to. The key of the map entry is the name of a dimension, such as \"region\", \"zone\", \"network_id\", and the value of the map entry is the dimension value. If a dimension is missing from the map of dimensions, the quota preference applies to all the dimension values except for those that have other quota preferences configured for the specific value.\n\nNOTE: QuotaPreferences can only be applied across all values of \"user\" and \"resource\" dimension. Do not set values for \"user\" or \"resource\" in the dimension map.\n\nExample: '{\"provider\": \"Foo Inc\"}' where \"provider\" is a service specific dimension.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"The current etag of the quota preference. If an etag is provided on update and does not match the current server's etag of the quota preference, the request will be blocked and an ABORTED error will be returned. See https://google.aip.dev/134#etags for more details on etags.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_safety_checks":{"type":"string","description":"The list of quota safety checks to be ignored. Default value: \"QUOTA_SAFETY_CHECK_UNSPECIFIED\" Possible values: [\"QUOTA_SAFETY_CHECK_UNSPECIFIED\", \"QUOTA_DECREASE_BELOW_USAGE\", \"QUOTA_DECREASE_PERCENTAGE_TOO_HIGH\"]","description_kind":"plain","optional":true},"justification":{"type":"string","description":"The reason / justification for this quota preference.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the quota preference. Required except in the CREATE requests.","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The parent of the quota preference. Allowed parents are \"projects/[project-id / number]\" or \"folders/[folder-id / number]\" or \"organizations/[org-id / number]\".","description_kind":"plain","optional":true,"computed":true},"quota_id":{"type":"string","description":"The id of the quota to which the quota preference is applied. A quota id is unique in the service.\nExample: 'CPUS-per-project-region'.","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Is the quota preference pending Google Cloud approval and fulfillment.","description_kind":"plain","computed":true},"service":{"type":"string","description":"The name of the service to which the quota preference is applied.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Update time stamp.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true}},"block_types":{"quota_config":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"The annotations map for clients to store small amounts of arbitrary data. Do not put PII or other sensitive information here. See https://google.aip.dev/128#annotations.\n\nAn object containing a list of \"key: value\" pairs. Example: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"granted_value":{"type":"string","description":"Granted quota value.","description_kind":"plain","computed":true},"preferred_value":{"type":"string","description":"The preferred value. Must be greater than or equal to -1. If set to -1, it means the value is \"unlimited\".","description_kind":"plain","required":true},"request_origin":{"type":"string","description":"The origin of the quota preference request.","description_kind":"plain","computed":true},"state_detail":{"type":"string","description":"Optional details about the state of this quota preference.","description_kind":"plain","computed":true},"trace_id":{"type":"string","description":"The trace id that the Google Cloud uses to provision the requested quota. This trace id may be used by the client to contact Cloud support to track the state of a quota preference request. The trace id is only produced for increase requests and is unique for each request. The quota decrease requests do not have a trace id.","description_kind":"plain","computed":true}},"description":"The preferred quota configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_domain_mapping":{"version":1,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name should be a [verified](https://support.google.com/webmasters/answer/9008080) domain","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"mapped_route_name":"string","observed_generation":"number","resource_records":["list",["object",{"name":"string","rrdata":"string","type":"string"}]]}]],"description":"The current status of the DomainMapping.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","required":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.\n\nMore info:\nhttps://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.\n\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids","description_kind":"plain","computed":true}},"description":"Metadata associated with this DomainMapping.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"certificate_mode":{"type":"string","description":"The mode of the certificate. Default value: \"AUTOMATIC\" Possible values: [\"NONE\", \"AUTOMATIC\"]","description_kind":"plain","optional":true},"force_override":{"type":"bool","description":"If set, the mapping will override any mapping set before this spec was set.\nIt is recommended that the user leaves this empty to receive an error\nwarning about a potential conflict and only set it once the respective UI\nhas given such a warning.","description_kind":"plain","optional":true},"route_name":{"type":"string","description":"The name of the Cloud Run Service that this DomainMapping applies to.\nThe route must exist.","description_kind":"plain","required":true}},"description":"The spec for this DomainMapping.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Service:\n\n- 'run.googleapis.com/binary-authorization-breakglass' sets the [Binary Authorization breakglass](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--breakglass).\n- 'run.googleapis.com/binary-authorization' sets the [Binary Authorization](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--binary-authorization).\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/custom-audiences' sets the [custom audiences](https://cloud.google.com/sdk/gcloud/reference/alpha/run/deploy#--add-custom-audiences)\n that can be used in the audience field of ID token for authenticated requests.\n- 'run.googleapis.com/description' sets a user defined description for the Service.\n- 'run.googleapis.com/ingress' sets the [ingress settings](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--ingress)\n for the Service. For example, '\"run.googleapis.com/ingress\" = \"all\"'.\n- 'run.googleapis.com/launch-stage' sets the [launch stage](https://cloud.google.com/run/docs/troubleshooting#launch-stage-validation)\n when a preview feature is used. For example, '\"run.googleapis.com/launch-stage\": \"BETA\"'\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand routes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations is a key value map stored with a resource that\nmay be set by external tools to store and retrieve arbitrary metadata. More\ninfo: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n\n**Note**: The Cloud Run API may add additional annotations that were not provided in your config.\nIf terraform plan shows a diff where a server-side annotation is added, you can add it to your config\nor apply the lifecycle.ignore_changes rule to the metadata.0.annotations field.\n\nAnnotations with 'run.googleapis.com/' and 'autoscaling.knative.dev' are restricted. Use the following annotation\nkeys to configure features on a Revision template:\n\n- 'autoscaling.knative.dev/maxScale' sets the [maximum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--max-instances) of the Revision to run.\n- 'autoscaling.knative.dev/minScale' sets the [minimum number of container\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--min-instances) of the Revision to run.\n- 'run.googleapis.com/client-name' sets the client name calling the Cloud Run API.\n- 'run.googleapis.com/cloudsql-instances' sets the [Cloud SQL\n instances](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--add-cloudsql-instances) the Revision connects to.\n- 'run.googleapis.com/cpu-throttling' sets whether to throttle the CPU when the container is not actively serving\n requests. See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-throttling.\n- 'run.googleapis.com/encryption-key-shutdown-hours' sets the number of hours to wait before an automatic shutdown\n server after CMEK key revocation is detected.\n- 'run.googleapis.com/encryption-key' sets the [CMEK key](https://cloud.google.com/run/docs/securing/using-cmek)\n reference to encrypt the container with.\n- 'run.googleapis.com/execution-environment' sets the [execution\n environment](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--execution-environment)\n where the application will run.\n- 'run.googleapis.com/post-key-revocation-action-type' sets the\n [action type](https://cloud.google.com/sdk/gcloud/reference/run/deploy#--post-key-revocation-action-type)\n after CMEK key revocation.\n- 'run.googleapis.com/secrets' sets a list of key-value pairs to set as\n [secrets](https://cloud.google.com/run/docs/configuring/secrets#yaml).\n- 'run.googleapis.com/sessionAffinity' sets whether to enable\n [session affinity](https://cloud.google.com/sdk/gcloud/reference/beta/run/deploy#--[no-]session-affinity)\n for connections to the Revision.\n- 'run.googleapis.com/startup-cpu-boost' sets whether to allocate extra CPU to containers on startup.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--[no-]cpu-boost.\n- 'run.googleapis.com/vpc-access-connector' sets a [VPC connector](https://cloud.google.com/run/docs/configuring/connecting-vpc#terraform_1)\n for the Revision.\n- 'run.googleapis.com/vpc-access-egress' sets the outbound traffic to send through the VPC connector for this resource.\n See https://cloud.google.com/sdk/gcloud/reference/run/deploy#--vpc-egress.","description_kind":"plain","optional":true,"computed":true},"generation":{"type":"number","description":"A sequence number representing a specific generation of the desired state.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Map of string keys and values that can be used to organize and categorize\n(scope and select) objects.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"namespace":{"type":"string","description":"In Cloud Run the namespace must be equal to either the\nproject ID or project number. It will default to the resource's project.","description_kind":"plain","optional":true,"computed":true},"resource_version":{"type":"string","description":"An opaque value that represents the internal version of this object that\ncan be used by clients to determine when objects have changed. May be used\nfor optimistic concurrency, change detection, and the watch operation on a\nresource or set of resources. They may only be valid for a\nparticular resource or set of resources.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"SelfLink is a URL representing this object.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"UID is a unique id generated by the server on successful creation of a resource and is not\nallowed to change on PUT operations.","description_kind":"plain","computed":true}},"description":"Optional metadata for this Revision, including labels and annotations.\nName will be generated by the Configuration. To set minimum instances\nfor this revision, use the \"autoscaling.knative.dev/minScale\" annotation\nkey. To set maximum instances for this revision, use the\n\"autoscaling.knative.dev/maxScale\" annotation key. To set Cloud SQL\nconnections for the revision, use the \"run.googleapis.com/cloudsql-instances\"\nannotation key.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"container_concurrency":{"type":"number","description":"ContainerConcurrency specifies the maximum allowed in-flight (concurrent)\nrequests per container of the Revision. Values are:\n- '0' thread-safe, the system should manage the max concurrency. This is\n the default value.\n- '1' not-thread-safe. Single concurrency\n- '2-N' thread-safe, max concurrency of N","description_kind":"plain","optional":true,"computed":true},"service_account_name":{"type":"string","description":"Email address of the IAM service account associated with the revision of the\nservice. The service account represents the identity of the running revision,\nand determines what permissions the revision has. If not provided, the revision\nwill use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"serving_state":{"type":"string","description":"ServingState holds a value describing the state the resources\nare in for this Revision.\nIt is expected\nthat the system will manipulate this based on routability and load.","description_kind":"plain","deprecated":true,"computed":true},"timeout_seconds":{"type":"number","description":"TimeoutSeconds holds the max duration the instance is allowed for responding to a request.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint.\nThe docker image's CMD is used if this is not provided.","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell.\nThe docker image's ENTRYPOINT is used if this is not provided.","description_kind":"plain","optional":true},"image":{"type":"string","description":"Docker image name. This is most often a reference to a container located\nin the container registry, such as gcr.io/cloudrun/hello","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container","description_kind":"plain","optional":true,"computed":true},"working_dir":{"type":"string","description":"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.","description_kind":"plain","deprecated":true,"optional":true}},"block_types":{"env":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Defaults to \"\".","description_kind":"plain","optional":true}},"block_types":{"value_from":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud Secret Manager secret version. Must be 'latest' for the latest\nversion or an integer for a specific version.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form: :projects/{project-id|project-number}/secrets/.\nIf multiple alias definitions are needed, they must be separated by commas.\nThe alias definitions must be set on the run.googleapis.com/secrets annotation.","description_kind":"plain","required":true}},"description":"Selects a key (version) of a secret in Secret Manager.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Source for the environment variable's value. Only supports secret_key_ref.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"env_from":{"nesting_mode":"list","block":{"attributes":{"prefix":{"type":"string","description":"An optional identifier to prepend to each key in the ConfigMap.","description_kind":"plain","optional":true}},"block_types":{"config_map_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the ConfigMap must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1}},"description":"The ConfigMap to select from.","description_kind":"plain"},"max_items":1},"secret_ref":{"nesting_mode":"list","block":{"attributes":{"optional":{"type":"bool","description":"Specify whether the Secret must be defined","description_kind":"plain","optional":true}},"block_types":{"local_object_reference":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the referent.","description_kind":"plain","required":true}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"The Secret to select from.","description_kind":"plain"},"max_items":1}},"description":"List of sources to populate environment variables in the container.\nAll invalid keys will be reported as an event when the container is starting.\nWhen a key exists in multiple sources, the value associated with the last source will\ntake precedence. Values defined by an Env with a duplicate key will take\nprecedence.","description_kind":"plain","deprecated":true}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 3600.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 3600.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than period_seconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails.","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid port number (between 1 and 65535). Defaults to \"8080\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" (HTTP/1) and \"h2c\" (HTTP/2 end-to-end). Defaults to \"http1\".","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"Protocol for port. Must be \"TCP\". Defaults to \"TCP\".","description_kind":"plain","optional":true}},"description":"List of open ports in the container.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Limits describes the maximum amount of compute resources allowed.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"requests":{"type":["map","string"],"description":"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is\nexplicitly specified, otherwise to an implementation-defined value.\nThe values of the map is string form of the 'quantity' k8s type:\nhttps://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true}},"description":"Compute Resources required by this container. Used to set values such as max memory","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after\nhaving succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is\ninitiated.\nDefaults to 0 seconds. Minimum value is 0. Maximum value is 240.","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1. Maximum value is 240.","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1. Maximum value is 3600.\nMust be smaller than periodSeconds.","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. If set, it should not be empty string.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name.","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value.","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HttpGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TcpSocket specifies an action involving a TCP port.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container.\nAll other probes are disabled if a startup probe is provided, until it\nsucceeds. Container will not be added to service endpoints if the probe fails.","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must\nnot contain ':'.","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.\nOnly supports SecretVolumeSources.","description_kind":"plain"}}},"description":"Containers defines the unit of execution for this Revision.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Mode bits to use on created files by default. Must be a value between 0000\nand 0777. Defaults to 0644. Directories within the path are not affected by\nthis setting. This might be in conflict with other options that affect the\nfile mode, like fsGroup, and the result can be other mode bits set.","description_kind":"plain","optional":true},"secret_name":{"type":"string","description":"The name of the secret in Cloud Secret Manager. By default, the secret\nis assumed to be in the same project.\nIf the secret is in another project, you must define an alias.\nAn alias definition has the form:\n{alias}:projects/{project-id|project-number}/secrets/{secret-name}.\nIf multiple alias definitions are needed, they must be separated by\ncommas.\nThe alias definitions must be set on the run.googleapis.com/secrets\nannotation.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The Cloud Secret Manager secret version.\nCan be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true},"mode":{"type":"number","description":"Mode bits to use on this file, must be a value between 0000 and 0777. If\nnot specified, the volume defaultMode will be used. This might be in\nconflict with other options that affect the file mode, like fsGroup, and\nthe result can be other mode bits set.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the file to map the key to.\nMay not be an absolute path.\nMay not contain the path element '..'.\nMay not start with the string '..'.","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the\nsecret_name.\nIf specified, the key will be used as the version to fetch from Cloud\nSecret Manager and the path will be the name of the file exposed in the\nvolume. When items are defined, they must specify a key and a path.","description_kind":"plain"}}},"description":"The secret's value will be presented as the content of a file whose\nname is defined in the item path. If no items are defined, the name of\nthe file is the secret_name.","description_kind":"plain"},"max_items":1}},"description":"Volume represents a named volume in a container.","description_kind":"plain"}}},"description":"RevisionSpec holds the desired state of the Revision (from the client).","description_kind":"plain"},"max_items":1}},"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"latest_revision":{"type":"bool","description":"LatestRevision may be optionally provided to indicate that the latest ready\nRevision of the Configuration should be used for this traffic target. When\nprovided LatestRevision must be true if RevisionName is empty; it must be\nfalse when RevisionName is non-empty.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Percent specifies percent of the traffic to this Revision or Configuration.","description_kind":"plain","required":true},"revision_name":{"type":"string","description":"RevisionName of a specific revision to which to send this portion of traffic.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Tag is optionally used to expose a dedicated url for referencing this target exclusively.","description_kind":"plain","optional":true},"url":{"type":"string","description":"URL displays the URL for accessing tagged traffic targets. URL is displayed in status,\nand is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname,\nbut may not contain anything else (e.g. basic auth, url path, etc.)","description_kind":"plain","computed":true}},"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 ExecutionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter,\nor break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or\nhttps://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 ExecutionTemplate.","description_kind":"plain","optional":true},"parallelism":{"type":"number","description":"Specifies the maximum desired number of tasks the execution should run at given time. Must be \u003c= taskCount. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.","description_kind":"plain","optional":true,"computed":true},"task_count":{"type":"number","description":"Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/","description_kind":"plain","optional":true,"computed":true}},"block_types":{"template":{"nesting_mode":"list","block":{"attributes":{"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The execution environment being used to host this Task. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true,"computed":true},"max_retries":{"type":"number","description":"Number of retries allowed per Task, before marking this Task failed.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"timeout":{"type":"string","description":"Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","required":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the single container that defines the unit of execution for this task.","description_kind":"plain"}},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["list","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","required":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run job.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"Describes the task(s) that will be created when executing an execution","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The template used to create executions for this Job.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","optional":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","optional":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","optional":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"breakglass_justification":{"type":"string","description":"If present, indicates to use Breakglass using this justification. If useDefault is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass","description_kind":"plain","optional":true},"use_default":{"type":"bool","description":"If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.","description_kind":"plain","optional":true}},"description":"Settings for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"template":{"nesting_mode":"list","block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system annotations in v1 now have a corresponding field in v2 RevisionTemplate.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek","description_kind":"plain","optional":true},"execution_environment":{"type":"string","description":"The sandbox environment to host this Revision. Possible values: [\"EXECUTION_ENVIRONMENT_GEN1\", \"EXECUTION_ENVIRONMENT_GEN2\"]","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc.\nFor more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 RevisionTemplate.","description_kind":"plain","optional":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of requests that each serving instance can receive.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.","description_kind":"plain","optional":true,"computed":true},"session_affinity":{"type":"bool","description":"Enables session affinity. For more information, go to https://cloud.google.com/run/docs/configuring/session-affinity","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Max allowed time for an instance to respond to a request.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"containers":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"command":{"type":["list","string"],"description":"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell","description_kind":"plain","optional":true},"depends_on":{"type":["list","string"],"description":"Containers which should be started before this container. If specified the container will wait to start until all containers with the listed names are healthy.","description_kind":"plain","optional":true},"image":{"type":"string","description":"URL of the Container image in Google Container Registry or Google Artifact Registry. More info: https://kubernetes.io/docs/concepts/containers/images","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the container specified as a DNS_LABEL.","description_kind":"plain","optional":true},"working_dir":{"type":"string","description":"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.","description_kind":"plain","optional":true}},"block_types":{"env":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the environment variable. Must be a C_IDENTIFIER, and mnay not exceed 32768 characters.","description_kind":"plain","required":true},"value":{"type":"string","description":"Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\", and the maximum length is 32768 bytes","description_kind":"plain","optional":true}},"block_types":{"value_source":{"nesting_mode":"list","block":{"block_types":{"secret_key_ref":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secretName} if the secret is in the same project. projects/{project}/secrets/{secretName} if the secret is in a different project.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version.","description_kind":"plain","optional":true}},"description":"Selects a secret and a specific version from Cloud Secret Manager.","description_kind":"plain"},"max_items":1}},"description":"Source for the environment variable's value.","description_kind":"plain"},"max_items":1}},"description":"List of environment variables to set in the container.","description_kind":"plain"}},"liveness_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the exposed port of the container, which\nis the value of container.ports[0].containerPort.","description_kind":"plain","required":true}},"description":"TCPSocketAction describes an action based on opening a socket","description_kind":"plain"},"max_items":1}},"description":"Periodic probe of container liveness. Container will be restarted if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"ports":{"nesting_mode":"list","block":{"attributes":{"container_port":{"type":"number","description":"Port number the container listens on. This must be a valid TCP port number, 0 \u003c containerPort \u003c 65536.","description_kind":"plain","optional":true},"name":{"type":"string","description":"If specified, used to specify which protocol to use. Allowed values are \"http1\" and \"h2c\".","description_kind":"plain","optional":true,"computed":true}},"description":"List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.\n\nIf omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"cpu_idle":{"type":"bool","description":"Determines whether CPU is only allocated during requests. True by default if the parent 'resources' field is not set. However, if\n'resources' is set, this field must be explicitly set to true to preserve the default behavior.","description_kind":"plain","optional":true},"limits":{"type":["map","string"],"description":"Only memory and CPU are supported. Use key 'cpu' for CPU limit and 'memory' for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go","description_kind":"plain","optional":true,"computed":true},"startup_cpu_boost":{"type":"bool","description":"Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.","description_kind":"plain","optional":true}},"description":"Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources","description_kind":"plain"},"max_items":1},"startup_probe":{"nesting_mode":"list","block":{"attributes":{"failure_threshold":{"type":"number","description":"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.","description_kind":"plain","optional":true},"initial_delay_seconds":{"type":"number","description":"Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true},"period_seconds":{"type":"number","description":"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeoutSeconds","description_kind":"plain","optional":true},"timeout_seconds":{"type":"number","description":"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than periodSeconds. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain","optional":true}},"block_types":{"grpc":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Number must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\nIf this is not specified, the default behavior is defined by gRPC.","description_kind":"plain","optional":true}},"description":"GRPC specifies an action involving a GRPC port.","description_kind":"plain"},"max_items":1},"http_get":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path to access on the HTTP server. Defaults to '/'.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"http_headers":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The header field name","description_kind":"plain","required":true},"value":{"type":"string","description":"The header field value","description_kind":"plain","optional":true}},"description":"Custom headers to set in the request. HTTP allows repeated headers.","description_kind":"plain"}}},"description":"HTTPGet specifies the http request to perform. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1},"tcp_socket":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"Port number to access on the container. Must be in the range 1 to 65535.\nIf not specified, defaults to the same value as container.ports[0].containerPort.","description_kind":"plain","optional":true,"computed":true}},"description":"TCPSocket specifies an action involving a TCP port. Exactly one of HTTPGet or TCPSocket must be specified.","description_kind":"plain"},"max_items":1}},"description":"Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes","description_kind":"plain"},"max_items":1},"volume_mounts":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run","description_kind":"plain","required":true},"name":{"type":"string","description":"This must match the Name of a Volume.","description_kind":"plain","required":true}},"description":"Volume to mount into the container's filesystem.","description_kind":"plain"}}},"description":"Holds the containers that define the unit of execution for this Service.","description_kind":"plain"}},"scaling":{"nesting_mode":"list","block":{"attributes":{"max_instance_count":{"type":"number","description":"Maximum number of serving instances that this resource should have.","description_kind":"plain","optional":true},"min_instance_count":{"type":"number","description":"Minimum number of serving instances that this resource should have.","description_kind":"plain","optional":true}},"description":"Scaling settings for this Revision.","description_kind":"plain"},"max_items":1},"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Volume's name.","description_kind":"plain","required":true}},"block_types":{"cloud_sql_instance":{"nesting_mode":"list","block":{"attributes":{"instances":{"type":["set","string"],"description":"The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}","description_kind":"plain","optional":true}},"description":"For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.","description_kind":"plain"},"max_items":1},"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"GCS Bucket name","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the GCS bucket as read-only","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA.","description_kind":"plain"},"max_items":1},"nfs":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Path that is exported by the NFS server.","description_kind":"plain","required":true},"read_only":{"type":"bool","description":"If true, mount the NFS volume as read only","description_kind":"plain","optional":true},"server":{"type":"string","description":"Hostname or IP address of the NFS server","description_kind":"plain","required":true}},"description":"Represents an NFS mount.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"default_mode":{"type":"number","description":"Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.","description_kind":"plain","required":true}},"block_types":{"items":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"number","description":"Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The relative path of the secret in the container.","description_kind":"plain","required":true},"version":{"type":"string","description":"The Cloud Secret Manager secret version. Can be 'latest' for the latest value or an integer for a specific version","description_kind":"plain","optional":true}},"description":"If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.","description_kind":"plain"}}},"description":"Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret","description_kind":"plain"},"max_items":1}},"description":"A list of Volumes to make available to containers.","description_kind":"plain"}},"vpc_access":{"nesting_mode":"list","block":{"attributes":{"connector":{"type":"string","description":"VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number.","description_kind":"plain","optional":true},"egress":{"type":"string","description":"Traffic VPC egress settings. Possible values: [\"ALL_TRAFFIC\", \"PRIVATE_RANGES_ONLY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be\nlooked up from the subnetwork.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both\nnetwork and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the\nsubnetwork with the same name with the network will be used.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Network tags applied to this Cloud Run service.","description_kind":"plain","optional":true}},"description":"Direct VPC egress settings. Currently only single network interface is supported.","description_kind":"plain"}}},"description":"VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.","description_kind":"plain"},"max_items":1}},"description":"The template used to create revisions for this Service.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"traffic":{"nesting_mode":"list","block":{"attributes":{"percent":{"type":"number","description":"Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.","description_kind":"plain","optional":true,"computed":true},"revision":{"type":"string","description":"Revision to which to send this portion of traffic, if traffic allocation is by revision.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Indicates a string to be part of the URI to exclusively reference this target.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The allocation type for this traffic target. Possible values: [\"TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST\", \"TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION\"]","description_kind":"plain","optional":true}},"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_scheduler_job":{"version":0,"block":{"attributes":{"attempt_deadline":{"type":"string","description":"The deadline for job attempts. If the request handler does not respond by this deadline then the request is\ncancelled and the attempt is marked as a DEADLINE_EXCEEDED failure. The failed attempt can be viewed in\nexecution logs. Cloud Scheduler will retry the job according to the RetryConfig.\nThe allowed duration for this deadline is:\n* For HTTP targets, between 15 seconds and 30 minutes.\n* For App Engine HTTP targets, between 15 seconds and 24 hours.\n* **Note**: For PubSub targets, this field is ignored - setting it will introduce an unresolvable diff.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human-readable description for the job.\nThis string must not contain more than 500 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the job.","description_kind":"plain","required":true},"paused":{"type":"bool","description":"Sets the job to a paused state. Jobs default to being enabled when this property is not set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the scheduler job resides. If it is not provided, Terraform will use the provider default.","description_kind":"plain","optional":true,"computed":true},"schedule":{"type":"string","description":"Describes the schedule on which the job will be executed.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the job.","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting schedule.\nThe value of this field must be a time zone name from the tz database.","description_kind":"plain","optional":true}},"block_types":{"app_engine_http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST or PUT.\nIt will result in invalid argument error to set a body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"HTTP request headers.\nThis map contains the header field names and values.\nHeaders can be set when the job is created.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"relative_uri":{"type":"string","description":"The relative URI.\nThe relative URL must begin with \"/\" and must be a valid HTTP relative URL.\nIt can contain a path, query string arguments, and \\# fragments.\nIf the relative URL is empty, then the root path \"/\" will be used.\nNo spaces are allowed, and the maximum length allowed is 2083 characters","description_kind":"plain","required":true}},"block_types":{"app_engine_routing":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"App instance.\nBy default, the job is sent to an instance which is available when the job is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\nBy default, the job is sent to the service which is the default service when the job is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\nBy default, the job is sent to the version which is the default version when the job is attempted.","description_kind":"plain","optional":true}},"description":"App Engine Routing setting for the job.","description_kind":"plain"},"max_items":1}},"description":"App Engine HTTP target.\nIf the job providers a App Engine HTTP target the cron will\nsend a request to the service instance","description_kind":"plain"},"max_items":1},"http_target":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"HTTP request body.\nA request body is allowed only if the HTTP method is POST, PUT, or PATCH.\nIt is an error to set body on a job with an incompatible HttpMethod.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"This map contains the header field names and values.\nRepeated headers are not supported, but a header value can contain commas.","description_kind":"plain","optional":true},"http_method":{"type":"string","description":"Which HTTP method to use for the request.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The full URI path that the request will be sent to.","description_kind":"plain","required":true}},"block_types":{"oauth_token":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"OAuth scope to be used for generating OAuth access token. If not specified,\n\"https://www.googleapis.com/auth/cloud-platform\" will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OAuth token.\nThis type of authorization should be used when sending requests to a GCP endpoint.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. If not specified,\nthe URI specified in target will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating OAuth token.\nThe service account must be within the same project as the job.","description_kind":"plain","required":true}},"description":"Contains information needed for generating an OpenID Connect token.\nThis type of authorization should be used when sending requests to third party endpoints or Cloud Run.","description_kind":"plain"},"max_items":1}},"description":"HTTP target.\nIf the job providers a http_target the cron will\nsend a request to the targeted url","description_kind":"plain"},"max_items":1},"pubsub_target":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Attributes for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.","description_kind":"plain","optional":true},"data":{"type":"string","description":"The message payload for PubsubMessage.\nPubsub message must contain either non-empty data, or at least one attribute.\n\n A base64-encoded string.","description_kind":"plain","optional":true},"topic_name":{"type":"string","description":"The full resource name for the Cloud Pub/Sub topic to which\nmessages will be published when a job is delivered. ~\u003e**NOTE:**\nThe topic name must be in the same format as required by PubSub's\nPublishRequest.name, e.g. 'projects/my-project/topics/my-topic'.","description_kind":"plain","required":true}},"description":"Pub/Sub target\nIf the job providers a Pub/Sub target the cron will publish\na message to the provided topic","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_backoff_duration":{"type":"string","description":"The maximum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\nA job's retry interval starts at minBackoffDuration,\nthen doubles maxDoublings times, then increases linearly,\nand finally retries retries at intervals of maxBackoffDuration up to retryCount times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"The time limit for retrying a failed job, measured from time when an execution was first attempted.\nIf specified with retryCount, the job will be retried until both limits are reached.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"min_backoff_duration":{"type":"string","description":"The minimum amount of time to wait before retrying a job after it fails.\nA duration in seconds with up to nine fractional digits, terminated by 's'.","description_kind":"plain","optional":true,"computed":true},"retry_count":{"type":"number","description":"The number of attempts that the system will make to run a\njob using the exponential backoff procedure described by maxDoublings.\nValues greater than 5 and negative values are not allowed.","description_kind":"plain","optional":true,"computed":true}},"description":"By default, if a job does not complete successfully,\nmeaning that an acknowledgement is not received from the handler,\nthen it will be retried with exponential backoff according to the settings","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the queue","description_kind":"plain","required":true},"name":{"type":"string","description":"The queue name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"app_engine_routing_override":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The host that the task is sent to.","description_kind":"plain","computed":true},"instance":{"type":"string","description":"App instance.\n\nBy default, the task is sent to an instance which is available when the task is attempted.","description_kind":"plain","optional":true},"service":{"type":"string","description":"App service.\n\nBy default, the task is sent to the service which is the default service when the task is attempted.","description_kind":"plain","optional":true},"version":{"type":"string","description":"App version.\n\nBy default, the task is sent to the version which is the default version when the task is attempted.","description_kind":"plain","optional":true}},"description":"Overrides for task-level appEngineRouting. These settings apply only\nto App Engine tasks in this queue","description_kind":"plain"},"max_items":1},"rate_limits":{"nesting_mode":"list","block":{"attributes":{"max_burst_size":{"type":"number","description":"The max burst size.\n\nMax burst size limits how fast tasks in queue are processed when many tasks are\nin the queue and the rate is high. This field allows the queue to have a high\nrate so processing starts shortly after a task is enqueued, but still limits\nresource usage when many tasks are enqueued in a short period of time.","description_kind":"plain","computed":true},"max_concurrent_dispatches":{"type":"number","description":"The maximum number of concurrent tasks that Cloud Tasks allows to\nbe dispatched for this queue. After this threshold has been\nreached, Cloud Tasks stops dispatching tasks until the number of\nconcurrent requests decreases.","description_kind":"plain","optional":true,"computed":true},"max_dispatches_per_second":{"type":"number","description":"The maximum rate at which tasks are dispatched from this queue.\n\nIf unspecified when the queue is created, Cloud Tasks will pick the default.","description_kind":"plain","optional":true,"computed":true}},"description":"Rate limits for task dispatches.\n\nThe queue's actual dispatch rate is the result of:\n\n* Number of tasks in the queue\n* User-specified throttling: rateLimits, retryConfig, and the queue's state.\n* System throttling due to 429 (Too Many Requests) or 503 (Service\n Unavailable) responses from the worker, high error rates, or to\n smooth sudden large traffic spikes.","description_kind":"plain"},"max_items":1},"retry_config":{"nesting_mode":"list","block":{"attributes":{"max_attempts":{"type":"number","description":"Number of attempts per task.\n\nCloud Tasks will attempt the task maxAttempts times (that is, if\nthe first attempt fails, then there will be maxAttempts - 1\nretries). Must be \u003e= -1.\n\nIf unspecified when the queue is created, Cloud Tasks will pick\nthe default.\n\n-1 indicates unlimited attempts.","description_kind":"plain","optional":true,"computed":true},"max_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true},"max_doublings":{"type":"number","description":"The time between retries will double maxDoublings times.\n\nA task's retry interval starts at minBackoff, then doubles maxDoublings times,\nthen increases linearly, and finally retries retries at intervals of maxBackoff\nup to maxAttempts times.","description_kind":"plain","optional":true,"computed":true},"max_retry_duration":{"type":"string","description":"If positive, maxRetryDuration specifies the time limit for\nretrying a failed task, measured from when the task was first\nattempted. Once maxRetryDuration time has passed and the task has\nbeen attempted maxAttempts times, no further attempts will be\nmade and the task will be deleted.\n\nIf zero, then the task age is unlimited.","description_kind":"plain","optional":true,"computed":true},"min_backoff":{"type":"string","description":"A task will be scheduled for retry between minBackoff and\nmaxBackoff duration after it fails, if the queue's RetryConfig\nspecifies that the task should be retried.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings that determine the retry behavior.","description_kind":"plain"},"max_items":1},"stackdriver_logging_config":{"nesting_mode":"list","block":{"attributes":{"sampling_ratio":{"type":"number","description":"Specifies the fraction of operations to write to Stackdriver Logging.\nThis field may contain any value between 0.0 and 1.0, inclusive. 0.0 is the\ndefault and means that no operations are logged.","description_kind":"plain","required":true}},"description":"Configuration options for writing logs to Stackdriver Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_bitbucket_server_config":{"version":0,"block":{"attributes":{"api_key":{"type":"string","description":"Immutable. API Key that will be attached to webhook. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true},"config_id":{"type":"string","description":"The ID to use for the BitbucketServerConfig, which will become the final component of the BitbucketServerConfig's resource name.","description_kind":"plain","required":true},"host_uri":{"type":"string","description":"Immutable. The URI of the Bitbucket Server host. Once this field has been set, it cannot be changed.\nIf you need to change it, please create another BitbucketServerConfig.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of this bitbucket server config.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the config.","description_kind":"plain","computed":true},"peered_network":{"type":"string","description":"The network to be used when reaching out to the Bitbucket Server instance. The VPC network must be enabled for private service connection.\nThis should be set if the Bitbucket Server instance is hosted on-premises and not reachable by public internet. If this field is left empty,\nno network peering will occur and calls to the Bitbucket Server instance will be made over the public internet. Must be in the format\nprojects/{project}/global/networks/{network}, where {project} is a project number or id and {network} is the name of a VPC network in the project.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to Bitbucket Server. The format should be PEM format but the extension can be one of .pem, .cer, or .crt.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username of the account Cloud Build will use on Bitbucket Server.","description_kind":"plain","required":true},"webhook_key":{"type":"string","description":"Output only. UUID included in webhook requests. The UUID is used to look up the corresponding config.","description_kind":"plain","computed":true}},"block_types":{"connected_repositories":{"nesting_mode":"set","block":{"attributes":{"project_key":{"type":"string","description":"Identifier for the project storing the repository.","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Identifier for the repository.","description_kind":"plain","required":true}},"description":"Connected Bitbucket Server repositories for this config.","description_kind":"plain"}},"secrets":{"nesting_mode":"list","block":{"attributes":{"admin_access_token_version_name":{"type":"string","description":"The resource name for the admin access token's secret version.","description_kind":"plain","required":true},"read_access_token_version_name":{"type":"string","description":"The resource name for the read access token's secret version.","description_kind":"plain","required":true},"webhook_secret_version_name":{"type":"string","description":"Immutable. The resource name for the webhook secret's secret version. Once this field has been set, it cannot be changed.\nChanging this field will result in deleting/ recreating the resource.","description_kind":"plain","required":true}},"description":"Secret Manager secrets needed by the config.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","optional":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","optional":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","optional":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","computed":true}},"block_types":{"approval_config":{"nesting_mode":"list","block":{"attributes":{"approval_required":{"type":"bool","description":"Whether or not approval is needed. If this is set on a build, it will become pending when run,\nand will need to be explicitly approved to start.","description_kind":"plain","optional":true}},"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain"},"max_items":1},"bitbucket_server_trigger_config":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config_resource":{"type":"string","description":"The Bitbucket server config resource that this trigger config maps to.","description_kind":"plain","required":true},"project_key":{"type":"string","description":"Key of the project that the repo is in. For example: The key for https://mybitbucket.server/projects/TEST/repos/test-repo is \"TEST\".","description_kind":"plain","required":true},"repo_slug":{"type":"string","description":"Slug of the repository. A repository slug is a URL-friendly version of a repository name, automatically generated by Bitbucket for use in the URL.\nFor example, if the repository name is 'test repo', in the URL it would become 'test-repo' as in https://mybitbucket.server/projects/TEST/repos/test-repo.","description_kind":"plain","required":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment /gcbrun. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Filter to match changes in pull requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the gitRef regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"Filter to match changes in refs like branches, tags.","description_kind":"plain"},"max_items":1}},"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain"},"max_items":1},"build":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\nThe images are pushed using the builder service account's credentials.\nThe digests of the pushed images will be stored in the Build resource's results field.\nIf any of the images fail to be pushed, the build status is marked FAILURE.","description_kind":"plain","optional":true},"logs_bucket":{"type":"string","description":"Google Cloud Storage bucket where logs should be written.\nLogs file names will be of the format ${logsBucket}/log-${build_id}.txt.","description_kind":"plain","optional":true},"queue_ttl":{"type":"string","description":"TTL in queue for this build. If provided and the build is enqueued longer than this value,\nthe build will expire and the build status will be EXPIRED.\nThe TTL starts ticking from createTime.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a Build. These are not docker tags.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Amount of time that this build should be allowed to run, to second granularity.\nIf this amount of time elapses, work on the build will cease and the build status will be TIMEOUT.\nThis timeout must be equal to or greater than the sum of the timeouts for build steps within the build.\nThe expected format is the number of seconds followed by s.\nDefault time is ten minutes (600s).","description_kind":"plain","optional":true}},"block_types":{"artifacts":{"nesting_mode":"list","block":{"attributes":{"images":{"type":["list","string"],"description":"A list of images to be pushed upon the successful completion of all build steps.\n\nThe images will be pushed using the builder service account's credentials.\n\nThe digests of the pushed images will be stored in the Build resource's results field.\n\nIf any of the images fail to be pushed, the build is marked FAILURE.","description_kind":"plain","optional":true}},"block_types":{"maven_artifacts":{"nesting_mode":"list","block":{"attributes":{"artifact_id":{"type":"string","description":"Maven artifactId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"group_id":{"type":"string","description":"Maven groupId value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to an artifact in the build's workspace to be uploaded to Artifact Registry. This can be either an absolute path, e.g. /workspace/my-app/target/my-app-1.0.SNAPSHOT.jar or a relative path from /workspace, e.g. my-app/target/my-app-1.0.SNAPSHOT.jar.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-maven.pkg.dev/$PROJECT/$REPOSITORY\"\n\nArtifact in the workspace specified by path will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Maven version value used when uploading the artifact to Artifact Registry.","description_kind":"plain","optional":true}},"description":"A Maven artifact to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"npm_packages":{"nesting_mode":"list","block":{"attributes":{"package_path":{"type":"string","description":"Path to the package.json. e.g. workspace/path/to/package","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-npm.pkg.dev/$PROJECT/$REPOSITORY\"\n\nNpm package in the workspace specified by path will be zipped and uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Npm package to upload to Artifact Registry upon successful completion of all build steps.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}},"objects":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Cloud Storage bucket and optional object path, in the form \"gs://bucket/path/to/somewhere/\".\n\nFiles in the workspace matching any path pattern will be uploaded to Cloud Storage with\nthis location as a prefix.","description_kind":"plain","optional":true},"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace.","description_kind":"plain","optional":true},"timing":{"type":["list",["object",{"end_time":"string","start_time":"string"}]],"description":"Output only. Stores timing information for pushing all artifact objects.","description_kind":"plain","computed":true}},"description":"A list of objects to be uploaded to Cloud Storage upon successful completion of all build steps.\n\nFiles in the workspace matching specified paths globs will be uploaded to the\nCloud Storage location using the builder service account's credentials.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"},"max_items":1},"python_packages":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["list","string"],"description":"Path globs used to match files in the build's workspace. For Python/ Twine, this is usually dist/*, and sometimes additionally an .asc file.","description_kind":"plain","optional":true},"repository":{"type":"string","description":"Artifact Registry repository, in the form \"https://$REGION-python.pkg.dev/$PROJECT/$REPOSITORY\"\n\nFiles in the workspace matching any path pattern will be uploaded to Artifact Registry with this location as a prefix.","description_kind":"plain","optional":true}},"description":"Python package to upload to Artifact Registry upon successful completion of all build steps. A package can encapsulate multiple objects to be uploaded to a single repository.\n\nThe location and generation of the uploaded objects will be stored in the Build resource's results field.\n\nIf any objects fail to be pushed, the build is marked FAILURE.","description_kind":"plain"}}},"description":"Artifacts produced by the build that should be uploaded upon successful completion of all build steps.","description_kind":"plain"},"max_items":1},"available_secrets":{"nesting_mode":"list","block":{"block_types":{"secret_manager":{"nesting_mode":"list","block":{"attributes":{"env":{"type":"string","description":"Environment variable name to associate with the secret. Secret environment\nvariables must be unique across all of a build's secrets, and must be used\nby at least one build step.","description_kind":"plain","required":true},"version_name":{"type":"string","description":"Resource name of the SecretVersion. In format: projects/*/secrets/*/versions/*","description_kind":"plain","required":true}},"description":"Pairs a secret environment variable with a SecretVersion in Secret Manager.","description_kind":"plain"},"min_items":1}},"description":"Secrets and secret environment variables.","description_kind":"plain"},"max_items":1},"options":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Requested disk size for the VM that runs the build. Note that this is NOT \"disk free\";\nsome of the space will be used by the operating system and build utilities.\nAlso note that this is the minimum disk size that will be allocated for the build --\nthe build may run with a larger disk than requested. At present, the maximum disk size\nis 1000GB; builds that request more than the maximum are rejected with an error.","description_kind":"plain","optional":true},"dynamic_substitutions":{"type":"bool","description":"Option to specify whether or not to apply bash style string operations to the substitutions.\n\nNOTE this is always enabled for triggered builds and cannot be overridden in the build configuration file.","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of global environment variable definitions that will exist for all build steps\nin this build. If a variable is defined in both globally and in a build step,\nthe variable will use the build step value.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable \"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"log_streaming_option":{"type":"string","description":"Option to define build log streaming behavior to Google Cloud Storage. Possible values: [\"STREAM_DEFAULT\", \"STREAM_ON\", \"STREAM_OFF\"]","description_kind":"plain","optional":true},"logging":{"type":"string","description":"Option to specify the logging mode, which determines if and where build logs are stored. Possible values: [\"LOGGING_UNSPECIFIED\", \"LEGACY\", \"GCS_ONLY\", \"STACKDRIVER_ONLY\", \"CLOUD_LOGGING_ONLY\", \"NONE\"]","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Compute Engine machine type on which to run the build.","description_kind":"plain","optional":true},"requested_verify_option":{"type":"string","description":"Requested verifiability options. Possible values: [\"NOT_VERIFIED\", \"VERIFIED\"]","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of global environment variables, which are encrypted using a Cloud Key Management\nService crypto key. These values must be specified in the build's Secret. These variables\nwill be available to all build steps in this build.","description_kind":"plain","optional":true},"source_provenance_hash":{"type":["list","string"],"description":"Requested hash for SourceProvenance. Possible values: [\"NONE\", \"SHA256\", \"MD5\"]","description_kind":"plain","optional":true},"substitution_option":{"type":"string","description":"Option to specify behavior when there is an error in the substitution checks.\n\nNOTE this is always set to ALLOW_LOOSE for triggered builds and cannot be overridden\nin the build configuration file. Possible values: [\"MUST_MATCH\", \"ALLOW_LOOSE\"]","description_kind":"plain","optional":true},"worker_pool":{"type":"string","description":"Option to specify a WorkerPool for the build. Format projects/{project}/workerPools/{workerPool}\n\nThis field is experimental.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for Docker volumes.\nEach named volume must be used by at least two build steps.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on the same\nbuild step or with certain reserved volume paths.","description_kind":"plain","optional":true}},"description":"Global list of volumes to mount for ALL build steps\n\nEach volume is created as an empty volume prior to starting the build process.\nUpon completion of the build, volumes and their contents are discarded. Global\nvolume names and paths cannot conflict with the volumes defined a build step.\n\nUsing a global volume in a build with only one step is not valid as it is indicative\nof a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"Special options for this build.","description_kind":"plain"},"max_items":1},"secret":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Cloud KMS key name to use to decrypt these envs.","description_kind":"plain","required":true},"secret_env":{"type":["map","string"],"description":"Map of environment variable name to its encrypted value.\nSecret environment variables must be unique across all of a build's secrets,\nand must be used by at least one build step. Values can be at most 64 KB in size.\nThere can be at most 100 secret values across all of a build's secrets.","description_kind":"plain","optional":true}},"description":"Secrets to decrypt using Cloud Key Management Service.","description_kind":"plain"}},"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one a of branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\nThis must be a relative path. If a step's dir is specified and is an absolute path,\nthis value is ignored for that step's execution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository.\nIf omitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","required":true},"substitutions":{"type":["map","string"],"description":"Substitutions to use in a triggered build. Should only be used with triggers.run","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThe syntax of the regular expressions accepted is the syntax accepted by RE2 and\ndescribed at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Location of the source in a Google Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source.","description_kind":"plain","required":true},"generation":{"type":"string","description":"Google Cloud Storage generation for the object.\nIf the generation is omitted, the latest generation will be used","description_kind":"plain","optional":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.\nThis object must be a gzipped archive file (.tar.gz) containing source to build.","description_kind":"plain","required":true}},"description":"Location of the source in an archive file in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the source files to build.\n\nOne of 'storageSource' or 'repoSource' must be provided.","description_kind":"plain"},"max_items":1},"step":{"nesting_mode":"list","block":{"attributes":{"allow_exit_codes":{"type":["list","number"],"description":"Allow this build step to fail without failing the entire build if and\nonly if the exit code is one of the specified codes.\n\nIf 'allowFailure' is also specified, this field will take precedence.","description_kind":"plain","optional":true},"allow_failure":{"type":"bool","description":"Allow this build step to fail without failing the entire build.\nIf false, the entire build will fail if this step fails. Otherwise, the\nbuild will succeed, but this step will still have a failure status.\nError information will be reported in the 'failureDetail' field.\n\n'allowExitCodes' takes precedence over this field.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"A list of arguments that will be presented to the step when it is started.\n\nIf the image used to run the step's container has an entrypoint, the args\nare used as arguments to that entrypoint. If the image does not define an\nentrypoint, the first element in args is used as the entrypoint, and the\nremainder will be used as arguments.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Working directory to use when running this step's container.\n\nIf this value is a relative path, it is relative to the build's working\ndirectory. If this value is absolute, it may be outside the build's working\ndirectory, in which case the contents of the path may not be persisted\nacross build step executions, unless a 'volume' for that path is specified.\n\nIf the build specifies a 'RepoSource' with 'dir' and a step with a\n'dir',\nwhich specifies an absolute path, the 'RepoSource' 'dir' is ignored\nfor the step's execution.","description_kind":"plain","optional":true},"entrypoint":{"type":"string","description":"Entrypoint to be used instead of the build step image's\ndefault entrypoint.\nIf unset, the image's default entrypoint is used","description_kind":"plain","optional":true},"env":{"type":["list","string"],"description":"A list of environment variable definitions to be used when\nrunning a step.\n\nThe elements are of the form \"KEY=VALUE\" for the environment variable\n\"KEY\" being given the value \"VALUE\".","description_kind":"plain","optional":true},"id":{"type":"string","description":"Unique identifier for this build step, used in 'wait_for' to\nreference this build step as a dependency.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the container image that will run this particular build step.\n\nIf the image is available in the host's Docker daemon's cache, it will be\nrun directly. If not, the host will attempt to pull the image first, using\nthe builder service account's credentials if necessary.\n\nThe Docker daemon's cache will already have the latest versions of all of\nthe officially supported build steps (see https://github.com/GoogleCloudPlatform/cloud-builders\nfor images and examples).\nThe Docker daemon will also have cached many of the layers for some popular\nimages, like \"ubuntu\", \"debian\", but they will be refreshed at the time\nyou attempt to use them.\n\nIf you built an image in a previous build step, it will be stored in the\nhost's Docker daemon's cache and is available to use as the name for a\nlater build step.","description_kind":"plain","required":true},"script":{"type":"string","description":"A shell script to be executed in the step.\nWhen script is provided, the user cannot specify the entrypoint or args.","description_kind":"plain","optional":true},"secret_env":{"type":["list","string"],"description":"A list of environment variables which are encrypted using\na Cloud Key\nManagement Service crypto key. These values must be specified in\nthe build's 'Secret'.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"Time limit for executing this build step. If not defined,\nthe step has no\ntime limit and will be allowed to continue to run until either it\ncompletes or the build itself times out.","description_kind":"plain","optional":true},"timing":{"type":"string","description":"Output only. Stores timing information for executing this\nbuild step.","description_kind":"plain","optional":true},"wait_for":{"type":["list","string"],"description":"The ID(s) of the step(s) that this build step depends on.\n\nThis build step will not start until all the build steps in 'wait_for'\nhave completed successfully. If 'wait_for' is empty, this build step\nwill start when all previous build steps in the 'Build.Steps' list\nhave completed successfully.","description_kind":"plain","optional":true}},"block_types":{"volumes":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the volume to mount.\n\nVolume names must be unique per build step and must be valid names for\nDocker volumes. Each named volume must be used by at least two build steps.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path at which to mount the volume.\n\nPaths must be absolute and cannot conflict with other volume paths on\nthe same build step or with certain reserved volume paths.","description_kind":"plain","required":true}},"description":"List of volumes to mount into the build step.\n\nEach volume is created as an empty volume prior to execution of the\nbuild step. Upon completion of the build, volumes and their contents\nare discarded.\n\nUsing a named volume in only one step is not valid as it is\nindicative of a build request with an incorrect configuration.","description_kind":"plain"}}},"description":"The operations to be performed on the workspace.","description_kind":"plain"},"min_items":1}},"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain"},"max_items":1},"git_file_source":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path of the file, with the repo root as the root of the path.","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The fully qualified resource name of the Repo API repository. The fully qualified resource name of the Repo API repository.\nIf unspecified, the repo from which the trigger invocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true},"revision":{"type":"string","description":"The branch, tag, arbitrary ref, or SHA version of the repo to use when resolving the\nfilename (optional). This field respects the same syntax/resolution as described here: https://git-scm.com/docs/gitrevisions\nIf unspecified, the revision from which the trigger invocation originated is assumed to be the revision from which to read the specified path.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo (optional). If unspecified, the repo from which the trigger\ninvocation originated is assumed to be the repo from which to read the specified path.","description_kind":"plain","optional":true}},"description":"The file source describing the local or remote Build template.","description_kind":"plain"},"max_items":1},"github":{"nesting_mode":"list","block":{"attributes":{"enterprise_config_resource_name":{"type":"string","description":"The resource name of the github enterprise config that should be applied to this installation.\nFor example: \"projects/{$projectId}/locations/{$locationId}/githubEnterpriseConfigs/{$configId}\"","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the repository. For example: The name for\nhttps://github.com/googlecloudplatform/cloud-builders is \"cloud-builders\".","description_kind":"plain","optional":true},"owner":{"type":"string","description":"Owner of the repository. For example: The owner for\nhttps://github.com/googlecloudplatform/cloud-builders is \"googlecloudplatform\".","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.","description_kind":"plain","required":true},"comment_control":{"type":"string","description":"Whether to block builds on a \"/gcbrun\" comment from a repository owner or collaborator. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"filter to match changes in pull requests. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match. Specify only one of branch or tag.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"When true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match. Specify only one of branch or tag.","description_kind":"plain","optional":true}},"description":"filter to match changes in refs, like branches or tags. Specify only one of 'pull_request' or 'push'.","description_kind":"plain"},"max_items":1}},"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain"},"max_items":1},"pubsub_config":{"nesting_mode":"list","block":{"attributes":{"service_account_email":{"type":"string","description":"Service account that will make the push request.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true},"subscription":{"type":"string","description":"Output only. Name of the subscription.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The name of the topic from which this subscription is receiving messages.","description_kind":"plain","required":true}},"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"repository_event_config":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The resource name of the Repo API resource.","description_kind":"plain","optional":true}},"block_types":{"pull_request":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"comment_control":{"type":"string","description":"Configure builds to run whether a repository owner or collaborator need to comment '/gcbrun'. Possible values: [\"COMMENTS_DISABLED\", \"COMMENTS_ENABLED\", \"COMMENTS_ENABLED_FOR_EXTERNAL_CONTRIBUTORS_ONLY\"]","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, branches that do NOT match the git_ref will trigger a build.","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching Pull Requests.","description_kind":"plain"},"max_items":1},"push":{"nesting_mode":"list","block":{"attributes":{"branch":{"type":"string","description":"Regex of branches to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"If true, only trigger a build if the revision regex does NOT match the git_ref regex.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Regex of tags to match.\n\nThe syntax of the regular expressions accepted is the syntax accepted by\nRE2 and described at https://github.com/google/re2/wiki/Syntax","description_kind":"plain","optional":true}},"description":"Contains filter properties for matching git pushes.","description_kind":"plain"},"max_items":1}},"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain"},"max_items":1},"source_to_build":{"nesting_mode":"list","block":{"attributes":{"bitbucket_server_config":{"type":"string","description":"The full resource name of the bitbucket server config.\nFormat: projects/{project}/locations/{location}/bitbucketServerConfigs/{id}.","description_kind":"plain","optional":true},"github_enterprise_config":{"type":"string","description":"The full resource name of the github enterprise config.\nFormat: projects/{project}/locations/{location}/githubEnterpriseConfigs/{id}. projects/{project}/githubEnterpriseConfigs/{id}.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"The branch or tag to use. Must start with \"refs/\" (required).","description_kind":"plain","required":true},"repo_type":{"type":"string","description":"The type of the repo, since it may not be explicit from the repo field (e.g from a URL).\nValues can be UNKNOWN, CLOUD_SOURCE_REPOSITORIES, GITHUB, BITBUCKET_SERVER Possible values: [\"UNKNOWN\", \"CLOUD_SOURCE_REPOSITORIES\", \"GITHUB\", \"BITBUCKET_SERVER\"]","description_kind":"plain","required":true},"repository":{"type":"string","description":"The qualified resource name of the Repo API repository.\nEither uri or repository can be specified and is required.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the repo.","description_kind":"plain","optional":true}},"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_template":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Name of the branch to build. Exactly one a of branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Explicit commit SHA to build. Exactly one of a branch name, tag, or commit SHA must be provided.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.\n\nThis must be a relative path. If a step's dir is specified and\nis an absolute path, this value is ignored for that step's\nexecution.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does NOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If\nomitted, the project ID requesting the build is assumed.","description_kind":"plain","optional":true,"computed":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository. If omitted, the name \"default\" is assumed.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Name of the tag to build. Exactly one of a branch name, tag, or commit SHA must be provided.\nThis field is a regular expression.","description_kind":"plain","optional":true}},"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1},"webhook_config":{"nesting_mode":"list","block":{"attributes":{"secret":{"type":"string","description":"Resource name for the secret required as a URL parameter.","description_kind":"plain","required":true},"state":{"type":"string","description":"Potential issues with the underlying Pub/Sub subscription configuration.\nOnly populated on get requests.","description_kind":"plain","computed":true}},"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuild_worker_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User specified annotations. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the request to create the `WorkerPool` was received.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. Time at which the request to delete the `WorkerPool` was received.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-specified, human-readable name for the `WorkerPool`. If provided, this value must be 1-63 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"User-defined name of the `WorkerPool`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. `WorkerPool` state. Possible values: STATE_UNSPECIFIED, PENDING, APPROVED, REJECTED, CANCELLED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A unique identifier for the `WorkerPool`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the request to update the `WorkerPool` was received.","description_kind":"plain","computed":true}},"block_types":{"network_config":{"nesting_mode":"list","block":{"attributes":{"peered_network":{"type":"string","description":"Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)","description_kind":"plain","required":true},"peered_network_ip_range":{"type":"string","description":"Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.","description_kind":"plain","optional":true}},"description":"Network configuration for the `WorkerPool`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"Size of the disk attached to the worker, in GB. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). Specify a value of up to 1000. If `0` is specified, Cloud Build will use a standard disk size.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of a worker, such as `n1-standard-1`. See [Worker pool config file](https://cloud.google.com/cloud-build/docs/custom-workers/worker-pool-config-file). If left blank, Cloud Build will use `n1-standard-1`.","description_kind":"plain","optional":true},"no_external_ip":{"type":"bool","description":"If true, workers are created without any public address, which prevents network egress to public IPs.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration to be used for a creating workers in the `WorkerPool`.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If disabled is set to true, functionality is disabled for this connection. Repository based API methods and webhooks processing for repositories in this connection will be disabled.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"installation_state":{"type":["list",["object",{"action_uri":"string","message":"string","stage":"string"}]],"description":"Output only. Installation state of the Connection.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the connection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Set to true when the connection is being set up or updated in the background.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"github_config":{"nesting_mode":"list","block":{"attributes":{"app_installation_id":{"type":"number","description":"GitHub App installation id.","description_kind":"plain","optional":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"oauth_token_secret_version":{"type":"string","description":"A SecretManager resource containing the OAuth token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"OAuth credential of the account that authorized the Cloud Build GitHub App. It is recommended to use a robot account instead of a human user account. The OAuth token must be tied to the Cloud Build GitHub App.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to github.com.","description_kind":"plain"},"max_items":1},"github_enterprise_config":{"nesting_mode":"list","block":{"attributes":{"app_id":{"type":"number","description":"Id of the GitHub App created from the manifest.","description_kind":"plain","optional":true},"app_installation_id":{"type":"number","description":"ID of the installation of the GitHub App.","description_kind":"plain","optional":true},"app_slug":{"type":"string","description":"The URL-friendly name of the GitHub App.","description_kind":"plain","optional":true},"host_uri":{"type":"string","description":"Required. The URI of the GitHub Enterprise host this connection is for.","description_kind":"plain","required":true},"private_key_secret_version":{"type":"string","description":"SecretManager resource containing the private key of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitHub Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"SecretManager resource containing the webhook secret of the GitHub App, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","optional":true}},"block_types":{"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitHub Enterprise server. This should only be set if the GitHub Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitHub Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to an instance of GitHub Enterprise.","description_kind":"plain"},"max_items":1},"gitlab_config":{"nesting_mode":"list","block":{"attributes":{"host_uri":{"type":"string","description":"The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com.","description_kind":"plain","optional":true,"computed":true},"server_version":{"type":"string","description":"Output only. Version of the GitLab Enterprise server running on the 'host_uri'.","description_kind":"plain","computed":true},"ssl_ca":{"type":"string","description":"SSL certificate to use for requests to GitLab Enterprise.","description_kind":"plain","optional":true},"webhook_secret_secret_version":{"type":"string","description":"Required. Immutable. SecretManager resource containing the webhook secret of a GitLab Enterprise project, formatted as 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true}},"block_types":{"authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the 'api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"read_authorizer_credential":{"nesting_mode":"list","block":{"attributes":{"user_token_secret_version":{"type":"string","description":"Required. A SecretManager resource containing the user token that authorizes the Cloud Build connection. Format: 'projects/*/secrets/*/versions/*'.","description_kind":"plain","required":true},"username":{"type":"string","description":"Output only. The username associated to this token.","description_kind":"plain","computed":true}},"description":"Required. A GitLab personal access token with the minimum 'read_api' scope access.","description_kind":"plain"},"min_items":1,"max_items":1},"service_directory_config":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Required. The Service Directory service name. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}.","description_kind":"plain","required":true}},"description":"Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet.","description_kind":"plain"},"max_items":1}},"description":"Configuration for connections to gitlab.com or an instance of GitLab Enterprise.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_repository":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Allows clients to store small amounts of arbitrary data.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the repository.","description_kind":"plain","required":true},"parent_connection":{"type":"string","description":"The connection for the resource","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remote_uri":{"type":"string","description":"Required. Git Clone HTTPS URI.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Server assigned timestamp for when the connection was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_automation":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. Annotations must meet the following constraints: * Annotations are key/value pairs. * Valid annotation keys have two segments: an optional prefix and name, separated by a slash ('/'). * The name segment is required and must be 63 characters or less, beginning and ending with an alphanumeric character ('[a-z0-9A-Z]') with dashes ('-'), underscores ('_'), dots ('.'), and alphanumerics between. * The prefix is optional. If specified, the prefix must be a DNS subdomain: a series of DNS labels separated by dots('.'), not longer than 253 characters in total, followed by a slash ('/'). See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set for more details.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"delivery_pipeline":{"type":"string","description":"The delivery_pipeline for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the 'Automation'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. The weak etag of the 'Automation' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 63 characters.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'Automation'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Required. Email address of the user-managed IAM service account that creates Cloud Deploy release and rollout resources.","description_kind":"plain","required":true},"suspended":{"type":"bool","description":"Optional. When Suspended, automation is deactivated from execution.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the 'Automation'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"block_types":{"advance_rollout_rule":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"source_phases":{"type":["list","string"],"description":"Optional. Proceeds only after phase name matched any one in the list. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: '^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$'.","description_kind":"plain","optional":true},"wait":{"type":"string","description":"Optional. How long to wait after a rollout is finished.","description_kind":"plain","optional":true}},"description":"Optional. The 'AdvanceRolloutRule' will automatically advance a successful Rollout.","description_kind":"plain"},"max_items":1},"promote_release_rule":{"nesting_mode":"list","block":{"attributes":{"destination_phase":{"type":"string","description":"Optional. The starting phase of the rollout created by this operation. Default to the first phase.","description_kind":"plain","optional":true},"destination_target_id":{"type":"string","description":"Optional. The ID of the stage in the pipeline to which this 'Release' is deploying. If unspecified, default it to the next stage in the promotion flow. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine if the target is one of the stages in the promotion sequence defined in the pipeline. * \"@next\", the next target in the promotion sequence.","description_kind":"plain","optional":true},"id":{"type":"string","description":"Required. ID of the rule. This id must be unique in the 'Automation' resource to which this rule belongs. The format is 'a-z{0,62}'.","description_kind":"plain","required":true},"wait":{"type":"string","description":"Optional. How long the release need to be paused until being promoted to the next target.","description_kind":"plain","optional":true}},"description":"Optional. 'PromoteReleaseRule' will automatically promote a release from the current target to a specified target.","description_kind":"plain"},"max_items":1}},"description":"Required. List of Automation rules associated with the Automation resource. Must have at least one rule and limited to 250 rules per Delivery Pipeline. Note: the order of the rules here is not the same as the order of execution.","description_kind":"plain"},"min_items":1},"selector":{"nesting_mode":"list","block":{"block_types":{"targets":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"ID of the 'Target'. The value of this field could be one of the following: * The last segment of a target name. It only needs the ID to determine which target is being referred to * \"*\", all targets in a location.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Target labels.","description_kind":"plain","optional":true,"computed":true}},"description":"Contains attributes about a target.","description_kind":"plain"},"min_items":1}},"description":"Required. Selected resources to which the automation will be applied.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time at which the 'CustomTargetType' was created.","description_kind":"plain","computed":true},"custom_target_type_id":{"type":"string","description":"Resource id of the 'CustomTargetType'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the 'CustomTargetType'. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The weak etag of the 'CustomTargetType' resource. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the source.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the 'CustomTargetType'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Unique identifier of the 'CustomTargetType'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time at which the 'CustomTargetType' was updated.","description_kind":"plain","computed":true}},"block_types":{"custom_actions":{"nesting_mode":"list","block":{"attributes":{"deploy_action":{"type":"string","description":"The Skaffold custom action responsible for deploy operations.","description_kind":"plain","required":true},"render_action":{"type":"string","description":"The Skaffold custom action responsible for render operations. If not provided then Cloud Deploy will perform the render operations via 'skaffold render'.","description_kind":"plain","optional":true}},"block_types":{"include_skaffold_modules":{"nesting_mode":"list","block":{"attributes":{"configs":{"type":["list","string"],"description":"The Skaffold Config modules to use from the specified source.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the repository root to the Skaffold file.","description_kind":"plain","optional":true},"ref":{"type":"string","description":"Git ref the package should be cloned from.","description_kind":"plain","optional":true},"repo":{"type":"string","description":"Git repository the package should be cloned from.","description_kind":"plain","required":true}},"description":"Remote git repository containing the Skaffold Config modules.","description_kind":"plain"},"max_items":1},"google_cloud_storage":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path from the source to the Skaffold file.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Cloud Storage source paths to copy recursively. For example, providing 'gs://my-bucket/dir/configs/*' will result in Skaffold copying all files within the 'dir/configs' directory in the bucket 'my-bucket'.","description_kind":"plain","required":true}},"description":"Cloud Storage bucket containing Skaffold Config modules.","description_kind":"plain"},"max_items":1}},"description":"List of Skaffold modules Cloud Deploy will include in the Skaffold Config as required before performing diagnose.","description_kind":"plain"}}},"description":"Configures render and deploy for the 'CustomTargetType' using Skaffold custom actions.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"condition":{"type":["list",["object",{"pipeline_ready_condition":["list",["object",{"status":"bool","update_time":"string"}]],"targets_present_condition":["list",["object",{"missing_targets":["list","string"],"status":"bool","update_time":"string"}]],"targets_type_condition":["list",["object",{"error_details":"string","status":"bool"}]]}]],"description":"Output only. Information around the state of the Delivery Pipeline.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Time at which the pipeline was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the `DeliveryPipeline`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `DeliveryPipeline`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"suspended":{"type":"bool","description":"When suspended, no new releases or rollouts can be created, but in-progress ones will complete.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `DeliveryPipeline`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the pipeline was updated.","description_kind":"plain","computed":true}},"block_types":{"serial_pipeline":{"nesting_mode":"list","block":{"block_types":{"stages":{"nesting_mode":"list","block":{"attributes":{"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this stage's `Target`.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"The target_id to which this stage points. This field refers exclusively to the last segment of a target name. For example, this field would just be `my-target` (rather than `projects/project/locations/location/targets/my-target`). The location of the `Target` is inferred to be the same as the location of the `DeliveryPipeline` that contains this `Stage`.","description_kind":"plain","optional":true}},"block_types":{"deploy_parameters":{"nesting_mode":"list","block":{"attributes":{"match_target_labels":{"type":["map","string"],"description":"Optional. Deploy parameters are applied to targets with match labels. If unspecified, deploy parameters are applied to all targets (including child targets of a multi-target).","description_kind":"plain","optional":true},"values":{"type":["map","string"],"description":"Required. Values are deploy parameters in key-value pairs.","description_kind":"plain","required":true}},"description":"Optional. The deploy parameters to use for the target in this stage.","description_kind":"plain"}},"strategy":{"nesting_mode":"list","block":{"block_types":{"canary":{"nesting_mode":"list","block":{"block_types":{"canary_deployment":{"nesting_mode":"list","block":{"attributes":{"percentages":{"type":["list","number"],"description":"Required. The percentage based deployments that will occur as a part of a `Rollout`. List is expected in ascending order and each integer n is 0 \u003c= n \u003c 100.","description_kind":"plain","required":true},"verify":{"type":"bool","description":"Whether to run verify tests after each percentage deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of the last phase. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of the first phase. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Configures the progressive based deployment for a Target.","description_kind":"plain"},"max_items":1},"custom_canary_deployment":{"nesting_mode":"list","block":{"block_types":{"phase_configs":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"Required. Percentage deployment for the phase.","description_kind":"plain","required":true},"phase_id":{"type":"string","description":"Required. The ID to assign to the `Rollout` phase. This value must consist of lower-case letters, numbers, and hyphens, start with a letter and end with a letter or a number, and have a max length of 63 characters. In other words, it must match the following regex: `^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$`.","description_kind":"plain","required":true},"profiles":{"type":["list","string"],"description":"Skaffold profiles to use when rendering the manifest for this phase. These are in addition to the profiles list specified in the `DeliveryPipeline` stage.","description_kind":"plain","optional":true},"verify":{"type":"bool","description":"Whether to run verify tests after the deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job of this phase. If this is not configured, postdeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job of this phase. If this is not configured, predeploy job will not be present for this phase.","description_kind":"plain"},"max_items":1}},"description":"Required. Configuration for each phase in the canary deployment in the order executed.","description_kind":"plain"},"min_items":1}},"description":"Configures the progressive based deployment for a Target, but allows customizing at the phase level where a phase represents each of the percentage deployments.","description_kind":"plain"},"max_items":1},"runtime_config":{"nesting_mode":"list","block":{"block_types":{"cloud_run":{"nesting_mode":"list","block":{"attributes":{"automatic_traffic_control":{"type":"bool","description":"Whether Cloud Deploy should update the traffic stanza in a Cloud Run Service on the user's behalf to facilitate traffic splitting. This is required to be true for CanaryDeployments, but optional for CustomCanaryDeployments.","description_kind":"plain","optional":true},"canary_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the canary revision while the canary phase is in progress.","description_kind":"plain","optional":true},"prior_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the prior revision while the canary phase is in progress.","description_kind":"plain","optional":true},"stable_revision_tags":{"type":["list","string"],"description":"Optional. A list of tags that are added to the final stable revision when the stable phase is applied.","description_kind":"plain","optional":true}},"description":"Cloud Run runtime configuration.","description_kind":"plain"},"max_items":1},"kubernetes":{"nesting_mode":"list","block":{"block_types":{"gateway_service_mesh":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified HTTPRoute and Service.","description_kind":"plain","required":true},"http_route":{"type":"string","description":"Required. Name of the Gateway API HTTPRoute.","description_kind":"plain","required":true},"route_update_wait_time":{"type":"string","description":"Optional. The time to wait for route updates to propagate. The maximum configurable time is 3 hours, in seconds format. If unspecified, there is no wait time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true},"stable_cutback_duration":{"type":"string","description":"Optional. The amount of time to migrate traffic back from the canary Service to the original Service during the stable phase deployment. If specified, must be between 15s and 3600s. If unspecified, there is no cutback time.","description_kind":"plain","optional":true}},"description":"Kubernetes Gateway API service mesh configuration.","description_kind":"plain"},"max_items":1},"service_networking":{"nesting_mode":"list","block":{"attributes":{"deployment":{"type":"string","description":"Required. Name of the Kubernetes Deployment whose traffic is managed by the specified Service.","description_kind":"plain","required":true},"disable_pod_overprovisioning":{"type":"bool","description":"Optional. Whether to disable Pod overprovisioning. If Pod overprovisioning is disabled then Cloud Deploy will limit the number of total Pods used for the deployment strategy to the number of Pods the Deployment has on the cluster.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the Kubernetes Service.","description_kind":"plain","required":true}},"description":"Kubernetes Service networking configuration.","description_kind":"plain"},"max_items":1}},"description":"Kubernetes runtime configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Runtime specific configurations for the deployment strategy. The runtime configuration is used to determine how Cloud Deploy will split traffic to enable a progressive deployment.","description_kind":"plain"},"max_items":1}},"description":"Canary deployment strategy provides progressive percentage based deployments to a Target.","description_kind":"plain"},"max_items":1},"standard":{"nesting_mode":"list","block":{"attributes":{"verify":{"type":"bool","description":"Whether to verify a deployment.","description_kind":"plain","optional":true}},"block_types":{"postdeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the postdeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the postdeploy job. If this is not configured, postdeploy job will not be present.","description_kind":"plain"},"max_items":1},"predeploy":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"Optional. A sequence of skaffold custom actions to invoke during execution of the predeploy job.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for the predeploy job. If this is not configured, predeploy job will not be present.","description_kind":"plain"},"max_items":1}},"description":"Standard deployment strategy executes a single deploy and allows verifying the deployment.","description_kind":"plain"},"max_items":1}},"description":"Optional. The strategy to use for a `Rollout` to this stage.","description_kind":"plain"},"max_items":1}},"description":"Each stage specifies configuration for a `Target`. The ordering of this list defines the promotion flow.","description_kind":"plain"}}},"description":"SerialPipeline defines a sequential set of stages for a `DeliveryPipeline`.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. User annotations. These attributes can only be set and used by the user, and not by Google Cloud Deploy. See https://google.aip.dev/128#annotations for more details such as format and size limitations.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the `Target` was created.","description_kind":"plain","computed":true},"deploy_parameters":{"type":["map","string"],"description":"Optional. The deploy parameters to use for this target.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Optional. Description of the `Target`. Max length is 255 characters.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Optional. This checksum is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels are attributes that can be set and used by both the user and by Google Cloud Deploy. Labels must meet the following constraints: * Keys and values can contain only lowercase letters, numeric characters, underscores, and dashes. * All characters must use UTF-8 encoding, and international characters are allowed. * Keys must start with a lowercase letter or international character. * Each resource is limited to a maximum of 64 labels. Both keys and values are additionally constrained to be \u003c= 128 bytes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the `Target`. Format is [a-z][a-z0-9\\-]{0,62}.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"require_approval":{"type":"bool","description":"Optional. Whether or not the `Target` requires approval.","description_kind":"plain","optional":true},"target_id":{"type":"string","description":"Output only. Resource id of the `Target`.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Unique identifier of the `Target`.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Most recent time at which the `Target` was updated.","description_kind":"plain","computed":true}},"block_types":{"anthos_cluster":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Membership of the GKE Hub-registered cluster to which to apply the Skaffold configuration. Format is `projects/{project}/locations/{location}/memberships/{membership_name}`.","description_kind":"plain","optional":true}},"description":"Information specifying an Anthos Cluster.","description_kind":"plain"},"max_items":1},"execution_configs":{"nesting_mode":"list","block":{"attributes":{"artifact_storage":{"type":"string","description":"Optional. Cloud Storage location in which to store execution outputs. This can either be a bucket (\"gs://my-bucket\") or a path within a bucket (\"gs://my-bucket/my-dir\"). If unspecified, a default bucket located in the same region will be used.","description_kind":"plain","optional":true,"computed":true},"execution_timeout":{"type":"string","description":"Optional. Execution timeout for a Cloud Build Execution. This must be between 10m and 24h in seconds format. If unspecified, a default timeout of 1h is used.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. Google service account to use for execution. If unspecified, the project execution service account (-compute@developer.gserviceaccount.com) is used.","description_kind":"plain","optional":true,"computed":true},"usages":{"type":["list","string"],"description":"Required. Usages when this configuration should be applied.","description_kind":"plain","required":true},"worker_pool":{"type":"string","description":"Optional. The resource name of the `WorkerPool`, with the format `projects/{project}/locations/{location}/workerPools/{worker_pool}`. If this optional field is unspecified, the default Cloud Build pool will be used.","description_kind":"plain","optional":true}},"description":"Configurations for all execution that relates to this `Target`. Each `ExecutionEnvironmentUsage` value may only be used in a single configuration; using the same value multiple times is an error. When one or more configurations are specified, they must include the `RENDER` and `DEPLOY` `ExecutionEnvironmentUsage` values. When no configurations are specified, execution will use the default specified in `DefaultPool`.","description_kind":"plain"}},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Information specifying a GKE Cluster. Format is `projects/{project_id}/locations/{location_id}/clusters/{cluster_id}.","description_kind":"plain","optional":true},"internal_ip":{"type":"bool","description":"Optional. If true, `cluster` is accessed using the private IP address of the control plane endpoint. Otherwise, the default IP address of the control plane endpoint is used. The default IP address is the private IP address for clusters with private control-plane endpoints and the public IP address otherwise. Only specify this option when `cluster` is a [private GKE cluster](https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept).","description_kind":"plain","optional":true}},"description":"Information specifying a GKE Cluster.","description_kind":"plain"},"max_items":1},"multi_target":{"nesting_mode":"list","block":{"attributes":{"target_ids":{"type":["list","string"],"description":"Required. The target_ids of this multiTarget.","description_kind":"plain","required":true}},"description":"Information specifying a multiTarget.","description_kind":"plain"},"max_items":1},"run":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"Required. The location where the Cloud Run Service should be located. Format is `projects/{project}/locations/{location}`.","description_kind":"plain","required":true}},"description":"Information specifying a Cloud Run deployment target.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_clouddeploy_target_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddomains_registration":{"version":0,"block":{"attributes":{"contact_notices":{"type":["list","string"],"description":"The list of contact notices that the caller acknowledges. Possible value is PUBLIC_CONTACT_DATA_ACKNOWLEDGEMENT","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. Time at which the automation was created.","description_kind":"plain","computed":true},"domain_name":{"type":"string","description":"Required. The domain name. Unicode domain names must be expressed in Punycode format.","description_kind":"plain","required":true},"domain_notices":{"type":["list","string"],"description":"The list of domain notices that you acknowledge. Possible value is HSTS_PRELOADED","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Output only. Time at which the automation was updated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issues":{"type":["list","string"],"description":"Output only. The set of issues with the Registration that require attention.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with the Registration.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the Registration resource, in the format projects/*/locations/*/registrations/\u003cdomain_name\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"register_failure_reason":{"type":"string","description":"Output only. The reason the domain registration failed. Only set for domains in REGISTRATION_FAILED state.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the Registration.","description_kind":"plain","computed":true},"supported_privacy":{"type":["list","string"],"description":"Output only. Set of options for the contactSettings.privacy field that this Registration supports.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"contact_settings":{"nesting_mode":"list","block":{"attributes":{"privacy":{"type":"string","description":"Required. Privacy setting for the contacts associated with the Registration.\nValues are PUBLIC_CONTACT_DATA, PRIVATE_CONTACT_DATA, and REDACTED_CONTACT_DATA","description_kind":"plain","required":true}},"block_types":{"admin_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"registrant_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1},"technical_contact":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Required. Email address of the contact.","description_kind":"plain","required":true},"fax_number":{"type":"string","description":"Fax number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","optional":true},"phone_number":{"type":"string","description":"Required. Phone number of the contact in international format. For example, \"+1-800-555-0123\".","description_kind":"plain","required":true}},"block_types":{"postal_address":{"nesting_mode":"list","block":{"attributes":{"address_lines":{"type":["list","string"],"description":"Unstructured address lines describing the lower levels of an address.\nBecause values in addressLines do not have type information and may sometimes contain multiple values in a single\nfield (e.g. \"Austin, TX\"), it is important that the line order is clear. The order of address lines should be\n\"envelope order\" for the country/region of the address. In places where this can vary (e.g. Japan), address_language\nis used to make it explicit (e.g. \"ja\" for large-to-small ordering and \"ja-Latn\" or \"en\" for small-to-large). This way,\nthe most specific line of an address can be selected based on the language.","description_kind":"plain","optional":true},"administrative_area":{"type":"string","description":"Highest administrative subdivision which is used for postal addresses of a country or region. For example, this can be a state,\na province, an oblast, or a prefecture. Specifically, for Spain this is the province and not the autonomous community\n(e.g. \"Barcelona\" and not \"Catalonia\"). Many countries don't use an administrative area in postal addresses. E.g. in Switzerland\nthis should be left unpopulated.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"Generally refers to the city/town portion of the address. Examples: US city, IT comune, UK post town. In regions of the world\nwhere localities are not well defined or do not fit into this structure well, leave locality empty and use addressLines.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The name of the organization at the address.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"Postal code of the address. Not all countries use or require postal codes to be present, but where they are used,\nthey may trigger additional validation with other parts of the address (e.g. state/zip validation in the U.S.A.).","description_kind":"plain","optional":true},"recipients":{"type":["list","string"],"description":"The recipient at the address. This field may, under certain circumstances, contain multiline information. For example,\nit might contain \"care of\" information.","description_kind":"plain","optional":true},"region_code":{"type":"string","description":"Required. CLDR region code of the country/region of the address. This is never inferred and it is up to the user to\nensure the value is correct. See https://cldr.unicode.org/ and\nhttps://www.unicode.org/cldr/charts/30/supplemental/territory_information.html for details. Example: \"CH\" for Switzerland.","description_kind":"plain","required":true}},"description":"Required. Postal address of the contact.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Caution: Anyone with access to this email address, phone number, and/or postal address can take control of the domain.\n\nWarning: For new Registrations, the registrant receives an email confirmation that they must complete within 15 days to\navoid domain suspension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Settings for contact information linked to the Registration.","description_kind":"plain"},"min_items":1,"max_items":1},"dns_settings":{"nesting_mode":"list","block":{"block_types":{"custom_dns":{"nesting_mode":"list","block":{"attributes":{"name_servers":{"type":["list","string"],"description":"Required. A list of name servers that store the DNS zone for this domain. Each name server is a domain\nname, with Unicode domain names expressed in Punycode format.","description_kind":"plain","required":true}},"block_types":{"ds_records":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm used to generate the referenced DNSKEY.","description_kind":"plain","optional":true},"digest":{"type":"string","description":"The digest generated from the referenced DNSKEY.","description_kind":"plain","optional":true},"digest_type":{"type":"string","description":"The hash function used to generate the digest of the referenced DNSKEY.","description_kind":"plain","optional":true},"key_tag":{"type":"number","description":"The key tag of the record. Must be set in range 0 -- 65535.","description_kind":"plain","optional":true}},"description":"The list of DS records for this domain, which are used to enable DNSSEC. The domain's DNS provider can provide\nthe values to set here. If this field is empty, DNSSEC is disabled.","description_kind":"plain"}}},"description":"Configuration for an arbitrary DNS provider.","description_kind":"plain"},"max_items":1},"glue_records":{"nesting_mode":"list","block":{"attributes":{"host_name":{"type":"string","description":"Required. Domain name of the host in Punycode format.","description_kind":"plain","required":true},"ipv4_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true},"ipv6_addresses":{"type":["list","string"],"description":"List of IPv4 addresses corresponding to this host in the standard decimal format (e.g. 198.51.100.1).\nAt least one of ipv4_address and ipv6_address must be set.","description_kind":"plain","optional":true}},"description":"The list of glue records for this Registration. Commonly empty.","description_kind":"plain"}}},"description":"Settings controlling the DNS configuration of the Registration.","description_kind":"plain"},"max_items":1},"management_settings":{"nesting_mode":"list","block":{"attributes":{"preferred_renewal_method":{"type":"string","description":"The desired renewal method for this Registration. The actual renewalMethod is automatically updated to reflect this choice.\nIf unset or equal to RENEWAL_METHOD_UNSPECIFIED, the actual renewalMethod is treated as if it were set to AUTOMATIC_RENEWAL.\nYou cannot use RENEWAL_DISABLED during resource creation, and you can update the renewal status only when the Registration\nresource has state ACTIVE or SUSPENDED.\n\nWhen preferredRenewalMethod is set to AUTOMATIC_RENEWAL, the actual renewalMethod can be set to RENEWAL_DISABLED in case of\nproblems with the billing account or reported domain abuse. In such cases, check the issues field on the Registration. After\nthe problem is resolved, the renewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","optional":true,"computed":true},"renewal_method":{"type":"string","description":"Output only. The actual renewal method for this Registration. When preferredRenewalMethod is set to AUTOMATIC_RENEWAL,\nthe actual renewalMethod can be equal to RENEWAL_DISABLED—for example, when there are problems with the billing account\nor reported domain abuse. In such cases, check the issues field on the Registration. After the problem is resolved, the\nrenewalMethod is automatically updated to preferredRenewalMethod in a few hours.","description_kind":"plain","computed":true},"transfer_lock_state":{"type":"string","description":"Controls whether the domain can be transferred to another registrar. Values are UNLOCKED or LOCKED.","description_kind":"plain","optional":true,"computed":true}},"description":"Settings for management of the Registration, including renewal, billing, and transfer","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"yearly_price":{"nesting_mode":"list","block":{"attributes":{"currency_code":{"type":"string","description":"The three-letter currency code defined in ISO 4217.","description_kind":"plain","optional":true},"units":{"type":"string","description":"The whole units of the amount. For example if currencyCode is \"USD\", then 1 unit is one US dollar.","description_kind":"plain","optional":true}},"description":"Required. Yearly price to register or renew the domain. The value that should be put here can be obtained from\nregistrations.retrieveRegisterParameters or registrations.searchDomains calls.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"block_types":{"build_config":{"nesting_mode":"list","block":{"attributes":{"build":{"type":"string","description":"The Cloud Build name of the latest successful\ndeployment of the function.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key.","description_kind":"plain","optional":true,"computed":true},"entry_point":{"type":"string","description":"The name of the function (as defined in source code) that will be executed.\nDefaults to the resource name suffix, if not specified. For backward\ncompatibility, if function with given name is not found, then the system\nwill try to use function named \"function\". For Node.js this is name of a\nfunction exported by the module specified in source_location.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"User-provided build-time environment variables for the function.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which to run the function. Required when deploying a new\nfunction, optional when updating an existing function.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The fully-qualified name of the service account to be used for building the container.","description_kind":"plain","optional":true,"computed":true},"worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"block_types":{"repo_source":{"nesting_mode":"list","block":{"attributes":{"branch_name":{"type":"string","description":"Regex matching branches to build.","description_kind":"plain","optional":true},"commit_sha":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true},"dir":{"type":"string","description":"Directory, relative to the source root, in which to run the build.","description_kind":"plain","optional":true},"invert_regex":{"type":"bool","description":"Only trigger a build if the revision regex does\nNOT match the revision regex.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"ID of the project that owns the Cloud Source Repository. If omitted, the\nproject ID requesting the build is assumed.","description_kind":"plain","optional":true},"repo_name":{"type":"string","description":"Name of the Cloud Source Repository.","description_kind":"plain","optional":true},"tag_name":{"type":"string","description":"Regex matching tags to build.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in a Cloud Source Repository.","description_kind":"plain"},"max_items":1},"storage_source":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Google Cloud Storage bucket containing the source","description_kind":"plain","optional":true},"generation":{"type":"number","description":"Google Cloud Storage generation for the object. If the generation\nis omitted, the latest generation will be used.","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"Google Cloud Storage object containing the source.","description_kind":"plain","optional":true}},"description":"If provided, get the source from this location in Google Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"The location of the function source code.","description_kind":"plain"},"max_items":1}},"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain"},"max_items":1},"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"Required. The type of event to observe.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The name of a Pub/Sub topic in the same project that will be used\nas the transport topic for the event delivery.","description_kind":"plain","optional":true,"computed":true},"retry_policy":{"type":"string","description":"Describes the retry policy in case of function's execution failure.\nRetried execution is charged as any other execution. Possible values: [\"RETRY_POLICY_UNSPECIFIED\", \"RETRY_POLICY_DO_NOT_RETRY\", \"RETRY_POLICY_RETRY\"]","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Optional. The email of the trigger's service account. The service account\nmust have permission to invoke Cloud Run services. If empty, defaults to the\nCompute Engine default service account: {project_number}-compute@developer.gserviceaccount.com.","description_kind":"plain","optional":true,"computed":true},"trigger":{"type":"string","description":"Output only. The resource name of the Eventarc trigger.","description_kind":"plain","computed":true},"trigger_region":{"type":"string","description":"The region that the trigger will be in. The trigger will only receive\nevents originating in this region. It can be the same\nregion as the function, a different region or multi-region, or the global\nregion. If not provided, defaults to the same region as the function.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_filters":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"'Required. The name of a CloudEvents attribute.\nCurrently, only a subset of attributes are supported for filtering. Use the 'gcloud eventarc providers describe' command to learn more about events and their attributes.\nDo not filter for the 'type' attribute here, as this is already achieved by the resource's 'event_type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of\nthe filter. If not specified, only events that have an exact key-value\npair specified in the filter are matched.\nThe only allowed value is 'match-path-pattern'.\n[See documentation on path patterns here](https://cloud.google.com/eventarc/docs/path-patterns)'","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute.\nIf the operator field is set as 'match-path-pattern', this value can be a path pattern instead of an exact value.","description_kind":"plain","required":true}},"description":"Criteria used to filter events.","description_kind":"plain"}}},"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain"},"max_items":1},"service_config":{"nesting_mode":"list","block":{"attributes":{"all_traffic_on_latest_revision":{"type":"bool","description":"Whether 100% of traffic is routed to the latest revision. Defaults to true.","description_kind":"plain","optional":true},"available_cpu":{"type":"string","description":"The number of CPUs used in a single container instance. Default value is calculated from available memory.","description_kind":"plain","optional":true,"computed":true},"available_memory":{"type":"string","description":"The amount of memory available for a function.\nDefaults to 256M. Supported units are k, M, G, Mi, Gi. If no unit is\nsupplied the value is interpreted as bytes.","description_kind":"plain","optional":true,"computed":true},"environment_variables":{"type":["map","string"],"description":"Environment variables that shall be available during function execution.","description_kind":"plain","optional":true},"gcf_uri":{"type":"string","description":"URIs of the Service deployed","description_kind":"plain","computed":true},"ingress_settings":{"type":"string","description":"Available ingress settings. Defaults to \"ALLOW_ALL\" if unspecified. Default value: \"ALLOW_ALL\" Possible values: [\"ALLOW_ALL\", \"ALLOW_INTERNAL_ONLY\", \"ALLOW_INTERNAL_AND_GCLB\"]","description_kind":"plain","optional":true},"max_instance_count":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true,"computed":true},"max_instance_request_concurrency":{"type":"number","description":"Sets the maximum number of concurrent requests that each instance can receive. Defaults to 1.","description_kind":"plain","optional":true,"computed":true},"min_instance_count":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a\ngiven time.","description_kind":"plain","optional":true},"service":{"type":"string","description":"Name of the service associated with a Function.","description_kind":"plain","optional":true,"computed":true},"service_account_email":{"type":"string","description":"The email of the service account for this function.","description_kind":"plain","optional":true,"computed":true},"timeout_seconds":{"type":"number","description":"The function execution timeout. Execution is considered failed and\ncan be terminated if the function is not completed at the end of the\ntimeout period. Defaults to 60 seconds.","description_kind":"plain","optional":true,"computed":true},"uri":{"type":"string","description":"URI of the Service deployed.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The Serverless VPC Access connector that this cloud function can connect to.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"Available egress settings. Possible values: [\"VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED\", \"PRIVATE_RANGES_ONLY\", \"ALL_TRAFFIC\"]","description_kind":"plain","optional":true}},"block_types":{"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new instances start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration.","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mountPath as /etc/secrets would mount the secret value files under the /etc/secrets directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount path: /etc/secrets","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (preferrably project number but can also be the project ID) of the project that contains the secret. If not set, it will be populated with the function's project assuming that the secret exists in the same project as of the function.","description_kind":"plain","required":true},"secret":{"type":"string","description":"Name of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mountPath as '/etc/secrets' and path as secret_foo would mount the secret value file at /etc/secrets/secret_foo.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string 'latest'). It is preferable to use latest version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the latest version of the secret will be made available in a file named after the secret under the mount point.'","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}}},"description":"Describes the Service being deployed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","optional":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","optional":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","optional":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","optional":true,"computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","optional":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","optional":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true,"computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","optional":true,"computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","optional":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","optional":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","optional":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","optional":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","optional":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"event_trigger":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":"string","description":"The type of event to observe. For example: \"google.storage.object.finalize\". See the documentation on calling Cloud Functions for a full reference of accepted triggers.","description_kind":"plain","required":true},"resource":{"type":"string","description":"The name or partial URI of the resource from which to observe events. For example, \"myBucket\" or \"projects/my-project/topics/my-topic\"","description_kind":"plain","required":true}},"block_types":{"failure_policy":{"nesting_mode":"list","block":{"attributes":{"retry":{"type":"bool","description":"Whether the function should be retried on failure. Defaults to false.","description_kind":"plain","required":true}},"description":"Specifies policy for failed executions","description_kind":"plain"},"max_items":1}},"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain"},"max_items":1},"secret_environment_variables":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Name of the environment variable.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is recommended to use a numeric version for secret environment variables as any updates to the secret value is not reflected until new clones start.","description_kind":"plain","required":true}},"description":"Secret environment variables configuration","description_kind":"plain"}},"secret_volumes":{"nesting_mode":"list","block":{"attributes":{"mount_path":{"type":"string","description":"The path within the container to mount the secret volume. For example, setting the mount_path as \"/etc/secrets\" would mount the secret value files under the \"/etc/secrets\" directory. This directory will also be completely shadowed and unavailable to mount any other secrets. Recommended mount paths: \"/etc/secrets\" Restricted mount paths: \"/cloudsql\", \"/dev/log\", \"/pod\", \"/proc\", \"/var/log\".","description_kind":"plain","required":true},"project_id":{"type":"string","description":"Project identifier (due to a known limitation, only project number is supported by this field) of the project that contains the secret. If not set, it will be populated with the function's project, assuming that the secret exists in the same project as of the function.","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"ID of the secret in secret manager (not the full resource name).","description_kind":"plain","required":true}},"block_types":{"versions":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Relative path of the file under the mount path where the secret value for this version will be fetched and made available. For example, setting the mount_path as \"/etc/secrets\" and path as \"/secret_foo\" would mount the secret value file at \"/etc/secrets/secret_foo\".","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the secret (version number or the string \"latest\"). It is preferable to use \"latest\" version with secret volumes as secret value changes are reflected immediately.","description_kind":"plain","required":true}},"description":"List of secret versions to mount for this secret. If empty, the \"latest\" version of the secret will be made available in a file named after the secret under the mount point.","description_kind":"plain"}}},"description":"Secret volumes configuration.","description_kind":"plain"}},"source_repository":{"nesting_mode":"list","block":{"attributes":{"deployed_url":{"type":"string","description":"The URL pointing to the hosted repository where the function was defined at the time of deployment.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The URL pointing to the hosted repository where the function is defined.","description_kind":"plain","required":true}},"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_binding":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_member":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"airflow_uri":{"type":"string","description":"The URI of the Apache Airflow Web UI hosted within this environment.","description_kind":"plain","computed":true},"dag_gcs_prefix":{"type":"string","description":"The Cloud Storage prefix of the DAGs for this environment. Although Cloud Storage objects reside in a flat namespace, a hierarchical file tree can be simulated using '/'-delimited object name prefixes. DAG objects for this environment reside in a simulated directory with this prefix.","description_kind":"plain","computed":true},"environment_size":{"type":"string","description":"The size of the Cloud Composer environment. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"gke_cluster":{"type":"string","description":"The Kubernetes Engine cluster used to run this environment.","description_kind":"plain","computed":true},"node_count":{"type":"number","description":"The number of nodes in the Kubernetes Engine cluster that will be used to run this environment. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"resilience_mode":{"type":"string","description":"Whether high resilience is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.1.15-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"data_retention_config":{"nesting_mode":"list","block":{"block_types":{"task_logs_retention_config":{"nesting_mode":"list","block":{"attributes":{"storage_mode":{"type":"string","description":"Whether logs in cloud logging only is enabled or not. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4 and newer.","description_kind":"plain","optional":true}},"description":"Optional. The configuration setting for Task Logs.","description_kind":"plain"},"min_items":1}},"description":"The configuration setting for Airflow data retention mechanism. This field is supported for Cloud Composer environments in versions composer-2.0.32-airflow-2.1.4. or newer","description_kind":"plain"},"max_items":1},"database_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Cloud SQL machine type used by Airflow database. It has to be one of: db-n1-standard-2, db-n1-standard-4, db-n1-standard-8 or db-n1-standard-16. If not specified, db-n1-standard-2 will be used.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. Cloud SQL database preferred zone.","description_kind":"plain","optional":true}},"description":"The configuration of Cloud SQL instance that is used by the Apache Airflow software. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Optional. Customer-managed Encryption Key available through Google's Key Management Service. Cannot be updated.","description_kind":"plain","required":true}},"description":"The encryption options for the Composer environment and its dependencies.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"Maintenance window end time. It is used only to calculate the duration of the maintenance window. The value for end-time must be in the future, relative to 'start_time'.","description_kind":"plain","required":true},"recurrence":{"type":"string","description":"Maintenance window recurrence. Format is a subset of RFC-5545 (https://tools.ietf.org/html/rfc5545) 'RRULE'. The only allowed values for 'FREQ' field are 'FREQ=DAILY' and 'FREQ=WEEKLY;BYDAY=...'. Example values: 'FREQ=WEEKLY;BYDAY=TU,WE', 'FREQ=DAILY'.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Start time of the first recurrence of the maintenance window.","description_kind":"plain","required":true}},"description":"The configuration for Cloud Composer maintenance window.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not master authorized networks is enabled.","description_kind":"plain","required":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"cidr_block must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"display_name is a field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"cidr_blocks define up to 50 external networks that could access Kubernetes master through HTTPS.","description_kind":"plain"}}},"description":"Configuration options for the master authorized networks feature. Enabled master authorized networks will disallow all external traffic to access Kubernetes master through HTTPS except traffic from the given CIDR blocks, Google Compute Engine Public IPs and Google Prod IPs.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The disk size in GB used for node VMs. Minimum size is 20GB. If unspecified, defaults to 100GB. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"enable_ip_masq_agent":{"type":"bool","description":"Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent","description_kind":"plain","optional":true,"computed":true},"ip_allocation_policy":{"type":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"description":"Configuration for controlling how IPs are allocated in the GKE cluster. Cannot be updated.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine machine type used for cluster instances, specified as a name or relative resource name. For example: \"projects/{project}/zones/{zone}/machineTypes/{machineType}\". Must belong to the enclosing environment's project and region/zone. The network must belong to the environment's project. If unspecified, the \"default\" network ID in the environment's project is used. If a Custom Subnet Network is provided, subnetwork must also be provided.","description_kind":"plain","optional":true,"computed":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all node VMs. Cannot be updated. If empty, defaults to [\"https://www.googleapis.com/auth/cloud-platform\"]. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs. If a service account is not specified, the \"default\" Compute Engine service account is used. Cannot be updated. If given, note that the service account must have roles/composer.worker for any GCP resources created under the Cloud Composer Environment.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The Compute Engine subnetwork to be used for machine communications, specified as a self-link, relative resource name (e.g. \"projects/{project}/regions/{region}/subnetworks/{subnetwork}\"), or by name. If subnetwork is provided, network must also be provided and the subnetwork must belong to the enclosing environment's project and region.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to all node VMs. Tags are used to identify valid sources or targets for network firewalls. Each tag within the list must comply with RFC1035. Cannot be updated.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine zone in which to deploy the VMs running the Apache Airflow software, specified as the zone name or relative resource name (e.g. \"projects/{project}/zones/{zone}\"). Must belong to the enclosing environment's project and region. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Kubernetes Engine cluster.","description_kind":"plain"},"max_items":1},"private_environment_config":{"nesting_mode":"list","block":{"attributes":{"cloud_composer_connection_subnetwork":{"type":"string","description":"When specified, the environment will use Private Service Connect instead of VPC peerings to connect to Cloud SQL in the Tenant Project, and the PSC endpoint in the Customer Project will use an IP address from this subnetwork. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_composer_network_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for Cloud Composer Network in tenant project will be reserved. Needs to be disjoint from private_cluster_config.master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain","optional":true,"computed":true},"cloud_sql_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range in tenant project will be reserved for Cloud SQL. Needs to be disjoint from web_server_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"connection_type":{"type":"string","description":"Mode of internal communication within the Composer environment. Must be one of \"VPC_PEERING\" or \"PRIVATE_SERVICE_CONNECT\".","description_kind":"plain","optional":true,"computed":true},"enable_private_endpoint":{"type":"bool","description":"If true, access to the public endpoint of the GKE cluster is denied. If this field is set to true, ip_allocation_policy.use_ip_aliases must be set to true for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true},"enable_privately_used_public_ips":{"type":"bool","description":"When enabled, IPs from public (non-RFC1918) ranges can be used for ip_allocation_policy.cluster_ipv4_cidr_block and ip_allocation_policy.service_ipv4_cidr_block.","description_kind":"plain","optional":true,"computed":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range is used for assigning internal IP addresses to the cluster master or set of masters and to the internal load balancer virtual IP. This range must not overlap with any other ranges in use within the cluster's network. If left blank, the default value of '172.16.0.0/28' is used.","description_kind":"plain","optional":true,"computed":true},"web_server_ipv4_cidr_block":{"type":"string","description":"The CIDR block from which IP range for web server will be reserved. Needs to be disjoint from master_ipv4_cidr_block and cloud_sql_ipv4_cidr_block. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration used for the Private IP Cloud Composer environment.","description_kind":"plain"},"max_items":1},"recovery_config":{"nesting_mode":"list","block":{"block_types":{"scheduled_snapshots_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, Cloud Composer periodically saves snapshots of your environment to a Cloud Storage bucket.","description_kind":"plain","required":true},"snapshot_creation_schedule":{"type":"string","description":"Snapshot schedule, in the unix-cron format.","description_kind":"plain","optional":true},"snapshot_location":{"type":"string","description":"the URI of a bucket folder where to save the snapshot.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"A time zone for the schedule. This value is a time offset and does not take into account daylight saving time changes. Valid values are from UTC-12 to UTC+12. Examples: UTC, UTC-01, UTC+03.","description_kind":"plain","optional":true}},"description":"The configuration settings for scheduled snapshots.","description_kind":"plain"},"max_items":1}},"description":"The recovery configuration settings for the Cloud Composer environment","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"airflow_config_overrides":{"type":["map","string"],"description":"Apache Airflow configuration properties to override. Property keys contain the section and property names, separated by a hyphen, for example \"core-dags_are_paused_at_creation\". Section names must not contain hyphens (\"-\"), opening square brackets (\"[\"), or closing square brackets (\"]\"). The property name must not be empty and cannot contain \"=\" or \";\". Section and property names cannot contain characters: \".\" Apache Airflow configuration property names must be written in snake_case. Property values can contain any character, and can be written in any lower/upper case format. Certain Apache Airflow configuration property values are blacklisted, and cannot be overridden.","description_kind":"plain","optional":true},"env_variables":{"type":["map","string"],"description":"Additional environment variables to provide to the Apache Airflow scheduler, worker, and webserver processes. Environment variable names must match the regular expression [a-zA-Z_][a-zA-Z0-9_]*. They cannot specify Apache Airflow software configuration overrides (they cannot match the regular expression AIRFLOW__[A-Z0-9_]+__[A-Z0-9_]+), and they cannot match any of the following reserved names: AIRFLOW_HOME C_FORCE_ROOT CONTAINER_NAME DAGS_FOLDER GCP_PROJECT GCS_BUCKET GKE_CLUSTER_NAME SQL_DATABASE SQL_INSTANCE SQL_PASSWORD SQL_PROJECT SQL_REGION SQL_USER.","description_kind":"plain","optional":true},"image_version":{"type":"string","description":"The version of the software running in the environment. This encapsulates both the version of Cloud Composer functionality and the version of Apache Airflow. It must match the regular expression composer-([0-9]+(\\.[0-9]+\\.[0-9]+(-preview\\.[0-9]+)?)?|latest)-airflow-([0-9]+(\\.[0-9]+(\\.[0-9]+)?)?). The Cloud Composer portion of the image version is a full semantic version, or an alias in the form of major version number or 'latest'. The Apache Airflow portion of the image version is a full semantic version that points to one of the supported Apache Airflow versions, or an alias in the form of only major or major.minor versions specified. See documentation for more details and version list.","description_kind":"plain","optional":true,"computed":true},"pypi_packages":{"type":["map","string"],"description":"Custom Python Package Index (PyPI) packages to be installed in the environment. Keys refer to the lowercase package name (e.g. \"numpy\"). Values are the lowercase extras and version specifier (e.g. \"==1.12.0\", \"[devel,gcp_api]\", \"[devel]\u003e=1.8.2, \u003c1.9.2\"). To specify a package without pinning it to a version specifier, use the empty string as the value.","description_kind":"plain","optional":true},"python_version":{"type":"string","description":"The major version of Python used to run the Apache Airflow scheduler, worker, and webserver processes. Can be set to '2' or '3'. If not specified, the default is '2'. Cannot be updated. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*. Environments in newer versions always use Python major version 3.","description_kind":"plain","optional":true,"computed":true},"scheduler_count":{"type":"number","description":"The number of schedulers for Airflow. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-2.*.*.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration settings for software inside the environment.","description_kind":"plain"},"max_items":1},"web_server_config":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"Optional. Machine type on which Airflow web server is running. It has to be one of: composer-n1-webserver-2, composer-n1-webserver-4 or composer-n1-webserver-8. If not specified, composer-n1-webserver-2 will be used. Value custom is returned only in response, if Airflow web server parameters were manually changed to a non-standard values.","description_kind":"plain","required":true}},"description":"The configuration settings for the Airflow web server App Engine instance. This field is supported for Cloud Composer environments in versions composer-1.*.*-airflow-*.*.*.","description_kind":"plain"},"max_items":1},"web_server_network_access_control":{"nesting_mode":"list","block":{"block_types":{"allowed_ip_range":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of this ip range.","description_kind":"plain","optional":true},"value":{"type":"string","description":"IP address or range, defined using CIDR notation, of requests that this rule applies to. Examples: 192.168.1.1 or 192.168.0.0/16 or 2001:db8::/32 or 2001:0db8:0000:0042:0000:8a2e:0370:7334. IP range prefixes should be properly truncated. For example, 1.2.3.4/24 should be truncated to 1.2.3.0/24. Similarly, for IPv6, 2001:db8::1/32 should be truncated to 2001:db8::/32.","description_kind":"plain","required":true}},"description":"A collection of allowed IP ranges with descriptions.","description_kind":"plain"}}},"description":"Network-level access control policy for the Airflow web server.","description_kind":"plain"},"max_items":1},"workloads_config":{"nesting_mode":"list","block":{"block_types":{"scheduler":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of schedulers.","description_kind":"plain","optional":true,"computed":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow scheduler replica","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow scheduler replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow schedulers.","description_kind":"plain"},"max_items":1},"triggerer":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of triggerers.","description_kind":"plain","required":true},"cpu":{"type":"number","description":"CPU request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow triggerer replica.","description_kind":"plain","required":true}},"description":"Configuration for resources used by Airflow triggerers.","description_kind":"plain"},"max_items":1},"web_server":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for Airflow web server.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow web server.","description_kind":"plain"},"max_items":1},"worker":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"number","description":"CPU request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"max_count":{"type":"number","description":"Maximum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"memory_gb":{"type":"number","description":"Memory (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true},"min_count":{"type":"number","description":"Minimum number of workers for autoscaling.","description_kind":"plain","optional":true,"computed":true},"storage_gb":{"type":"number","description":"Storage (GB) request and limit for a single Airflow worker replica.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for resources used by Airflow workers.","description_kind":"plain"},"max_items":1}},"description":"The workloads configuration settings for the GKE cluster associated with the Cloud Composer environment. Supported for Cloud Composer environments in versions composer-2.*.*-airflow-*.*.* and newer.","description_kind":"plain"},"max_items":1}},"description":"Configuration parameters for this environment.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Optional. Name of an existing Cloud Storage bucket to be used by the environment.","description_kind":"plain","required":true}},"description":"Configuration options for storage used by Composer environment.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The static external IP address represented by this resource.\nThe IP address must be inside the specified subnetwork,\nif any. Set by the API if undefined.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of address to reserve.\nNote: if you set this argument's value as 'INTERNAL' you need to leave the 'network_tier' argument unset in that resource block. Default value: \"EXTERNAL\" Possible values: [\"INTERNAL\", \"EXTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"ipv6_endpoint_type":{"type":"string","description":"The endpoint type of this address, which should be VM or NETLB. This is\nused for deciding which type of endpoint this address can be used after\nthe external IPv6 address reservation. Possible values: [\"VM\", \"NETLB\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this address. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the address. This field\ncan only be used with INTERNAL type with the VPC_PEERING and\nIPSEC_INTERCONNECT purposes.","description_kind":"plain","optional":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this address. If this field is not\nspecified, it is assumed to be PREMIUM.\nThis argument should not be used when configuring Internal addresses, because [network tier cannot be set for internal traffic; it's always Premium](https://cloud.google.com/network-tiers/docs/overview). Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"prefix_length":{"type":"number","description":"The prefix length if the resource represents an IP range.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of this resource, which can be one of the following values.\n\n* GCE_ENDPOINT for addresses that are used by VM instances, alias IP\nranges, load balancers, and similar resources.\n\n* SHARED_LOADBALANCER_VIP for an address that can be used by multiple\ninternal load balancers.\n\n* VPC_PEERING for addresses that are reserved for VPC peer networks.\n\n* IPSEC_INTERCONNECT for addresses created from a private IP range that\nare reserved for a VLAN attachment in an HA VPN over Cloud Interconnect\nconfiguration. These addresses are regional resources.\n\n* PRIVATE_SERVICE_CONNECT for a private network address that is used to\nconfigure Private Service Connect. Only global internal addresses can use\nthis purpose.\n\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The URL of the subnetwork in which to reserve the address. If an IP\naddress is specified, it must be within the subnetwork's IP range.\nThis field can only be used with INTERNAL type with\nGCE_ENDPOINT/DNS_RESOLVER purposes.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"The URLs of the resources that are using this address.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_attached_disk":{"version":0,"block":{"attributes":{"device_name":{"type":"string","description":"Specifies a unique device name of your choice that is reflected into the /dev/disk/by-id/google-* tree of a Linux operating system running within the instance. This name can be used to reference the device for mounting, resizing, and so on, from within the instance. If not specified, the server chooses a default device name to apply to this disk, in the form persistent-disks-x, where x is a number assigned by Google Compute Engine.","description_kind":"plain","optional":true,"computed":true},"disk":{"type":"string","description":"name or self_link of the disk that will be attached.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"name or self_link of the compute instance that the disk will be attached to. If the self_link is provided then zone and project are extracted from the self link. If only the name is used then zone and project must be defined as properties on the resource or provider.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If not specified, the default is to attach the disk in READ_WRITE mode.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project that the referenced compute instance is a part of. If instance is referenced by its self_link the project defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone that the referenced compute instance is located within. If instance is referenced by its self_link the zone defined in the link will take precedence.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true},"zone":{"type":"string","description":"URL of the zone where the instance group resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","required":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"request_coalescing":{"type":"bool","description":"If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.","description_kind":"plain","optional":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request will\nbe considered fresh. After this time period,\nthe response will be revalidated before being served.\nWhen serving responses to signed URL requests,\nCloud CDN will internally behave as though\nall responses from this backend had a \"Cache-Control: public,\nmax-age=[TTL]\" header, regardless of any existing Cache-Control\nheader. The actual headers served in responses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","optional":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"},"max_items":5},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys.\nDefault parameters are always included. '\u0026' and '=' will\nbe percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_bucket_signed_url_key":{"version":0,"block":{"attributes":{"backend_bucket":{"type":"string","description":"The backend bucket this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","optional":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nFor global HTTP(S) or TCP/SSL load balancing, the default is\nUTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S))\nand CONNECTION (for TCP/SSL).\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"UTILIZATION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\nDefault value is 1, which means the group will serve up to 100%\nof its configured capacity (depending on balancingMode). A\nsetting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either\nmaxConnections or maxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. This is used to calculate the\ncapacity of the group. Can be used in either CONNECTION or\nUTILIZATION balancing modes.\n\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. For RATE mode, either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set.","description_kind":"plain","optional":true,"computed":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set.","description_kind":"plain","optional":true,"computed":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].","description_kind":"plain","optional":true,"computed":true}},"description":"The set of backends that serve this BackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"bypass_cache_on_request_headers":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The header field name to match on when bypassing cache. Values are case-insensitive.","description_kind":"plain","required":true}},"description":"Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified.\nThe cache is bypassed for all cdnPolicy.cacheMode settings.","description_kind":"plain"}},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_http_headers":{"type":["list","string"],"description":"Allows HTTP request headers (by name) to be used in the\ncache key.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s\n(30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"locality_lb_policies":{"nesting_mode":"list","block":{"block_types":{"custom_policy":{"nesting_mode":"list","block":{"attributes":{"data":{"type":"string","description":"An optional, arbitrary JSON object with configuration data, understood\nby a locally installed custom policy implementation.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Identifies the custom policy.\n\nThe value should match the type the custom implementation is registered\nwith on the gRPC clients. It should follow protocol buffer\nmessage naming conventions and include the full path (e.g.\nmyorg.CustomLbPolicy). The maximum length is 256 characters.\n\nNote that specifying the same custom policy more than once for a\nbackend is not a valid configuration and will be rejected.","description_kind":"plain","required":true}},"description":"The configuration for a custom policy implemented by the user and\ndeployed with the client.","description_kind":"plain"},"max_items":1},"policy":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a locality load balancer policy to be used. The value\nshould be one of the predefined ones as supported by localityLbPolicy,\nalthough at the moment only ROUND_ROBIN is supported.\n\nThis field should only be populated when the customPolicy field is not\nused.\n\nNote that specifying the same policy more than once for a backend is\nnot a valid configuration and will be rejected.\n\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\"]","description_kind":"plain","required":true}},"description":"The configuration for a built-in load balancing policy.","description_kind":"plain"},"max_items":1}},"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain"},"max_items":1},"security_settings":{"nesting_mode":"list","block":{"attributes":{"client_tls_policy":{"type":"string","description":"ClientTlsPolicy is a resource that specifies how a client should authenticate\nconnections to backends of a service. This resource itself does not affect\nconfiguration unless it is attached to a backend service resource.","description_kind":"plain","required":true},"subject_alt_names":{"type":["list","string"],"description":"A list of alternate names to verify the subject identity in the certificate.\nIf specified, the client will verify that the server certificate's subject\nalt name matches one of the specified values.","description_kind":"plain","required":true}},"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_backend_service_signed_url_key":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"The backend service this signed URL key belongs.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_value":{"type":"string","description":"128-bit key value used for signing the URL. The key value must be a\nvalid RFC 4648 Section 5 base64url encoded string.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"Name of the signed URL key.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"rsa_encrypted_key":{"type":"string","description":"Specifies an RFC 4648 base64 encoded, RSA-wrapped 2048-bit\ncustomer-supplied encryption key to either encrypt or decrypt\nthis resource. You can provide either the rawKey or the rsaEncryptedKey.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key used to encrypt the disk. Also called KmsKeyName\nin the cloud console. Your project's Compute Engine System service account\n('service-{{PROJECT_NUMBER}}@compute-system.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nSee https://cloud.google.com/compute/docs/disks/customer-managed-encryption#encrypt_a_new_persistent_disk_with_your_own_keys","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_async_replication":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"primary_disk":{"type":"string","description":"Primary disk for asynchronous replication.","description_kind":"plain","required":true}},"block_types":{"secondary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Secondary disk for asynchronous replication.","description_kind":"plain","required":true},"state":{"type":"string","description":"Output-only. Status of replication on the secondary disk.","description_kind":"plain","computed":true}},"description":"Secondary disk for asynchronous replication.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_external_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels for the external VPN gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"redundancy_type":{"type":"string","description":"Indicates the redundancy type of this external VPN gateway Possible values: [\"FOUR_IPS_REDUNDANCY\", \"SINGLE_IP_INTERNALLY_REDUNDANT\", \"TWO_IPS_REDUNDANCY\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"interface":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID for this interface. Allowed values are based on the redundancy type\nof this external VPN gateway\n* '0 - SINGLE_IP_INTERNALLY_REDUNDANT'\n* '0, 1 - TWO_IPS_REDUNDANCY'\n* '0, 1, 2, 3 - FOUR_IPS_REDUNDANCY'","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IP address of the interface in the external VPN gateway.\nOnly IPv4 is supported. This IP address can be either from\nyour on-premise gateway or another Cloud provider's VPN gateway,\nit cannot be an IP address from Google Compute Engine.","description_kind":"plain","optional":true}},"description":"A list of interfaces on this external VPN gateway.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall":{"version":1,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"destination_ranges":{"type":["set","string"],"description":"If destination ranges are specified, the firewall will apply only to\ntraffic that has destination IP address in these ranges. These ranges\nmust be expressed in CIDR format. IPv4 or IPv6 ranges are supported.","description_kind":"plain","optional":true,"computed":true},"direction":{"type":"string","description":"Direction of traffic to which this firewall applies; default is\nINGRESS. Note: For INGRESS traffic, one of 'source_ranges',\n'source_tags' or 'source_service_accounts' is required. Possible values: [\"INGRESS\", \"EGRESS\"]","description_kind":"plain","optional":true,"computed":true},"disabled":{"type":"bool","description":"Denotes whether the firewall rule is disabled, i.e not applied to the\nnetwork it is associated with. When set to true, the firewall rule is\nnot enforced and the network behaves as if it did not exist. If this\nis unspecified, the firewall rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","deprecated":true,"optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the network to attach this firewall to.","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority for this rule. This is an integer between 0 and 65535, both\ninclusive. When not specified, the value assumed is 1000. Relative\npriorities determine precedence of conflicting rules. Lower value of\npriority implies higher precedence (eg, a rule with priority 0 has\nhigher precedence than a rule with priority 1). DENY rules take\nprecedence over ALLOW rules having equal priority.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ranges":{"type":["set","string"],"description":"If source ranges are specified, the firewall will apply only to\ntraffic that has source IP address in these ranges. These ranges must\nbe expressed in CIDR format. One or both of sourceRanges and\nsourceTags may be set. If both properties are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP that belongs to a tag listed in the sourceTags property. The\nconnection does not need to match both properties for the firewall to\napply. IPv4 or IPv6 ranges are supported. For INGRESS traffic, one of\n'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_service_accounts":{"type":["set","string"],"description":"If source service accounts are specified, the firewall will apply only\nto traffic originating from an instance with a service account in this\nlist. Source service accounts cannot be used to control traffic to an\ninstance's external IP address because service accounts are associated\nwith an instance, not an IP address. sourceRanges can be set at the\nsame time as sourceServiceAccounts. If both are set, the firewall will\napply to traffic that has source IP address within sourceRanges OR the\nsource IP belongs to an instance with service account listed in\nsourceServiceAccount. The connection does not need to match both\nproperties for the firewall to apply. sourceServiceAccounts cannot be\nused at the same time as sourceTags or targetTags. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"source_tags":{"type":["set","string"],"description":"If source tags are specified, the firewall will apply only to traffic\nwith source IP that belongs to a tag listed in source tags. Source\ntags cannot be used to control traffic to an instance's external IP\naddress. Because tags are associated with an instance, not an IP\naddress. One or both of sourceRanges and sourceTags may be set. If\nboth properties are set, the firewall will apply to traffic that has\nsource IP address within sourceRanges OR the source IP that belongs to\na tag listed in the sourceTags property. The connection does not need\nto match both properties for the firewall to apply. For INGRESS traffic,\none of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["set","string"],"description":"A list of service accounts indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\ntargetServiceAccounts cannot be used at the same time as targetTags or\nsourceTags. If neither targetServiceAccounts nor targetTags are\nspecified, the firewall rule applies to all instances on the specified\nnetwork.","description_kind":"plain","optional":true},"target_tags":{"type":["set","string"],"description":"A list of instance tags indicating sets of instances located in the\nnetwork that may make network connections as specified in allowed[].\nIf no targetTags are specified, the firewall rule applies to all\ninstances on the specified network.","description_kind":"plain","optional":true}},"block_types":{"allow":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of ALLOW rules specified by this firewall. Each rule\nspecifies a protocol and port-range tuple that describes a permitted\nconnection.","description_kind":"plain"}},"deny":{"nesting_mode":"set","block":{"attributes":{"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field\nis only applicable for UDP or TCP protocol. Each entry must be\neither an integer or a range. If not specified, this rule\napplies to connections through any port.\n\nExample inputs include: [\"22\"], [\"80\",\"443\"], and\n[\"12345-12349\"].","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is\nrequired when creating a firewall rule. This value can either be\none of the following well known protocol strings (tcp, udp,\nicmp, esp, ah, sctp, ipip, all), or the IP protocol number.","description_kind":"plain","required":true}},"description":"The list of DENY rules specified by this firewall. Each rule specifies\na protocol and port-range tuple that describes a denied connection.","description_kind":"plain"}},"log_config":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"This field denotes whether to include or exclude metadata for firewall logs. Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\"]","description_kind":"plain","required":true}},"description":"This field denotes the logging options for a particular firewall rule.\nIf defined, logging is enabled, and logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the firewall policy.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true},"short_name":{"type":"string","description":"User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_resources":{"type":["list","string"],"description":"A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.","description_kind":"plain","optional":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","optional":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","optional":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","optional":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","optional":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true,"computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true,"computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service Directory service to register the forwarding rule under.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description":"The IP address or beginning of the address range represented by this\nresource. This can be supplied as an input to reserve a specific\naddress or omitted to allow GCP to choose a valid one for you.","description_kind":"plain","optional":true,"computed":true},"address_type":{"type":"string","description":"The type of the address to reserve.\n\n* EXTERNAL indicates public/external single IP address.\n* INTERNAL indicates internal IP ranges belonging to some network. Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this address. The default value is 'IPV4'. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network in which to reserve the IP range. The IP range\nmust be in RFC1918 space. The network cannot be deleted if there are\nany reserved IP ranges referring to it.\n\nThis should only be set when using an Internal address.","description_kind":"plain","optional":true},"prefix_length":{"type":"number","description":"The prefix length of the IP range. If not present, it means the\naddress field is a single IP address.\n\nThis field is not applicable to addresses with addressType=INTERNAL\nwhen purpose=PRIVATE_SERVICE_CONNECT","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. Possible values include:\n\n* VPC_PEERING - for peer networks\n\n* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","optional":true,"computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","optional":true,"computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","optional":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","optional":true,"computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of\nfilterLabels contribute towards the overall metadataFilter match.\n\nMATCH_ANY - At least one of the filterLabels must have a matching\nlabel in the provided metadata.\nMATCH_ALL - All filterLabels must have matching labels in the\nprovided metadata. Possible values: [\"MATCH_ANY\", \"MATCH_ALL\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the metadata label. The length must be between\n1 and 1024 characters, inclusive.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value that the label must match. The value has a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the\nprovided metadata based on filterMatchCriteria\n\nThis list must not be empty and can have at the most 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"service_directory_registrations":{"nesting_mode":"list","block":{"attributes":{"namespace":{"type":"string","description":"Service Directory namespace to register the forwarding rule under.","description_kind":"plain","optional":true,"computed":true},"service_directory_region":{"type":"string","description":"[Optional] Service Directory region to register this global forwarding rule under.\nDefault to \"us-central1\". Only used for PSC for Google APIs. All PSC for\nGoogle APIs Forwarding Rules on the same network should use the same Service\nDirectory region.","description_kind":"plain","optional":true}},"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"global_network_endpoint_group":{"type":"string","description":"The global network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of the external endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_global_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Possible values: [\"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpn_interfaces":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"number","description":"The numeric ID of this VPN gateway interface.","description_kind":"plain","optional":true},"interconnect_attachment":{"type":"string","description":"URL of the interconnect attachment resource. When the value\nof this field is present, the VPN Gateway will be used for\nIPsec-encrypted Cloud Interconnect; all Egress or Ingress\ntraffic for this VPN Gateway interface will go through the\nspecified interconnect attachment resource.\n\nNot currently available publicly.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The external IP address for this VPN gateway interface.","description_kind":"plain","computed":true}},"description":"A list of interfaces on this VPN gateway.","description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n - Empty serviceName means the overall status of all services at the backend.\n - Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_http_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTP health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_https_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The value of the host header in the HTTPS health check request. If\nleft empty (default value), the public IP on behalf of which this\nhealth check is performed will be used.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description":"Size of the image tar.gz archive stored in Google Cloud Storage (in\nbytes).","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the image when restored onto a persistent disk (in GB).","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"family":{"type":"string","description":"The name of the image family to which this image belongs. You can\ncreate disks by specifying an image family instead of a specific\nimage name. The image family always returns its latest image that is\nnot deprecated. The name of the image family must comply with\nRFC1035.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Image.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk to create this image based on.\nYou must provide either this property or the\nrawDisk.source property but not both to create an image.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"URL of the source image used to create this image. In order to create an image, you must provide the full or partial\nURL of one of the following:\n\n* The selfLink URL\n* This property\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"URL of the source snapshot used to create this image.\n\nIn order to create an image, you must provide the full or partial URL of one of the following:\n\n* The selfLink URL\n* This property\n* The sourceImage URL\n* The rawDisk.source URL\n* The sourceDisk URL","description_kind":"plain","optional":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the image\n(regional or multi-regional).\nReference link: https://cloud.google.com/compute/docs/reference/rest/v1/images","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\", \"SEV_LIVE_MIGRATABLE_V2\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable images.","description_kind":"plain"}},"image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud\nKMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption request for the\ngiven KMS key. If absent, the Compute Engine default service\naccount is used.","description_kind":"plain","optional":true}},"description":"Encrypts the image using a customer-supplied encryption key.\n\nAfter you encrypt an image with a customer-supplied key, you must\nprovide the same key if you use the image later (e.g. to create a\ndisk from the image)","description_kind":"plain"},"max_items":1},"raw_disk":{"nesting_mode":"list","block":{"attributes":{"container_type":{"type":"string","description":"The format used to encode and transmit the block device, which\nshould be TAR. This is just a container and transmission format\nand not a runtime format. Provided by the client when the disk\nimage is created. Default value: \"TAR\" Possible values: [\"TAR\"]","description_kind":"plain","optional":true},"sha1":{"type":"string","description":"An optional SHA1 checksum of the disk image before unpackaging.\nThis is provided by the client when the disk image is created.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The full Google Cloud Storage URL where disk storage is stored\nYou must provide either this property or the sourceDisk property\nbut not both.","description_kind":"plain","required":true}},"description":"The parameters of the raw disk image.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_image_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"attached_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","required":true}},"description":"List of disks attached to the instance","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"min_items":1,"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that is be 1:1 mapped to the instance's network ip.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance. One of PREMIUM or STANDARD.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.","description_kind":"plain","optional":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"},"min_items":1},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"scratch_disk":{"nesting_mode":"list","block":{"attributes":{"device_name":{"type":"string","description":"Name with which the attached disk is accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"The disk interface used for attaching this disk. One of SCSI or NVME.","description_kind":"plain","required":true},"size":{"type":"number","description":"The size of the disk in gigabytes. One of 375 or 3000.","description_kind":"plain","optional":true}},"description":"The scratch disks attached to the instance.","description_kind":"plain"}},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes.","description_kind":"plain","required":true}},"description":"The service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_from_template":{"version":0,"block":{"attributes":{"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","optional":true,"computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","optional":true,"computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","optional":true,"computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","optional":true,"computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","optional":true,"computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","optional":true,"computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true,"computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","optional":true,"computed":true},"source_instance_template":{"type":"string","description":"Name or self link of an instance template to create the instance based on.","description_kind":"plain","required":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","optional":true,"computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true,"computed":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true,"computed":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true,"computed":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether the disk will be auto-deleted when the instance is deleted.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"Name with which attached disk will be accessible under /dev/disk/by-id/","description_kind":"plain","optional":true,"computed":true},"disk_encryption_key_raw":{"type":"string","description":"A 256-bit customer-supplied encryption key, encoded in RFC 4648 base64 to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"disk_encryption_key_sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied encryption key that protects this resource.","description_kind":"plain","computed":true},"kms_key_self_link":{"type":"string","description":"The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. Only one of kms_key_self_link and disk_encryption_key_raw may be set.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"Read/write mode for the disk. One of \"READ_ONLY\" or \"READ_WRITE\".","description_kind":"plain","optional":true,"computed":true},"source":{"type":"string","description":"The name or self_link of the disk attached to this instance.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"A flag to enable confidential compute mode on boot disk","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which this disk was initialised.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the disk.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much throughput to provision for the disk. This sets the number of throughput mb per second that the disk can handle.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The size of the image in gigabytes.","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The Google Compute Engine disk type. Such as pd-standard, pd-ssd or pd-balanced.","description_kind":"plain","optional":true,"computed":true}},"description":"Parameters with which a disk was created alongside the instance.","description_kind":"plain"},"max_items":1}},"description":"The boot disk for the instance.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"network_interface":{"nesting_mode":"list","block":{"attributes":{"access_config":{"type":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet.","description_kind":"plain","optional":true,"computed":true},"alias_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"description":"An array of alias IP ranges for this network interface.","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the interface","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network attached to this interface.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address assigned to the instance.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true,"computed":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the subnetwork attached to this interface.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The project in which the subnetwork belongs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. To use a static external IP address, it must be unused and in the same region as the instance's zone. If not specified, Google Cloud will automatically assign an external IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this access configuration. In ipv6AccessConfigs, the recommended name is External IPv6.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","optional":true,"computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"The networks attached to the instance.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"params":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true,"computed":true}},"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies if the instance should be restarted if it was terminated by Compute Engine (not a user).","description_kind":"plain","optional":true,"computed":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true,"computed":true},"min_node_cpus":{"type":"number","description_kind":"plain","optional":true,"computed":true},"on_host_maintenance":{"type":"string","description":"Describes maintenance behavior for the instance. One of MIGRATE or TERMINATE,","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the instance is preemptible.","description_kind":"plain","optional":true,"computed":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true,"computed":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"},"max_items":1},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy being used by the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Whether integrity monitoring is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_secure_boot":{"type":"bool","description":"Whether secure boot is enabled for the instance.","description_kind":"plain","optional":true,"computed":true},"enable_vtpm":{"type":"bool","description":"Whether the instance uses vTPM.","description_kind":"plain","optional":true,"computed":true}},"description":"The shielded vm config being used by the instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description":"An optional textual description of the instance group.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"The list of instances in the group, in self_link format. When adding instances they must all be in the same network and zone as the instance group.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance group. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network the instance group is in. If this is different from the network where the instances are in, the creation fails. Defaults to the network where the instances are in (if neither network nor instances is specified, this field will be blank).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The number of instances in the group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that this instance group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"named_port":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name which the port will be mapped to.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number to map the name to.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. If neither is set, defaults to 1","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. If neither is set, defaults to 1.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_instance_group_membership":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"An instance being added to the InstanceGroup","description_kind":"plain","required":true},"instance_group":{"type":"string","description":"Represents an Instance Group resource name that the instance belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the instance group resides.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_group_named_port":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the instance group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for this named port. The name must be 1-63 characters\nlong, and comply with RFC1035.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number, which can be a value between 1 and 65535.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone of the instance group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_settings":{"version":0,"block":{"attributes":{"fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"items":{"type":["map","string"],"description":"A metadata key/value items map. The total size of all keys and values must be less than 512KB","description_kind":"plain","optional":true}},"description":"The metadata key/value pairs assigned to all the instances in the corresponding scope.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description":"A special URI of the created resource that uniquely identifies this instance template.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_interconnect_attachment":{"version":0,"block":{"attributes":{"admin_enabled":{"type":"bool","description":"Whether the VLAN attachment is enabled or disabled. When using\nPARTNER type this will Pre-Activate the interconnect attachment","description_kind":"plain","optional":true},"bandwidth":{"type":"string","description":"Provisioned bandwidth capacity for the interconnect attachment.\nFor attachments of type DEDICATED, the user can set the bandwidth.\nFor attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth.\nOutput only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED,\nDefaults to BPS_10G Possible values: [\"BPS_50M\", \"BPS_100M\", \"BPS_200M\", \"BPS_300M\", \"BPS_400M\", \"BPS_500M\", \"BPS_1G\", \"BPS_2G\", \"BPS_5G\", \"BPS_10G\", \"BPS_20G\", \"BPS_50G\"]","description_kind":"plain","optional":true,"computed":true},"candidate_subnets":{"type":["list","string"],"description":"Up to 16 candidate prefixes that can be used to restrict the allocation\nof cloudRouterIpAddress and customerRouterIpAddress for this attachment.\nAll prefixes must be within link-local address space (169.254.0.0/16)\nand must be /29 or shorter (/28, /27, etc). Google will attempt to select\nan unused /29 from the supplied candidate prefix(es). The request will\nfail if all possible /29s are in use on Google's edge. If not supplied,\nGoogle will randomly select an unused /29 from all of link-local space.","description_kind":"plain","optional":true},"cloud_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"cloud_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on Cloud Router\nInterface for this interconnect attachment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"customer_router_ip_address":{"type":"string","description":"IPv4 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"customer_router_ipv6_address":{"type":"string","description":"IPv6 address + prefix length to be configured on the customer\nrouter subinterface for this interconnect attachment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"edge_availability_domain":{"type":"string","description":"Desired availability domain for the attachment. Only available for type\nPARTNER, at creation time. For improved reliability, customers should\nconfigure a pair of attachments with one per availability domain. The\nselected availability domain will be provided to the Partner via the\npairing key so that the provisioned circuit will lie in the specified\ndomain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY.","description_kind":"plain","optional":true,"computed":true},"encryption":{"type":"string","description":"Indicates the user-supplied encryption option of this interconnect\nattachment. Can only be specified at attachment creation for PARTNER or\nDEDICATED attachments.\n\n* NONE - This is the default value, which means that the VLAN attachment\ncarries unencrypted traffic. VMs are able to send traffic to, or receive\ntraffic from, such a VLAN attachment.\n\n* IPSEC - The VLAN attachment carries only encrypted traffic that is\nencrypted by an IPsec device, such as an HA VPN gateway or third-party\nIPsec VPN. VMs cannot directly send traffic to, or receive traffic from,\nsuch a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN\nattachment must be created with this option. Default value: \"NONE\" Possible values: [\"NONE\", \"IPSEC\"]","description_kind":"plain","optional":true},"google_reference_id":{"type":"string","description":"Google reference ID, to be used when raising support tickets with\nGoogle or otherwise to debug backend connectivity issues.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect":{"type":"string","description":"URL of the underlying Interconnect object that this attachment's\ntraffic will traverse through. Required if type is DEDICATED, must not\nbe set if type is PARTNER.","description_kind":"plain","optional":true},"ipsec_internal_addresses":{"type":["list","string"],"description":"URL of addresses that have been reserved for the interconnect attachment,\nUsed only for interconnect attachment that has the encryption option as\nIPSEC.\n\nThe addresses must be RFC 1918 IP address ranges. When creating HA VPN\ngateway over the interconnect attachment, if the attachment is configured\nto use an RFC 1918 IP address, then the VPN gateway's IP address will be\nallocated from the IP address range specified here.\n\nFor example, if the HA VPN gateway's interface 0 is paired to this\ninterconnect attachment, then an RFC 1918 IP address for the VPN gateway\ninterface 0 will be allocated from the IP address specified for this\ninterconnect attachment.\n\nIf this field is not specified for interconnect attachment that has\nencryption option as IPSEC, later on when creating HA VPN gateway on this\ninterconnect attachment, the HA VPN gateway's IP address will be\nallocated from regional external IP address pool.","description_kind":"plain","optional":true},"mtu":{"type":"string","description":"Maximum Transmission Unit (MTU), in bytes, of packets passing through\nthis interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a\nlowercase letter, and all following characters must be a dash, lowercase\nletter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"pairing_key":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. The opaque\nidentifier of an PARTNER attachment used to initiate provisioning with\na selected partner. Of the form \"XXXXX/region/domain\"","description_kind":"plain","computed":true},"partner_asn":{"type":"string","description":"[Output only for type PARTNER. Not present for DEDICATED]. Optional\nBGP ASN for the router that should be supplied by a layer 3 Partner if\nthey configured BGP on behalf of the customer.","description_kind":"plain","computed":true},"private_interconnect_info":{"type":["list",["object",{"tag8021q":"number"}]],"description":"Information specific to an InterconnectAttachment. This property\nis populated if the interconnect that this is attached to is of type DEDICATED.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the regional interconnect attachment resides.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of the cloud router to be used for dynamic routing. This router must be in\nthe same region as this InterconnectAttachment. The InterconnectAttachment will\nautomatically connect the Interconnect to the network \u0026 region within which the\nCloud Router is configured.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this interconnect attachment to identify whether the IPv6\nfeature is enabled or not. If not specified, IPV4_ONLY will be used.\n\nThis field can be both set at interconnect attachments creation and update\ninterconnect attachment operations. Possible values: [\"IPV4_IPV6\", \"IPV4_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"[Output Only] The current state of this attachment's functionality.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of InterconnectAttachment you wish to create. Defaults to\nDEDICATED. Possible values: [\"DEDICATED\", \"PARTNER\", \"PARTNER_PROVIDER\"]","description_kind":"plain","optional":true,"computed":true},"vlan_tag8021q":{"type":"number","description":"The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When\nusing PARTNER type this will be managed upstream.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_managed_ssl_certificate":{"version":0,"block":{"attributes":{"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","optional":true,"computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subject_alternative_names":{"type":["list","string"],"description":"Domains associated with the certificate via Subject Alternative Name.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Enum field whose value is always 'MANAGED' - used to signal to the API\nwhich type this is. Default value: \"MANAGED\" Possible values: [\"MANAGED\"]","description_kind":"plain","optional":true}},"block_types":{"managed":{"nesting_mode":"list","block":{"attributes":{"domains":{"type":["list","string"],"description":"Domains for which a managed SSL certificate will be valid. Currently,\nthere can be up to 100 domains in this list.","description_kind":"plain","required":true}},"description":"Properties relevant to a managed certificate. These will be used if the\ncertificate is managed (as indicated by a value of 'MANAGED' in 'type').","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"auto_create_subnetworks":{"type":"bool","description":"When set to 'true', the network is created in \"auto subnet mode\" and\nit will create a subnet for each region automatically across the\n'10.128.0.0/9' address range.\n\nWhen set to 'false', the network is created in \"custom subnet mode\" so\nthe user can explicitly connect subnetwork resources.","description_kind":"plain","optional":true},"delete_default_routes_on_create":{"type":"bool","description":"If set to 'true', default routes ('0.0.0.0/0') will be deleted\nimmediately after network creation. Defaults to 'false'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. The resource must be\nrecreated to modify this field.","description_kind":"plain","optional":true},"enable_ula_internal_ipv6":{"type":"bool","description":"Enable ULA internal ipv6 on this network. Enabling this feature will assign\na /48 from google defined ULA prefix fd20::/20.","description_kind":"plain","optional":true},"gateway_ipv4":{"type":"string","description":"The gateway address for default routing out of the network. This value\nis selected by GCP.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description":"When enabling ula internal ipv6, caller optionally can specify the /48 range\nthey want from the google defined ULA prefix fd20::/20. The input must be a\nvalid /48 ULA IPv6 address and must be within the fd20::/20. Operation will\nfail if the speficied /48 is already in used by another resource.\nIf the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field.","description_kind":"plain","optional":true,"computed":true},"mtu":{"type":"number","description":"Maximum Transmission Unit in bytes. The default value is 1460 bytes.\nThe minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames).\nNote that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped\nwith an ICMP 'Fragmentation-Needed' message if the packets are routed to the Internet or other VPCs\nwith varying MTUs.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_enforcement_order":{"type":"string","description":"Set the order that Firewall Rules and Firewall Policies are evaluated. Default value: \"AFTER_CLASSIC_FIREWALL\" Possible values: [\"BEFORE_CLASSIC_FIREWALL\", \"AFTER_CLASSIC_FIREWALL\"]","description_kind":"plain","optional":true},"numeric_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"routing_mode":{"type":"string","description":"The network-wide routing mode to use. If set to 'REGIONAL', this\nnetwork's cloud routers will only advertise routes with subnetworks\nof this network in the same region as the router. If set to 'GLOBAL',\nthis network's cloud routers will advertise routes with all\nsubnetworks of this network, across regions. Possible values: [\"REGIONAL\", \"GLOBAL\"]","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone of network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","required":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_endpoints":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_endpoint_group":{"type":"string","description":"The network endpoint group these endpoints are part of.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Zone where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_endpoints":{"nesting_mode":"set","block":{"attributes":{"instance":{"type":"string","description":"The name for a specific VM instance that the IP address belongs to.\nThis is required for network endpoints of type GCE_VM_IP_PORT.\nThe instance must be in the same zone as the network endpoint group.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"IPv4 address of network endpoint. The IP address must belong\nto a VM in GCE (either the primary IP or as part of an aliased IP\nrange).","description_kind":"plain","required":true},"port":{"type":"number","description":"Port number of network endpoint.\n**Note** 'port' is required unless the Network Endpoint Group is created\nwith the type of 'GCE_VM_IP'","description_kind":"plain","optional":true}},"description":"The network endpoints to be added to the enclosing network endpoint group\n(NEG). Each endpoint specifies an IP address and port, along with\nadditional information depending on the NEG type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","optional":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","optional":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","required":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_network_peering_routes_config":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to import the custom routes to the peer network.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the primary network for the peering.","description_kind":"plain","required":true},"peering":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_group":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_size":{"type":"number","description":"The initial number of nodes in the node group. One of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain","optional":true},"maintenance_policy":{"type":"string","description":"Specifies how to handle instances when a node in the group undergoes maintenance. Set to one of: DEFAULT, RESTART_IN_PLACE, or MIGRATE_WITHIN_NODE_GROUP. The default value is DEFAULT.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_template":{"type":"string","description":"The URL of the node template to which this node group belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"The total number of nodes in the node group.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where this node group is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Maximum size of the node group. Set to a value less than or equal\nto 100 and greater than or equal to min-nodes.","description_kind":"plain","optional":true,"computed":true},"min_nodes":{"type":"number","description":"Minimum size of the node group. Must be less\nthan or equal to max-nodes. The default value is 0.","description_kind":"plain","optional":true,"computed":true},"mode":{"type":"string","description":"The autoscaling mode. Set to one of the following:\n - OFF: Disables the autoscaler.\n - ON: Enables scaling in and scaling out.\n - ONLY_SCALE_OUT: Enables only scaling out.\n You must use this mode if your node groups are configured to\n restart their hosted VMs on minimal servers. Possible values: [\"OFF\", \"ON\", \"ONLY_SCALE_OUT\"]","description_kind":"plain","optional":true,"computed":true}},"description":"If you use sole-tenant nodes for your workloads, you can use the node\ngroup autoscaler to automatically manage the sizes of your node groups.\n\nOne of 'initial_size' or 'autoscaling_policy' must be configured on resource creation.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"start_time":{"type":"string","description":"instances.start time of the window. This must be in UTC format that resolves to one of 00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example, both 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"contains properties for the timeframe of maintenance","description_kind":"plain"},"max_items":1},"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Node group sharing type. Possible values: [\"ORGANIZATION\", \"SPECIFIC_PROJECTS\", \"LOCAL\"]","description_kind":"plain","required":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number should be the same as the key of this project config in the project map.","description_kind":"plain","required":true}},"description":"A map of project id and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"Share settings for the node group.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_node_template":{"version":0,"block":{"attributes":{"cpu_overcommit_type":{"type":"string","description":"CPU overcommit. Default value: \"NONE\" Possible values: [\"ENABLED\", \"NONE\"]","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource.","description_kind":"plain","optional":true},"node_affinity_labels":{"type":["map","string"],"description":"Labels to use for node affinity, which will be used in\ninstance scheduling.","description_kind":"plain","optional":true},"node_type":{"type":"string","description":"Node type to use for nodes group that are created from this template.\nOnly one of nodeTypeFlexibility and nodeType can be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where nodes using the node template will be created.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"node_type_flexibility":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"string","description":"Number of virtual CPUs to use.","description_kind":"plain","optional":true},"local_ssd":{"type":"string","description":"Use local SSD","description_kind":"plain","computed":true},"memory":{"type":"string","description":"Physical memory available to the node, defined in MB.","description_kind":"plain","optional":true}},"description":"Flexible properties for the desired node type. Node groups that\nuse this node template will create nodes of a type that matches\nthese properties. Only one of nodeTypeFlexibility and nodeType can\nbe specified.","description_kind":"plain"},"max_items":1},"server_binding":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"Type of server binding policy. If 'RESTART_NODE_ON_ANY_SERVER',\nnodes using this template will restart on any physical server\nfollowing a maintenance event.\n\nIf 'RESTART_NODE_ON_MINIMAL_SERVER', nodes using this template\nwill restart on the same physical server following a maintenance\nevent, instead of being live migrated to or restarted on a new\nphysical server. This option may be useful if you are using\nsoftware licenses tied to the underlying server characteristics\nsuch as physical sockets or cores, to avoid the need for\nadditional licenses when maintenance occurs. However, VMs on such\nnodes will experience outages while maintenance is applied. Possible values: [\"RESTART_NODE_ON_ANY_SERVER\", \"RESTART_NODE_ON_MINIMAL_SERVERS\"]","description_kind":"plain","required":true}},"description":"The server binding policy for nodes using this template. Determines\nwhere the nodes should restart following a maintenance event.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_packet_mirroring":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the rule.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the packet mirroring rule","description_kind":"plain","required":true},"priority":{"type":"number","description":"Since only one rule can be active at a time, priority is\nused to break ties in the case of two rules that apply to\nthe same instances.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created address should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"collector_ilb":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the forwarding rule.","description_kind":"plain","required":true}},"description":"The Forwarding Rule resource (of type load_balancing_scheme=INTERNAL)\nthat will be used as collector for mirrored traffic. The\nspecified forwarding rule must have is_mirroring_collector\nset to true.","description_kind":"plain"},"min_items":1,"max_items":1},"filter":{"nesting_mode":"list","block":{"attributes":{"cidr_ranges":{"type":["list","string"],"description":"IP CIDR ranges that apply as a filter on the source (ingress) or\ndestination (egress) IP in the IP header. Only IPv4 is supported.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"Direction of traffic to mirror. Default value: \"BOTH\" Possible values: [\"INGRESS\", \"EGRESS\", \"BOTH\"]","description_kind":"plain","optional":true},"ip_protocols":{"type":["list","string"],"description":"Possible IP protocols including tcp, udp, icmp and esp","description_kind":"plain","optional":true}},"description":"A filter for mirrored traffic. If unset, all traffic is mirrored.","description_kind":"plain"},"max_items":1},"mirrored_resources":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"All instances with these tags will be mirrored.","description_kind":"plain","optional":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the instances where this rule should be active.","description_kind":"plain","required":true}},"description":"All the listed instances will be mirrored. Specify at most 50.","description_kind":"plain"}},"subnetworks":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The URL of the subnetwork where this rule should be active.","description_kind":"plain","required":true}},"description":"All instances in one of these subnetworks will be mirrored.","description_kind":"plain"}}},"description":"A means of specifying which resources to mirror.","description_kind":"plain"},"min_items":1,"max_items":1},"network":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The full self_link URL of the network where this rule is active.","description_kind":"plain","required":true}},"description":"Specifies the mirrored VPC network. Only packets in this network\nwill be mirrored. All mirrored VMs should have a NIC in the given\nnetwork. All mirrored subnetworks should belong to the given network.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group_manager":{"type":"string","description":"The instance group manager this instance config is part of.","description_kind":"plain","required":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Zone where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_default_network_tier":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The default network tier to be configured for the project. This field can take the following values: PREMIUM or STANDARD.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"A series of key value pairs.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_project_metadata_item":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"The metadata key to set.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"value":{"type":"string","description":"The value to set for the given metadata key.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_advertised_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns_verification_ip":{"type":"string","description":"The IPv4 address to be used for reverse DNS verification.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_public_delegated_prefix":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IPv4 address range, in CIDR format, represented by this public advertised prefix.","description_kind":"plain","required":true},"is_live_migration":{"type":"bool","description":"If true, the prefix will be live migrated.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"parent_prefix":{"type":"string","description":"The URL of parent prefix. Either PublicAdvertisedPrefix or PublicDelegatedPrefix.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A region where the prefix will reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_autoscaler":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target":{"type":"string","description":"URL of the managed instance group that this autoscaler will scale.","description_kind":"plain","required":true}},"block_types":{"autoscaling_policy":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"number","description":"The number of seconds that the autoscaler should wait before it\nstarts collecting information from a new instance. This prevents\nthe autoscaler from collecting information when the instance is\ninitializing, during which the collected usage would not be\nreliable. The default time autoscaler waits is 60 seconds.\n\nVirtual machine initialization times might vary because of\nnumerous factors. We recommend that you test how long an\ninstance may take to initialize. To do this, create an instance\nand time the startup process.","description_kind":"plain","optional":true},"max_replicas":{"type":"number","description":"The maximum number of instances that the autoscaler can scale up\nto. This is required when creating or updating an autoscaler. The\nmaximum number of replicas should not be lower than minimal number\nof replicas.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"The minimum number of replicas that the autoscaler can scale down\nto. This cannot be less than 0. If not provided, autoscaler will\nchoose a default value depending on maximum number of instances\nallowed.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Defines operating mode for this policy.","description_kind":"plain","optional":true}},"block_types":{"cpu_utilization":{"nesting_mode":"list","block":{"attributes":{"predictive_method":{"type":"string","description":"Indicates whether predictive autoscaling based on CPU metric is enabled. Valid values are:\n\n- NONE (default). No predictive method is used. The autoscaler scales the group to meet current demand based on real-time metrics.\n\n- OPTIMIZE_AVAILABILITY. Predictive autoscaling improves availability by monitoring daily and weekly load patterns and scaling out ahead of anticipated demand.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target CPU utilization that the autoscaler should maintain.\nMust be a float value in the range (0, 1]. If not specified, the\ndefault is 0.6.\n\nIf the CPU level is below the target utilization, the autoscaler\nscales down the number of instances until it reaches the minimum\nnumber of instances you specified or until the average CPU of\nyour instances reaches the target utilization.\n\nIf the average CPU is above the target utilization, the autoscaler\nscales up until it reaches the maximum number of instances you\nspecified or until the average utilization reaches the target\nutilization.","description_kind":"plain","required":true}},"description":"Defines the CPU utilization policy that allows the autoscaler to\nscale based on the average CPU utilization of a managed instance\ngroup.","description_kind":"plain"},"max_items":1},"load_balancing_utilization":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"number","description":"Fraction of backend capacity utilization (set in HTTP(s) load\nbalancing configuration) that autoscaler should maintain. Must\nbe a positive float value. If not defined, the default is 0.8.","description_kind":"plain","required":true}},"description":"Configuration parameters of autoscaling based on a load balancer.","description_kind":"plain"},"max_items":1},"metric":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A filter string to be used as the filter string for\na Stackdriver Monitoring TimeSeries.list API call.\nThis filter is used to select a specific TimeSeries for\nthe purpose of autoscaling and to determine whether the metric\nis exporting per-instance or per-group data.\n\nYou can only use the AND operator for joining selectors.\nYou can only use direct equality comparison operator (=) without\nany functions for each selector.\nYou can specify the metric in both the filter string and in the\nmetric field. However, if specified in both places, the metric must\nbe identical.\n\nThe monitored resource type determines what kind of values are\nexpected for the metric. If it is a gce_instance, the autoscaler\nexpects the metric to include a separate TimeSeries for each\ninstance in a group. In such a case, you cannot filter on resource\nlabels.\n\nIf the resource type is any other value, the autoscaler expects\nthis metric to contain values that apply to the entire autoscaled\ninstance group and resource label filtering can be performed to\npoint autoscaler at the correct TimeSeries to scale upon.\nThis is called a per-group metric for the purpose of autoscaling.\n\nIf not specified, the type defaults to gce_instance.\n\nYou should provide a filter that is selective enough to pick just\none TimeSeries for the autoscaled group or for each of the instances\n(if you are using gce_instance resource type). If multiple\nTimeSeries are returned upon the query execution, the autoscaler\nwill sum their respective values to obtain its scaling value.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The identifier (type) of the Stackdriver Monitoring metric.\nThe metric cannot have negative values.\n\nThe metric must have a value type of INT64 or DOUBLE.","description_kind":"plain","required":true},"single_instance_assignment":{"type":"number","description":"If scaling is based on a per-group metric value that represents the\ntotal amount of work to be done or resource usage, set this value to\nan amount assigned for a single instance of the scaled group.\nThe autoscaler will keep the number of instances proportional to the\nvalue of this metric, the metric itself should not change value due\nto group resizing.\n\nFor example, a good metric to use with the target is\n'pubsub.googleapis.com/subscription/num_undelivered_messages'\nor a custom metric exporting the total number of requests coming to\nyour instances.\n\nA bad example would be a metric exporting an average or median\nlatency, since this value can't include a chunk assignable to a\nsingle instance, it could be better used with utilization_target\ninstead.","description_kind":"plain","optional":true},"target":{"type":"number","description":"The target value of the metric that autoscaler should\nmaintain. This must be a positive value. A utilization\nmetric scales number of virtual machines handling requests\nto increase or decrease proportionally to the metric.\n\nFor example, a good metric to use as a utilizationTarget is\nwww.googleapis.com/compute/instance/network/received_bytes_count.\nThe autoscaler will work to keep this value constant for each\nof the instances.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Defines how target utilization value is expressed for a\nStackdriver Monitoring metric. Possible values: [\"GAUGE\", \"DELTA_PER_SECOND\", \"DELTA_PER_MINUTE\"]","description_kind":"plain","optional":true}},"description":"Configuration parameters of autoscaling based on a custom metric.","description_kind":"plain"}},"scale_in_control":{"nesting_mode":"list","block":{"attributes":{"time_window_sec":{"type":"number","description":"How long back autoscaling should look when computing recommendations\nto include directives regarding slower scale down, as described above.","description_kind":"plain","optional":true}},"block_types":{"max_scaled_in_replicas":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed number of VM instances. This must be a positive\ninteger.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies a percentage of instances between 0 to 100%, inclusive.\nFor example, specify 80 for 80%.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1},"scaling_schedules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description of a scaling schedule.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"A boolean value that specifies if a scaling schedule can influence autoscaler recommendations. If set to true, then a scaling schedule has no effect.","description_kind":"plain","optional":true},"duration_sec":{"type":"number","description":"The duration of time intervals (in seconds) for which this scaling schedule will be running. The minimum allowed value is 300.","description_kind":"plain","required":true},"min_required_replicas":{"type":"number","description":"Minimum number of VM instances that autoscaler will recommend in time intervals starting according to schedule.","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"schedule":{"type":"string","description":"The start timestamps of time intervals when this scaling schedule should provide a scaling signal. This field uses the extended cron format (with an optional year field).","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time zone to be used when interpreting the schedule. The value of this field must be a time zone name from the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","optional":true}},"description":"Scaling schedules defined for an autoscaler. Multiple schedules can be set on an autoscaler and they can overlap.","description_kind":"plain"}}},"description":"The configuration parameters for the autoscaling algorithm. You can\ndefine one or more of the policies for an autoscaler: cpuUtilization,\ncustomMetricUtilizations, and loadBalancingUtilization.\n\nIf none of these are specified, the default will be to autoscale based\non cpuUtilization to 0.6 or 60%.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","optional":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this RegionBackendService.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to HealthCheck resources for health checking\nthis RegionBackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates what kind of load balancing this regional backend service\nwill be used for. A backend service created for one type of load\nbalancing cannot be used with the other(s). For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"INTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","optional":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The URL of the network to which this backend service belongs.\nThis field can only be specified when the load balancing scheme is set to INTERNAL.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"A named port on a backend instance group representing the port for\ncommunication to the backend VMs in that group. Required when the\nloadBalancingScheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED, or INTERNAL_SELF_MANAGED\nand the backends are instance groups. The named port must be defined on each\nbackend instance group. This parameter has no meaning if the backends are NEGs. API sets a\ndefault of \"http\" if not given.\nMust be omitted when the loadBalancingScheme is INTERNAL (Internal TCP/UDP Load Balancing).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol this RegionBackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"SSL\", \"TCP\", \"UDP\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created backend service should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\", \"CLIENT_IP_NO_DESTINATION\"]","description_kind":"plain","optional":true,"computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backend":{"nesting_mode":"set","block":{"attributes":{"balancing_mode":{"type":"string","description":"Specifies the balancing mode for this backend.\n\nSee the [Backend Services Overview](https://cloud.google.com/load-balancing/docs/backend-service#balancing-mode)\nfor an explanation of load balancing modes. Default value: \"CONNECTION\" Possible values: [\"UTILIZATION\", \"RATE\", \"CONNECTION\"]","description_kind":"plain","optional":true},"capacity_scaler":{"type":"number","description":"A multiplier applied to the group's maximum servicing capacity\n(based on UTILIZATION, RATE or CONNECTION).\n\n~\u003e**NOTE**: This field cannot be set for\nINTERNAL region backend services (default loadBalancingScheme),\nbut is required for non-INTERNAL backend service. The total\ncapacity_scaler for all backends must be non-zero.\n\nA setting of 0 means the group is completely drained, offering\n0% of its available Capacity. Valid range is [0.0,1.0].","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.\nProvide this property when you create the resource.","description_kind":"plain","optional":true},"failover":{"type":"bool","description":"This field designates whether this is a failover backend. More\nthan one failover backend can be configured for a given RegionBackendService.","description_kind":"plain","optional":true,"computed":true},"group":{"type":"string","description":"The fully-qualified URL of an Instance Group or Network Endpoint\nGroup resource. In case of instance group this defines the list\nof instances that serve traffic. Member virtual machine\ninstances from each instance group must live in the same zone as\nthe instance group itself. No two backends in a backend service\nare allowed to use same Instance Group resource.\n\nFor Network Endpoint Groups this defines list of endpoints. All\nendpoints of Network Endpoint Group must be hosted on instances\nlocated in the same zone as the Network Endpoint Group.\n\nBackend services cannot mix Instance Group and\nNetwork Endpoint Group backends.\n\nWhen the 'load_balancing_scheme' is INTERNAL, only instance groups\nare supported.\n\nNote that you must specify an Instance Group or Network Endpoint\nGroup resource using the fully-qualified URL, rather than a\npartial URL.","description_kind":"plain","required":true},"max_connections":{"type":"number","description":"The max number of simultaneous connections for the group. Can\nbe used with either CONNECTION or UTILIZATION balancing modes.\nCannot be set for INTERNAL backend services.\n\nFor CONNECTION mode, either maxConnections or one\nof maxConnectionsPerInstance or maxConnectionsPerEndpoint,\nas appropriate for group type, must be set.","description_kind":"plain","optional":true},"max_connections_per_endpoint":{"type":"number","description":"The max number of simultaneous connections that a single backend\nnetwork endpoint can handle. Cannot be set\nfor INTERNAL backend services.\n\nThis is used to calculate the capacity of the group. Can be\nused in either CONNECTION or UTILIZATION balancing modes. For\nCONNECTION mode, either maxConnections or\nmaxConnectionsPerEndpoint must be set.","description_kind":"plain","optional":true},"max_connections_per_instance":{"type":"number","description":"The max number of simultaneous connections that a single\nbackend instance can handle. Cannot be set for INTERNAL backend\nservices.\n\nThis is used to calculate the capacity of the group.\nCan be used in either CONNECTION or UTILIZATION balancing modes.\nFor CONNECTION mode, either maxConnections or\nmaxConnectionsPerInstance must be set.","description_kind":"plain","optional":true},"max_rate":{"type":"number","description":"The max requests per second (RPS) of the group. Cannot be set\nfor INTERNAL backend services.\n\nCan be used with either RATE or UTILIZATION balancing modes,\nbut required if RATE mode. Either maxRate or one\nof maxRatePerInstance or maxRatePerEndpoint, as appropriate for\ngroup type, must be set.","description_kind":"plain","optional":true},"max_rate_per_endpoint":{"type":"number","description":"The max requests per second (RPS) that a single backend network\nendpoint can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerEndpoint must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_rate_per_instance":{"type":"number","description":"The max requests per second (RPS) that a single backend\ninstance can handle. This is used to calculate the capacity of\nthe group. Can be used in either balancing mode. For RATE mode,\neither maxRate or maxRatePerInstance must be set. Cannot be set\nfor INTERNAL backend services.","description_kind":"plain","optional":true},"max_utilization":{"type":"number","description":"Used when balancingMode is UTILIZATION. This ratio defines the\nCPU utilization target for the group. Valid range is [0.0, 1.0].\nCannot be set for INTERNAL backend services.","description_kind":"plain","optional":true}},"description":"The set of backends that serve this RegionBackendService.","description_kind":"plain"}},"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Specifies the cache setting for all responses from this backend.\nThe possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values: [\"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"CACHE_ALL_STATIC\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"default_ttl":{"type":"number","description":"Specifies the default TTL for cached content served by this origin for responses\nthat do not have an existing valid TTL (max-age or s-max-age).","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"number","description":"Specifies the maximum allowed TTL for cached content served by this origin.","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.","description_kind":"plain","optional":true,"computed":true},"serve_while_stale":{"type":"number","description":"Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.","description_kind":"plain","optional":true,"computed":true},"signed_url_cache_max_age_sec":{"type":"number","description":"Maximum number of seconds the response to a signed URL request\nwill be considered fresh, defaults to 1hr (3600s). After this\ntime period, the response will be revalidated before\nbeing served.\n\nWhen serving responses to signed URL requests, Cloud CDN will\ninternally behave as though all responses from this backend had a\n\"Cache-Control: public, max-age=[TTL]\" header, regardless of any\nexisting Cache-Control header. The actual headers served in\nresponses will not be altered.","description_kind":"plain","optional":true}},"block_types":{"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"include_host":{"type":"bool","description":"If true requests to different hosts will be cached separately.","description_kind":"plain","optional":true},"include_named_cookies":{"type":["list","string"],"description":"Names of cookies to include in cache keys.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true},"include_query_string":{"type":"bool","description":"If true, include query string parameters in the cache key\naccording to query_string_whitelist and\nquery_string_blacklist. If neither is set, the entire query\nstring will be included.\n\nIf false, the query string will be excluded from the cache\nkey entirely.","description_kind":"plain","optional":true},"query_string_blacklist":{"type":["set","string"],"description":"Names of query string parameters to exclude in cache keys.\n\nAll other parameters will be included. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true},"query_string_whitelist":{"type":["set","string"],"description":"Names of query string parameters to include in cache keys.\n\nAll other parameters will be excluded. Either specify\nquery_string_whitelist or query_string_blacklist, not both.\n'\u0026' and '=' will be percent encoded and not treated as\ndelimiters.","description_kind":"plain","optional":true}},"description":"The CacheKeyPolicy for this CdnPolicy.","description_kind":"plain"},"max_items":1},"negative_caching_policy":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"number","description":"The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501\ncan be specified as values, and you cannot specify a status code more than once.","description_kind":"plain","optional":true}},"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\nOmitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs.","description_kind":"plain"}}},"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain"},"max_items":1},"circuit_breakers":{"nesting_mode":"list","block":{"attributes":{"max_connections":{"type":"number","description":"The maximum number of connections to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_pending_requests":{"type":"number","description":"The maximum number of pending requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests":{"type":"number","description":"The maximum number of parallel requests to the backend cluster.\nDefaults to 1024.","description_kind":"plain","optional":true},"max_requests_per_connection":{"type":"number","description":"Maximum requests for a single backend connection. This parameter\nis respected by both the HTTP/1.1 and HTTP/2 implementations. If\nnot specified, there is no limit. Setting this parameter to 1\nwill effectively disable keep alive.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"The maximum number of parallel retries to the backend cluster.\nDefaults to 3.","description_kind":"plain","optional":true}},"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the 'load_balancing_scheme' is set to INTERNAL_MANAGED\nand the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"consistent_hash":{"nesting_mode":"list","block":{"attributes":{"http_header_name":{"type":"string","description":"The hash based on the value of the specified header field.\nThis field is applicable if the sessionAffinity is set to HEADER_FIELD.","description_kind":"plain","optional":true},"minimum_ring_size":{"type":"number","description":"The minimum number of virtual nodes to use for the hash ring.\nLarger ring sizes result in more granular load\ndistributions. If the number of hosts in the load balancing pool\nis larger than the ring size, each host will be assigned a single\nvirtual node.\nDefaults to 1024.","description_kind":"plain","optional":true}},"block_types":{"http_cookie":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the cookie.","description_kind":"plain","optional":true},"path":{"type":"string","description":"Path to set for the cookie.","description_kind":"plain","optional":true}},"block_types":{"ttl":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Lifetime of the cookie.","description_kind":"plain"},"max_items":1}},"description":"Hash is based on HTTP Cookie. This field describes a HTTP cookie\nthat will be used as the hash key for the consistent hash load\nbalancer. If the cookie is not present, it will be generated.\nThis field is applicable if the sessionAffinity is set to HTTP_COOKIE.","description_kind":"plain"},"max_items":1}},"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing.\nThis field only applies when all of the following are true -\n * 'load_balancing_scheme' is set to INTERNAL_MANAGED\n * 'protocol' is set to HTTP, HTTPS, or HTTP2\n * 'locality_lb_policy' is set to MAGLEV or RING_HASH","description_kind":"plain"},"max_items":1},"failover_policy":{"nesting_mode":"list","block":{"attributes":{"disable_connection_drain_on_failover":{"type":"bool","description":"On failover or failback, this field indicates whether connection drain\nwill be honored. Setting this to true has the following effect: connections\nto the old active pool are not drained. Connections to the new active pool\nuse the timeout of 10 min (currently fixed). Setting to false has the\nfollowing effect: both old and new connections will have a drain timeout\nof 10 min.\nThis can be set to true only if the protocol is TCP.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"drop_traffic_if_unhealthy":{"type":"bool","description":"This option is used only when no healthy VMs are detected in the primary\nand backup instance groups. When set to true, traffic is dropped. When\nset to false, new connections are sent across all VMs in the primary group.\nThe default is false.","description_kind":"plain","optional":true,"computed":true},"failover_ratio":{"type":"number","description":"The value of the field must be in [0, 1]. If the ratio of the healthy\nVMs in the primary backend is at or below this number, traffic arriving\nat the load-balanced IP will be directed to the failover backend.\nIn case where 'failoverRatio' is not set or all the VMs in the backup\nbackend are unhealthy, the traffic will be directed back to the primary\nbackend in the \"force\" mode, where traffic will be spread to the healthy\nVMs with the best effort, or to all VMs when no VM is healthy.\nThis field is only used with l4 load balancing.","description_kind":"plain","optional":true}},"description":"Policy for failovers.","description_kind":"plain"},"max_items":1},"iap":{"nesting_mode":"list","block":{"attributes":{"oauth2_client_id":{"type":"string","description":"OAuth2 Client ID for IAP","description_kind":"plain","required":true},"oauth2_client_secret":{"type":"string","description":"OAuth2 Client Secret for IAP","description_kind":"plain","required":true,"sensitive":true},"oauth2_client_secret_sha256":{"type":"string","description":"OAuth2 Client Secret SHA-256 for IAP","description_kind":"plain","computed":true,"sensitive":true}},"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Whether to enable logging for the load balancer traffic served by this backend service.","description_kind":"plain","optional":true},"sample_rate":{"type":"number","description":"This field can only be specified if logging is enabled for this backend service. The value of\nthe field must be in [0, 1]. This configures the sampling rate of requests to the load balancer\nwhere 1.0 means all logged requests are reported and 0.0 means no logged requests are reported.\nThe default value is 1.0.","description_kind":"plain","optional":true}},"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain"},"max_items":1},"outlier_detection":{"nesting_mode":"list","block":{"attributes":{"consecutive_errors":{"type":"number","description":"Number of errors before a host is ejected from the connection pool. When the\nbackend host is accessed over HTTP, a 5xx return code qualifies as an error.\nDefaults to 5.","description_kind":"plain","optional":true},"consecutive_gateway_failure":{"type":"number","description":"The number of consecutive gateway failures (502, 503, 504 status or connection\nerrors that are mapped to one of those status codes) before a consecutive\ngateway failure ejection occurs. Defaults to 5.","description_kind":"plain","optional":true},"enforcing_consecutive_errors":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive 5xx. This setting can be used to disable\nejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"enforcing_consecutive_gateway_failure":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through consecutive gateway failures. This setting can be\nused to disable ejection or to ramp it up slowly. Defaults to 0.","description_kind":"plain","optional":true},"enforcing_success_rate":{"type":"number","description":"The percentage chance that a host will be actually ejected when an outlier\nstatus is detected through success rate statistics. This setting can be used to\ndisable ejection or to ramp it up slowly. Defaults to 100.","description_kind":"plain","optional":true},"max_ejection_percent":{"type":"number","description":"Maximum percentage of hosts in the load balancing pool for the backend service\nthat can be ejected. Defaults to 10%.","description_kind":"plain","optional":true},"success_rate_minimum_hosts":{"type":"number","description":"The number of hosts in a cluster that must have enough request volume to detect\nsuccess rate outliers. If the number of hosts is less than this setting, outlier\ndetection via success rate statistics is not performed for any host in the\ncluster. Defaults to 5.","description_kind":"plain","optional":true},"success_rate_request_volume":{"type":"number","description":"The minimum number of total requests that must be collected in one interval (as\ndefined by the interval duration above) to include this host in success rate\nbased outlier detection. If the volume is lower than this setting, outlier\ndetection via success rate statistics is not performed for that host. Defaults\nto 100.","description_kind":"plain","optional":true},"success_rate_stdev_factor":{"type":"number","description":"This factor is used to determine the ejection threshold for success rate outlier\nejection. The ejection threshold is the difference between the mean success\nrate, and the product of this factor and the standard deviation of the mean\nsuccess rate: mean - (stdev * success_rate_stdev_factor). This factor is divided\nby a thousand to get a double. That is, if the desired factor is 1.9, the\nruntime value should be 1900. Defaults to 1900.","description_kind":"plain","optional":true}},"block_types":{"base_ejection_time":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"The base time that a host is ejected for. The real time is equal to the base\ntime multiplied by the number of times the host has been ejected. Defaults to\n30000ms or 30s.","description_kind":"plain"},"max_items":1},"interval":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Time interval between ejection sweep analysis. This can result in both new\nejections as well as hosts being returned to service. Defaults to 10 seconds.","description_kind":"plain"},"max_items":1}},"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nThis field is applicable only when the 'load_balancing_scheme' is set\nto INTERNAL_MANAGED and the 'protocol' is set to HTTP, HTTPS, or HTTP2.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_commitment":{"version":0,"block":{"attributes":{"auto_renew":{"type":"bool","description":"Specifies whether to enable automatic renewal for the commitment.\nThe default value is false if not specified.\nIf the field is set to true, the commitment will be automatically renewed for either\none or three years according to the terms of the existing commitment.","description_kind":"plain","optional":true,"computed":true},"category":{"type":"string","description":"The category of the commitment. Category MACHINE specifies commitments composed of\nmachine resources such as VCPU or MEMORY, listed in resources. Category LICENSE\nspecifies commitments composed of software licenses, listed in licenseResources.\nNote that only MACHINE commitments should have a Type specified. Possible values: [\"LICENSE\", \"MACHINE\"]","description_kind":"plain","optional":true,"computed":true},"commitment_id":{"type":"number","description":"Unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"end_timestamp":{"type":"string","description":"Commitment end time in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"plan":{"type":"string","description":"The plan for this commitment, which determines duration and discount rate.\nThe currently supported plans are TWELVE_MONTH (1 year), and THIRTY_SIX_MONTH (3 years). Possible values: [\"TWELVE_MONTH\", \"THIRTY_SIX_MONTH\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where this commitment may be used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"start_timestamp":{"type":"string","description":"Commitment start time in RFC3339 text format.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Status of the commitment with regards to eventual expiration\n(each commitment has an end date defined).","description_kind":"plain","computed":true},"status_message":{"type":"string","description":"A human-readable explanation of the status.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of commitment, which affects the discount rate and the eligible resources.\nThe type could be one of the following value: 'MEMORY_OPTIMIZED', 'ACCELERATOR_OPTIMIZED',\n'GENERAL_PURPOSE_N1', 'GENERAL_PURPOSE_N2', 'GENERAL_PURPOSE_N2D', 'GENERAL_PURPOSE_E2',\n'GENERAL_PURPOSE_T2D', 'GENERAL_PURPOSE_C3', 'COMPUTE_OPTIMIZED_C2', 'COMPUTE_OPTIMIZED_C2D' and\n'GRAPHICS_OPTIMIZED_G2'","description_kind":"plain","optional":true,"computed":true}},"block_types":{"license_resource":{"nesting_mode":"list","block":{"attributes":{"amount":{"type":"string","description":"The number of licenses purchased.","description_kind":"plain","optional":true},"cores_per_license":{"type":"string","description":"Specifies the core range of the instance for which this license applies.","description_kind":"plain","optional":true},"license":{"type":"string","description":"Any applicable license URI.","description_kind":"plain","required":true}},"description":"The license specification required as part of a license commitment.","description_kind":"plain"},"max_items":1},"resources":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"Name of the accelerator type resource. Applicable only when the type is ACCELERATOR.","description_kind":"plain","optional":true},"amount":{"type":"string","description":"The amount of the resource purchased (in a type-dependent unit,\nsuch as bytes). For vCPUs, this can just be an integer. For memory,\nthis must be provided in MB. Memory must be a multiple of 256 MB,\nwith up to 6.5GB of memory per every vCPU.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of resource for which this commitment applies.\nPossible values are VCPU, MEMORY, LOCAL_SSD, and ACCELERATOR.","description_kind":"plain","optional":true}},"description":"A list of commitment amounts for particular resources.\nNote that VCPU and MEMORY resource commitments must occur together.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","optional":true,"computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","optional":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","optional":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","optional":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"block_types":{"async_primary_disk":{"nesting_mode":"list","block":{"attributes":{"disk":{"type":"string","description":"Primary disk for asynchronous disk replication.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain"},"max_items":1},"guest_os_features":{"nesting_mode":"set","block":{"attributes":{"type":{"type":"string","description":"The type of supported feature. Read [Enabling guest operating system features](https://cloud.google.com/compute/docs/images/create-delete-deprecate-private-images#guest-os-features) to see a list of available options. Possible values: [\"MULTI_IP_SUBNET\", \"SECURE_BOOT\", \"SEV_CAPABLE\", \"UEFI_COMPATIBLE\", \"VIRTIO_SCSI_MULTIQUEUE\", \"WINDOWS\", \"GVNIC\", \"SEV_LIVE_MIGRATABLE\", \"SEV_SNP_CAPABLE\", \"SUSPEND_RESUME_COMPATIBLE\", \"TDX_CAPABLE\"]","description_kind":"plain","required":true}},"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain"}},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_disk_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk_resource_policy_attachment":{"version":0,"block":{"attributes":{"disk":{"type":"string","description":"The name of the regional disk in which the resource policies are attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource policy to be attached to the disk for scheduling snapshot\ncreation. Do not specify the self link.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created health check should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTP2, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","optional":true}},"block_types":{"grpc_health_check":{"nesting_mode":"list","block":{"attributes":{"grpc_service_name":{"type":"string","description":"The gRPC service name for the health check.\nThe value of grpcServiceName has the following meanings by convention:\n\n* Empty serviceName means the overall status of all services at the backend.\n* Non-empty serviceName means the health of that gRPC service, as defined by the owner of the service.\n\nThe grpcServiceName can only be ASCII.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port number for the health check request.\nMust be specified if portName and portSpecification are not set\nor if port_specification is USE_FIXED_PORT. Valid values are 1 through 65535.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, gRPC health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http2_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP2 health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP2 health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP2 health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP2 health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"http_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTP health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTP health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"https_health_check":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"The value of the host header in the HTTPS health check request.\nIf left empty (default value), the public IP on behalf of which this health\ncheck is performed will be used.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The TCP port number for the HTTPS health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, HTTPS health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request_path":{"type":"string","description":"The request path of the HTTPS health check request.\nThe default value is /.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs. This is false by default,\nwhich means no health check logging will be done.","description_kind":"plain","optional":true}},"description":"Configure logging on this health check.","description_kind":"plain"},"max_items":1},"ssl_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the SSL health check request.\nThe default value is 443.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, SSL health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the SSL connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"tcp_health_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The TCP port number for the TCP health check request.\nThe default value is 80.","description_kind":"plain","optional":true},"port_name":{"type":"string","description":"Port name as defined in InstanceGroup#NamedPort#name. If both port and\nport_name are defined, port takes precedence.","description_kind":"plain","optional":true},"port_specification":{"type":"string","description":"Specifies how port is selected for health checking, can be one of the\nfollowing values:\n\n * 'USE_FIXED_PORT': The port number in 'port' is used for health checking.\n\n * 'USE_NAMED_PORT': The 'portName' is used for health checking.\n\n * 'USE_SERVING_PORT': For NetworkEndpointGroup, the port specified for each\n network endpoint is used for health checking. For other backends, the\n port or named port specified in the Backend Service is used for health\n checking.\n\nIf not specified, TCP health check follows behavior specified in 'port' and\n'portName' fields. Possible values: [\"USE_FIXED_PORT\", \"USE_NAMED_PORT\", \"USE_SERVING_PORT\"]","description_kind":"plain","optional":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to the\nbackend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"request":{"type":"string","description":"The application data to send once the TCP connection has been\nestablished (default value is empty). If both request and response are\nempty, the connection establishment alone will indicate health. The request\ndata can only be ASCII.","description_kind":"plain","optional":true},"response":{"type":"string","description":"The bytes to match against the beginning of the response data. If left empty\n(the default value), any response will indicate health. The response data\ncan only be ASCII.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_instance_group_manager":{"version":0,"block":{"attributes":{"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","optional":true},"distribution_policy_target_shape":{"type":"string","description":"The shape to which the group converges either proactively or on resize events (depending on the value set in updatePolicy.instanceRedistributionType).","description_kind":"plain","optional":true,"computed":true},"distribution_policy_zones":{"type":["set","string"],"description":"The distribution policy for this managed instance group. You can specify one or more values.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the managed instance group resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","optional":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","optional":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","optional":true}},"block_types":{"all_instances_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The label key-value pairs that you want to patch onto the instance,","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"The metadata key-value pairs that you want to patch onto the instance. For more information, see Project and instance metadata,","description_kind":"plain","optional":true}},"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain"},"max_items":1},"auto_healing_policies":{"nesting_mode":"list","block":{"attributes":{"health_check":{"type":"string","description":"The health check resource that signals autohealing.","description_kind":"plain","required":true},"initial_delay_sec":{"type":"number","description":"The number of seconds that the managed instance group waits before it applies autohealing policies to new instances or recently recreated instances. Between 0 and 3600.","description_kind":"plain","required":true}},"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain"},"max_items":1},"instance_lifecycle_policy":{"nesting_mode":"list","block":{"attributes":{"default_action_on_failure":{"type":"string","description":"Default behavior for all instance or health check failures.","description_kind":"plain","optional":true},"force_update_on_repair":{"type":"string","description":"Specifies whether to apply the group's latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group's instance template or per-instance configurations after the VM was created, then these changes are applied when VM is repaired. If NO (default), then updates are applied in accordance with the group's update policy type.","description_kind":"plain","optional":true}},"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain"},"max_items":1},"named_port":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"The name of the port.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port number.","description_kind":"plain","required":true}},"description":"The named port configuration.","description_kind":"plain"}},"stateful_disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the disk when the VM is deleted, but do not delete the disk. ON_PERMANENT_INSTANCE_DELETION will delete the stateful disk when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"The device name of the disk to be attached.","description_kind":"plain","required":true}},"description":"Disks created on the instances that will be preserved on instance delete, update, etc. Structure is documented below. For more information see the official documentation. Proactive cross zone instance redistribution must be disabled before you can update stateful disks on existing instance group managers. This can be controlled via the update_policy.","description_kind":"plain"}},"stateful_external_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"stateful_internal_ip":{"nesting_mode":"list","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to an associated static Address resource when a VM instance is permanently deleted. The available options are NEVER and ON_PERMANENT_INSTANCE_DELETION. NEVER - detach the IP when the VM is deleted, but do not delete the address resource. ON_PERMANENT_INSTANCE_DELETION will delete the stateful address when the VM is permanently deleted from the instance group. The default is NEVER.","description_kind":"plain","optional":true},"interface_name":{"type":"string","description":"The network interface name","description_kind":"plain","optional":true}},"description":"External IPs considered stateful by the instance group. ","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_policy":{"nesting_mode":"list","block":{"attributes":{"instance_redistribution_type":{"type":"string","description":"The instance redistribution policy for regional managed instance groups. Valid values are: \"PROACTIVE\", \"NONE\". If PROACTIVE (default), the group attempts to maintain an even distribution of VM instances across zones in the region. If NONE, proactive redistribution is disabled.","description_kind":"plain","optional":true},"max_surge_fixed":{"type":"number","description":"The maximum number of instances that can be created above the specified targetSize during the update process. Conflicts with max_surge_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_surge_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be created above the specified targetSize during the update process. Conflicts with max_surge_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"max_unavailable_fixed":{"type":"number","description":"The maximum number of instances that can be unavailable during the update process. Conflicts with max_unavailable_percent. It has to be either 0 or at least equal to the number of zones. If fixed values are used, at least one of max_unavailable_fixed or max_surge_fixed must be greater than 0.","description_kind":"plain","optional":true,"computed":true},"max_unavailable_percent":{"type":"number","description":"The maximum number of instances(calculated as percentage) that can be unavailable during the update process. Conflicts with max_unavailable_fixed. Percent value is only allowed for regional managed instance groups with size at least 10.","description_kind":"plain","optional":true},"minimal_action":{"type":"string","description":"Minimal action to be taken on an instance. You can specify either REFRESH to update without stopping instances, RESTART to restart existing instances or REPLACE to delete and create new instances from the target template. If you specify a REFRESH, the Updater will attempt to perform that action only. However, if the Updater determines that the minimal action you specify is not enough to perform the update, it might perform a more disruptive action.","description_kind":"plain","required":true},"most_disruptive_allowed_action":{"type":"string","description":"Most disruptive action that is allowed to be taken on an instance. You can specify either NONE to forbid any actions, REFRESH to allow actions that do not need instance restart, RESTART to allow actions that can be applied without instance replacing or REPLACE to allow all possible actions. If the Updater determines that the minimal update action needed is more disruptive than most disruptive allowed action you specify it will not perform the update at all.","description_kind":"plain","optional":true},"replacement_method":{"type":"string","description":"The instance replacement method for regional managed instance groups. Valid values are: \"RECREATE\", \"SUBSTITUTE\". If SUBSTITUTE (default), the group replaces VM instances with new instances that have randomly generated names. If RECREATE, instance names are preserved. You must also set max_unavailable_fixed or max_unavailable_percent to be greater than 0.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of update process. You can specify either PROACTIVE so that the instance group manager proactively executes actions in order to bring instances to their target versions or OPPORTUNISTIC so that no action is proactively executed but the update will be performed as part of other actions (for example, resizes or recreateInstances calls).","description_kind":"plain","required":true}},"description":"The update policy for this managed instance group.","description_kind":"plain"},"max_items":1},"version":{"nesting_mode":"list","block":{"attributes":{"instance_template":{"type":"string","description":"The full URL to an instance template from which all new instances of this version will be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Version name.","description_kind":"plain","optional":true}},"block_types":{"target_size":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"The number of instances which are managed for this version. Conflicts with percent.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The number of instances (calculated as percentage) which are managed for this version. Conflicts with fixed. Note that when using percent, rounding will be in favor of explicitly set target_size values; a managed instance group with 2 instances and 2 versions, one of which has a target_size.percent of 60 will create 2 instances of that version.","description_kind":"plain","optional":true}},"description":"The number of instances calculated as a fixed number or a percentage depending on the settings.","description_kind":"plain"},"max_items":1}},"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","optional":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","optional":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"enable_nested_virtualization":{"type":"bool","description":"Whether to enable nested virtualization or not.","description_kind":"plain","optional":true},"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","optional":true},"visible_core_count":{"type":"number","description":"The number of physical cores to expose to an instance. Multiply by the number of threads per core to compute the total number of virtual CPUs to expose to the instance. If unset, the number of cores is inferred from the instance\\'s nominal CPU count and the underlying platform\\'s SMT width.","description_kind":"plain","optional":true}},"description":"Controls for advanced machine-related behavior features.","description_kind":"plain"},"max_items":1},"confidential_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_confidential_compute":{"type":"bool","description":"Defines whether the instance should have confidential compute enabled.","description_kind":"plain","required":true}},"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain"},"max_items":1},"disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Whether or not the disk should be auto-deleted. This defaults to true.","description_kind":"plain","optional":true},"boot":{"type":"bool","description":"Indicates that this is a boot disk.","description_kind":"plain","optional":true,"computed":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance. If not specified, the server chooses a default device name to apply to this disk.","description_kind":"plain","optional":true,"computed":true},"disk_name":{"type":"string","description":"Name of the disk. When not provided, this defaults to the name of the instance.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"The size of the image in gigabytes. If not specified, it will inherit the size of its base image. For SCRATCH disks, the size must be one of 375 or 3000 GB, with a default of 375 GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The Google Compute Engine disk type. Such as \"pd-ssd\", \"local-ssd\", \"pd-balanced\" or \"pd-standard\".","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Specifies the disk interface to use for attaching this disk.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to disks,","description_kind":"plain","optional":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE or READ_ONLY. If you are attaching or creating a boot disk, this must read-write mode.","description_kind":"plain","optional":true,"computed":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS to provision for the disk. This sets the number of I/O operations per second that the disk can handle. Values must be between 10,000 and 120,000. For more details, see the [Extreme persistent disk documentation](https://cloud.google.com/compute/docs/disks/extreme-persistent-disk).","description_kind":"plain","optional":true,"computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"resource_policies":{"type":["list","string"],"description":"A list (short name or id) of resource policies to attach to this disk. Currently a max of 1 resource policy is supported.","description_kind":"plain","optional":true},"source":{"type":"string","description":"The name (not self_link) of the disk (such as those managed by google_compute_disk) to attach. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true},"source_image":{"type":"string","description":"The image from which to initialize this disk. This can be one of: the image's self_link, projects/{project}/global/images/{image}, projects/{project}/global/images/family/{family}, global/images/{image}, global/images/family/{family}, family/{family}, {project}/{family}, {project}/{image}, {family}, or {image}. ~\u003e Note: Either source or source_image is required when creating a new instance except for when creating a local SSD.","description_kind":"plain","optional":true,"computed":true},"source_snapshot":{"type":"string","description":"The source snapshot to create this disk. When creating\na new instance, one of initializeParams.sourceSnapshot,\ninitializeParams.sourceImage, or disks.source is\nrequired except for local SSD.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of Google Compute Engine disk, can be either \"SCRATCH\" or \"PERSISTENT\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","required":true}},"description":"Encrypts or decrypts a disk using a customer-supplied encryption key.","description_kind":"plain"},"max_items":1},"source_image_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source\nimage. Required if the source image is protected by a\ncustomer-supplied encryption key.\n\nInstance templates do not store customer-supplied\nencryption keys, so you cannot create disks for\ninstances in a managed instance group if the source\nimages are encrypted with your own keys.","description_kind":"plain"},"max_items":1},"source_snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The self link of the encryption key that is stored in\nGoogle Cloud KMS.","description_kind":"plain","required":true},"kms_key_service_account":{"type":"string","description":"The service account being used for the encryption\nrequest for the given KMS key. If absent, the Compute\nEngine default service account is used.","description_kind":"plain","optional":true}},"description":"The customer-supplied encryption key of the source snapshot.","description_kind":"plain"},"max_items":1}},"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain"},"min_items":1},"guest_accelerator":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of the guest accelerator cards exposed to this instance.","description_kind":"plain","required":true},"type":{"type":"string","description":"The accelerator type resource to expose to this instance. E.g. nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain"}},"network_interface":{"nesting_mode":"list","block":{"attributes":{"internal_ipv6_prefix_length":{"type":"number","description":"The prefix length of the primary internal IPv6 range.","description_kind":"plain","optional":true,"computed":true},"ipv6_access_type":{"type":"string","description":"One of EXTERNAL, INTERNAL to indicate whether the IP can be accessed from the Internet. This field is always inherited from its subnetwork.","description_kind":"plain","computed":true},"ipv6_address":{"type":"string","description":"An IPv6 internal network address for this network interface. If not specified, Google Cloud will automatically assign an internal IPv6 address from the instance's subnetwork.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the network_interface.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks.","description_kind":"plain","optional":true,"computed":true},"network_ip":{"type":"string","description":"The private IP address to assign to the instance. If empty, the address will be automatically assigned.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. Possible values:GVNIC, VIRTIO_NET","description_kind":"plain","optional":true},"queue_count":{"type":"number","description":"The networking queue count that's specified by users for the network interface. Both Rx and Tx queues will be set to this number. It will be empty if not specified.","description_kind":"plain","optional":true},"stack_type":{"type":"string","description":"The stack type for this network interface to identify whether the IPv6 feature is enabled or not. If not specified, IPV4_ONLY will be used.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided.","description_kind":"plain","optional":true,"computed":true},"subnetwork_project":{"type":"string","description":"The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"nat_ip":{"type":"string","description":"The IP address that will be 1:1 mapped to the instance's network ip. If not given, one will be generated.","description_kind":"plain","optional":true,"computed":true},"network_tier":{"type":"string","description":"The networking tier used for configuring this instance template. This field can take the following values: PREMIUM, STANDARD, FIXED_STANDARD. If this field is not specified, it is assumed to be PREMIUM.","description_kind":"plain","optional":true,"computed":true},"public_ptr_domain_name":{"type":"string","description":"The DNS domain name for the public PTR record.The DNS domain name for the public PTR record.","description_kind":"plain","computed":true}},"description":"Access configurations, i.e. IPs via which this instance can be accessed via the Internet. Omit to ensure that the instance is not accessible from the Internet (this means that ssh provisioners will not work unless you are running Terraform can send traffic to the instance's network (e.g. via tunnel or because it is running on another cloud instance on that network). This block can be repeated multiple times.","description_kind":"plain"}},"alias_ip_range":{"nesting_mode":"list","block":{"attributes":{"ip_cidr_range":{"type":"string","description":"The IP CIDR range represented by this alias IP range. This IP CIDR range must belong to the specified subnetwork and cannot contain IP addresses reserved by system or used by other network interfaces. At the time of writing only a netmask (e.g. /24) may be supplied, with a CIDR format resulting in an API error.","description_kind":"plain","required":true},"subnetwork_range_name":{"type":"string","description":"The subnetwork secondary range name specifying the secondary range from which to allocate the IP CIDR range for this alias IP range. If left unspecified, the primary range of the subnetwork will be used.","description_kind":"plain","optional":true}},"description":"An array of alias IP ranges for this network interface. Can only be specified for network interfaces on subnet-mode networks.","description_kind":"plain"}},"ipv6_access_config":{"nesting_mode":"list","block":{"attributes":{"external_ipv6":{"type":"string","description":"The first IPv6 address of the external IPv6 range associated with this instance, prefix length is stored in externalIpv6PrefixLength in ipv6AccessConfig. The field is output only, an IPv6 address from a subnetwork associated with the instance will be allocated dynamically.","description_kind":"plain","computed":true},"external_ipv6_prefix_length":{"type":"string","description":"The prefix length of the external IPv6 range.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of this access configuration.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"The service-level to be provided for IPv6 traffic when the subnet has an external subnet. Only PREMIUM tier is valid for IPv6","description_kind":"plain","required":true},"public_ptr_domain_name":{"type":"string","description":"The domain name to be used when creating DNSv6 records for the external IPv6 ranges.","description_kind":"plain","computed":true}},"description":"An array of IPv6 access configurations for this interface. Currently, only one IPv6 access config, DIRECT_IPV6, is supported. If there is no ipv6AccessConfig specified, then this instance will have no external IPv6 Internet access.","description_kind":"plain"}}},"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain"}},"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"The egress bandwidth tier to enable. Possible values:TIER_1, DEFAULT","description_kind":"plain","required":true}},"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of reservation from which this instance can consume resources.","description_kind":"plain","required":true}},"block_types":{"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Corresponds to the label key of a reservation resource. To target a SPECIFIC_RESERVATION by name, specify compute.googleapis.com/reservation-name as the key and specify the name of your reservation as the only value.","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of a reservation resource.","description_kind":"plain","required":true}},"description":"Specifies the label selector for the reservation to use.","description_kind":"plain"},"max_items":1}},"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"automatic_restart":{"type":"bool","description":"Specifies whether the instance should be automatically restarted if it is terminated by Compute Engine (not terminated by a user). This defaults to true.","description_kind":"plain","optional":true},"instance_termination_action":{"type":"string","description":"Specifies the action GCE should take when SPOT VM is preempted.","description_kind":"plain","optional":true},"min_node_cpus":{"type":"number","description":"Minimum number of cpus for the instance.","description_kind":"plain","optional":true},"on_host_maintenance":{"type":"string","description":"Defines the maintenance behavior for this instance.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Allows instance to be preempted. This defaults to false.","description_kind":"plain","optional":true},"provisioning_model":{"type":"string","description":"Whether the instance is spot. If this is set as SPOT.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"local_ssd_recovery_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond\nresolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must\nbe from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Span of time at a resolution of a second.\nMust be from 0 to 315,576,000,000 inclusive.","description_kind":"plain","required":true}},"description":"Specifies the maximum amount of time a Local Ssd Vm should wait while\n recovery of the Local Ssd state is attempted. Its value should be in\n between 0 and 168 hours with hour granularity and the default value being 1\n hour.","description_kind":"plain"}},"node_affinities":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description_kind":"plain","required":true},"operator":{"type":"string","description_kind":"plain","required":true},"values":{"type":["set","string"],"description_kind":"plain","required":true}},"description":"Specifies node affinities or anti-affinities to determine which sole-tenant nodes your instances and managed instance groups will use as host systems.","description_kind":"plain"}}},"description":"The scheduling strategy to use.","description_kind":"plain"},"max_items":1},"service_account":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"The service account e-mail address. If not given, the default Google Compute Engine service account is used.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["set","string"],"description":"A list of service scopes. Both OAuth2 URLs and gcloud short names are supported. To allow full access to all Cloud APIs, use the cloud-platform scope.","description_kind":"plain","required":true}},"description":"Service account to attach to the instance.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. Defaults to true.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Verify the digital signature of all boot components, and halt the boot process if signature verification fails. Defaults to false.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Use a virtualized trusted platform module, which is a specialized computer chip you can use to encrypt objects like keys and certificates. Defaults to true.","description_kind":"plain","optional":true}},"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint":{"version":0,"block":{"attributes":{"fqdn":{"type":"string","description":"Fully qualified domain name of network endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_FQDN_PORT.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IPv4 address external endpoint.\n\nThis can only be specified when network_endpoint_type of the NEG is INTERNET_IP_PORT.","description_kind":"plain","optional":true},"port":{"type":"number","description":"Port number of network endpoint.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing network endpoint group is located.","description_kind":"plain","optional":true,"computed":true},"region_network_endpoint_group":{"type":"string","description":"The network endpoint group this endpoint is part of.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","optional":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","optional":true}},"block_types":{"app_engine":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional serving service.\nThe service name must be 1-63 characters long, and comply with RFC1035.\nExample value: \"default\", \"my-service\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and version fields from a request URL.\nURL mask allows for routing to multiple App Engine services without\nhaving to create multiple Network Endpoint Groups and backend services.\n\nFor example, the request URLs \"foo1-dot-appname.appspot.com/v1\" and\n\"foo1-dot-appname.appspot.com/v2\" can be backed by the same Serverless NEG with\nURL mask \"-dot-appname.appspot.com/\". The URL mask will parse\nthem to { service = \"foo1\", version = \"v1\" } and { service = \"foo1\", version = \"v2\" } respectively.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional serving version.\nThe version must be 1-63 characters long, and comply with RFC1035.\nExample value: \"v1\", \"v2\".","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_function":{"nesting_mode":"list","block":{"attributes":{"function":{"type":"string","description":"A user-defined name of the Cloud Function.\nThe function name is case-sensitive and must be 1-63 characters long.\nExample value: \"func1\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse function field from a request URL. URL mask allows\nfor routing to multiple Cloud Functions without having to create\nmultiple Network Endpoint Groups and backend services.\n\nFor example, request URLs \"mydomain.com/function1\" and \"mydomain.com/function2\"\ncan be backed by the same Serverless NEG with URL mask \"/\". The URL mask\nwill parse them to { function = \"function1\" } and { function = \"function2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"cloud_run":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Cloud Run service is the main resource of Cloud Run.\nThe service must be 1-63 characters long, and comply with RFC1035.\nExample value: \"run-service\".","description_kind":"plain","optional":true},"tag":{"type":"string","description":"Cloud Run tag represents the \"named-revision\" to provide\nadditional fine-grained traffic routing information.\nThe tag must be 1-63 characters long, and comply with RFC1035.\nExample value: \"revision-0010\".","description_kind":"plain","optional":true},"url_mask":{"type":"string","description":"A template to parse service and tag fields from a request URL.\nURL mask allows for routing to multiple Run services without having\nto create multiple network endpoint groups and backend services.\n\nFor example, request URLs \"foo1.domain.com/bar1\" and \"foo1.domain.com/bar2\"\nan be backed by the same Serverless Network Endpoint Group (NEG) with\nURL mask \".domain.com/\". The URL mask will parse them to { service=\"bar1\", tag=\"foo1\" }\nand { service=\"bar2\", tag=\"foo2\" } respectively.","description_kind":"plain","optional":true}},"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of the resource. This field is used internally during updates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User-provided name of the Network firewall policy. The name should be unique in the project in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of this resource.","description_kind":"plain","optional":true,"computed":true},"region_network_firewall_policy_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"rule_tuple_count":{"type":"number","description":"Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL for this resource with the resource id.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_association":{"version":0,"block":{"attributes":{"attachment_target":{"type":"string","description":"The target that the firewall policy is attached to.","description_kind":"plain","required":true},"firewall_policy":{"type":"string","description":"The firewall policy ID of the association.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name for an association.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"short_name":{"type":"string","description":"The short name of the firewall policy of the association.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_network_firewall_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the client connection triggers the rule. Valid actions are \"allow\", \"deny\" and \"goto_next\".","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this resource.","description_kind":"plain","optional":true},"direction":{"type":"string","description":"The direction in which this rule applies. Possible values: INGRESS, EGRESS","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.","description_kind":"plain","optional":true},"firewall_policy":{"type":"string","description":"The firewall policy of the resource.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules","description_kind":"plain","computed":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The location of this resource.","description_kind":"plain","optional":true,"computed":true},"rule_name":{"type":"string","description":"An optional name for the rule. This field is not a unique identifier and can be updated.","description_kind":"plain","optional":true},"rule_tuple_count":{"type":"number","description":"Calculation of the complexity of a single firewall policy rule.","description_kind":"plain","computed":true},"target_service_accounts":{"type":["list","string"],"description":"A list of service accounts indicating the sets of instances that are applied with this rule.","description_kind":"plain","optional":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"dest_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10. Destination address groups is only supported in Egress rules.","description_kind":"plain","optional":true},"dest_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of destination of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"dest_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is egress.","description_kind":"plain","optional":true},"dest_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true},"src_address_groups":{"type":["list","string"],"description":"Address groups which should be matched against the traffic source. Maximum number of source address groups is 10. Source address groups is only supported in Ingress rules.","description_kind":"plain","optional":true},"src_fqdns":{"type":["list","string"],"description":"Domain names that will be used to match against the resolved domain name of source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.","description_kind":"plain","optional":true},"src_region_codes":{"type":["list","string"],"description":"The Unicode country codes whose IP addresses will be used to match against the source of traffic. Can only be specified if DIRECTION is ingress.","description_kind":"plain","optional":true},"src_threat_intelligences":{"type":["list","string"],"description":"Name of the Google Cloud Threat Intelligence list.","description_kind":"plain","optional":true}},"block_types":{"layer4_configs":{"nesting_mode":"list","block":{"attributes":{"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.","description_kind":"plain","required":true},"ports":{"type":["list","string"],"description":"An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.","description_kind":"plain","optional":true}},"description":"Pairs of IP protocols and ports that the rule should match.","description_kind":"plain"},"min_items":1},"src_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the \u003ccode\u003esrcSecureTag\u003c/code\u003e are INEFFECTIVE, and there is no \u003ccode\u003esrcIpRange\u003c/code\u003e, this rule will be ignored. Maximum number of source tag values allowed is 256.","description_kind":"plain"}}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"target_secure_tags":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the secure tag, created with TagManager's TagValue API. @pattern tagValues/[0-9]+","description_kind":"plain","required":true},"state":{"type":"string","description":"[Output Only] State of the secure tag, either `EFFECTIVE` or `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted or its network is deleted.","description_kind":"plain","computed":true}},"description":"A list of secure tags that controls which instances the firewall rule applies to. If \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, then the firewall rule applies only to instances in the VPC network that have one of those EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE state, then this rule will be ignored. \u003ccode\u003etargetSecureTag\u003c/code\u003e may not be set at the same time as \u003ccode\u003etargetServiceAccounts\u003c/code\u003e. If neither \u003ccode\u003etargetServiceAccounts\u003c/code\u003e nor \u003ccode\u003etargetSecureTag\u003c/code\u003e are specified, the firewall rule applies to all instances on the specified network. Maximum number of target label tags allowed is 256.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_per_instance_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"minimal_action":{"type":"string","description":"The minimal action to perform on the instance during an update.\nDefault is 'NONE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"most_disruptive_allowed_action":{"type":"string","description":"The most disruptive action to perform on the instance during an update.\nDefault is 'REPLACE'. Possible values are:\n* REPLACE\n* RESTART\n* REFRESH\n* NONE","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name for this per-instance config and its corresponding instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the containing instance group manager is located","description_kind":"plain","optional":true,"computed":true},"region_instance_group_manager":{"type":"string","description":"The region instance group manager this instance config is part of.","description_kind":"plain","required":true},"remove_instance_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove the underlying instance.\nWhen false, deleting this config will use the behavior as determined by remove_instance_on_destroy.","description_kind":"plain","optional":true},"remove_instance_state_on_destroy":{"type":"bool","description":"When true, deleting this config will immediately remove any specified state from the underlying instance.\nWhen false, deleting this config will *not* immediately remove any state from the underlying instance.\nState will be removed on the next instance recreation or update.","description_kind":"plain","optional":true}},"block_types":{"preserved_state":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":["map","string"],"description":"Preserved metadata defined for this instance. This is a list of key-\u003evalue pairs.","description_kind":"plain","optional":true}},"block_types":{"disk":{"nesting_mode":"set","block":{"attributes":{"delete_rule":{"type":"string","description":"A value that prescribes what should happen to the stateful disk when the VM instance is deleted.\nThe available options are 'NEVER' and 'ON_PERMANENT_INSTANCE_DELETION'.\n'NEVER' - detach the disk when the VM is deleted, but do not delete the disk.\n'ON_PERMANENT_INSTANCE_DELETION' will delete the stateful disk when the VM is permanently\ndeleted from the instance group. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"device_name":{"type":"string","description":"A unique device name that is reflected into the /dev/ tree of a Linux operating system running within the instance.","description_kind":"plain","required":true},"mode":{"type":"string","description":"The mode of the disk. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"source":{"type":"string","description":"The URI of an existing persistent disk to attach under the specified device-name in the format\n'projects/project-id/zones/zone/disks/disk-name'.","description_kind":"plain","required":true}},"description":"Stateful disks for the instance.","description_kind":"plain"}},"external_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved external IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}},"internal_ip":{"nesting_mode":"set","block":{"attributes":{"auto_delete":{"type":"string","description":"These stateful IPs will never be released during autohealing, update or VM instance recreate operations. This flag is used to configure if the IP reservation should be deleted after it is no longer used by the group, e.g. when the given instance or the whole group is deleted. Default value: \"NEVER\" Possible values: [\"NEVER\", \"ON_PERMANENT_INSTANCE_DELETION\"]","description_kind":"plain","optional":true},"interface_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"ip_address":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The URL of the reservation for this IP address.","description_kind":"plain","optional":true}},"description":"Ip address representation","description_kind":"plain"},"max_items":1}},"description":"Preserved internal IPs defined for this instance. This map is keyed with the name of the network interface.","description_kind":"plain"}}},"description":"The preserved state for this instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"A list of features enabled when the selected profile is CUSTOM. The\nmethod returns the set of features that can be specified in this\nlist. This field must be empty if the profile is not CUSTOM.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the regional SSL policy resides.","description_kind":"plain","required":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target https proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nAt least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates.\nsslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the Region SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the RegionUrlMap resource that defines the mapping from URL\nto the RegionBackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The Region in which the created target TCP proxy should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_region_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The full or partial URL of the defaultService resource to which traffic is directed if\nnone of the hostRules match. If defaultRouteAction is additionally specified, advanced\nrouting actions like URL Rewrites, etc. take effect prior to sending the request to the\nbackend. However, if defaultService is specified, defaultRouteAction cannot contain any\nweightedBackendServices. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of defaultService,\ndefaultUrlRedirect or defaultRouteAction.weightedBackendService must be set.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the url map should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header.\nDefault is false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regualar expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service.\nSimilarly requests from clients can be aborted by the load balancer for a percentage of requests.\ntimeout and retryPolicy is ignored by clients that are configured with a faultInjectionPolicy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection.\nFault injection is not supported with the global external HTTP(S) load balancer (classic). To see which load balancers support fault injection, see Load balancing: [Routing and traffic management features](https://cloud.google.com/load-balancing/docs/features#routing-traffic-management).","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the RegionBackendService resource being mirrored to.\nThe backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map.\nServerless NEG backends are not currently supported as a mirrored backend service.","description_kind":"plain","optional":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nThe load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry policy applies.\nValid values are listed below. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true: cancelled, deadline-exceeded, internal, resource-exhausted, unavailable.\n - 5xx : retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams.\n - gateway-error : Similar to 5xx, but only applies to response codes 502, 503 or 504.\n - connect-failure : a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts.\n - retriable-4xx : a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409.\n - refused-stream : a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n - cancelled : a retry is attempted if the gRPC status code in the response header is set to cancelled.\n - deadline-exceeded : a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded.\n - internal : a retry is attempted if the gRPC status code in the response header is set to internal.\n - resource-exhausted : a retry is attempted if the gRPC status code in the response header is set to resource-exhausted.\n - unavailable : a retry is attempted if the gRPC status code in the response header is set to unavailable.","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as end-of-stream) up until the response has been processed. Timeout includes all retries.\nIf not specified, this field uses the largest timeout among all backend services associated with the route.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite.\nThe value must be from 1 to 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite.\nThe value must be from 1 to 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, before forwarding the request to the matched service.\nurlRewrite is the only action supported in UrlMaps for external HTTP(S) load balancers.\nNot supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) .\nThe selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy.\nThe value must be from 0 to 1000.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response before sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request before forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header.\nThe default value is false.","description_kind":"plain","optional":true}},"description":"Headers to add the response before sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for the selected backendService.\nheaderAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.\nheaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL.\nNot supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number.\nAfter a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.\nURL maps for Classic external HTTP(S) load balancers only support the urlRewrite action within defaultRouteAction.\ndefaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this HostRule. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid\nhostnames, except * will match any string of ([a-z0-9-.]*). In\nthat case, * must be the first character and must be followed in\nthe pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of\nthe URL if the hostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"A reference to a RegionBackendService resource. This will be used if\nnone of the pathRules defined by this PathMatcher is matched by\nthe URL's path portion.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n- 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n- gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n- connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n- retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n- refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n- cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n- deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n- resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n- unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The region backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0]\n\n* -3 will match\n* 0 will not match\n* 0.25 will not match\n* -3someString will not match.\n\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n\n* MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n* MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The RegionBackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default RegionBackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained. The default value is false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"A reference to expected RegionBackendService resource the given URL should be mapped to.","description_kind":"plain","required":true}},"description":"The list of expected URL mappings. Requests to update this UrlMap will\nsucceed only if all of the test cases pass.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","optional":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"block_types":{"share_settings":{"nesting_mode":"list","block":{"attributes":{"share_type":{"type":"string","description":"Type of sharing for this shared-reservation Possible values: [\"LOCAL\", \"SPECIFIC_PROJECTS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"project_map":{"nesting_mode":"set","block":{"attributes":{"id":{"type":"string","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The project id/number, should be same as the key of this project config in the project map.","description_kind":"plain","optional":true}},"description":"A map of project number and project config. This is only valid when shareType's value is SPECIFIC_PROJECTS.","description_kind":"plain"}}},"description":"The share setting for reservations.","description_kind":"plain"},"max_items":1},"specific_reservation":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of resources that are allocated.","description_kind":"plain","required":true},"in_use_count":{"type":"number","description":"How many instances are in use.","description_kind":"plain","computed":true}},"block_types":{"instance_properties":{"nesting_mode":"list","block":{"attributes":{"machine_type":{"type":"string","description":"The name of the machine type to reserve.","description_kind":"plain","required":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform for the reservation. For example,\n'\"Intel Skylake\"'. See\nthe CPU platform availability reference](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform#availablezones)\nfor information on available CPU platforms.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"guest_accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the guest accelerator cards exposed to\nthis instance.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The full or partial URL of the accelerator type to\nattach to this instance. For example:\n'projects/my-project/zones/us-central1-c/acceleratorTypes/nvidia-tesla-p100'\n\nIf you are creating an instance template, specify only the accelerator name.","description_kind":"plain","required":true}},"description":"Guest accelerator type and count.","description_kind":"plain"}},"local_ssds":{"nesting_mode":"list","block":{"attributes":{"disk_size_gb":{"type":"number","description":"The size of the disk in base-2 GB.","description_kind":"plain","required":true},"interface":{"type":"string","description":"The disk interface to use for attaching this disk. Default value: \"SCSI\" Possible values: [\"SCSI\", \"NVME\"]","description_kind":"plain","optional":true}},"description":"The amount of local ssd to reserve with each instance. This\nreserves disks of type 'local-ssd'.","description_kind":"plain"}}},"description":"The instance properties for the reservation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Reservation for instances with specific machine shapes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"disk_consistency_group_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable disk consistency on the resource policy.","description_kind":"plain","required":true}},"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain"},"max_items":1},"group_placement_policy":{"nesting_mode":"list","block":{"attributes":{"availability_domain_count":{"type":"number","description":"The number of availability domains instances will be spread across. If two instances are in different\navailability domain, they will not be put in the same low latency network","description_kind":"plain","optional":true},"collocation":{"type":"string","description":"Collocation specifies whether to place VMs inside the same availability domain on the same low-latency network.\nSpecify 'COLLOCATED' to enable collocation. Can only be specified with 'vm_count'. If compute instances are created\nwith a COLLOCATED policy, then exactly 'vm_count' instances must be created at the same time with the resource policy\nattached. Possible values: [\"COLLOCATED\"]","description_kind":"plain","optional":true},"vm_count":{"type":"number","description":"Number of VMs in this placement group. Google does not recommend that you use this field\nunless you use a compact policy and you want your policy to work only if it contains this\nexact number of VMs.","description_kind":"plain","optional":true}},"description":"Resource policy for instances used for placement configuration.","description_kind":"plain"},"max_items":1},"instance_schedule_policy":{"nesting_mode":"list","block":{"attributes":{"expiration_time":{"type":"string","description":"The expiration time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The start time of the schedule. The timestamp is an RFC3339 string.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used in interpreting the schedule. The value of this field must be a time zone name\nfrom the tz database: http://en.wikipedia.org/wiki/Tz_database.","description_kind":"plain","required":true}},"block_types":{"vm_start_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for starting instances.","description_kind":"plain"},"max_items":1},"vm_stop_schedule":{"nesting_mode":"list","block":{"attributes":{"schedule":{"type":"string","description":"Specifies the frequency for the operation, using the unix-cron format.","description_kind":"plain","required":true}},"description":"Specifies the schedule for stopping instances.","description_kind":"plain"},"max_items":1}},"description":"Resource policy for scheduling instance operations.","description_kind":"plain"},"max_items":1},"snapshot_schedule_policy":{"nesting_mode":"list","block":{"block_types":{"retention_policy":{"nesting_mode":"list","block":{"attributes":{"max_retention_days":{"type":"number","description":"Maximum age of the snapshot that is allowed to be kept.","description_kind":"plain","required":true},"on_source_disk_delete":{"type":"string","description":"Specifies the behavior to apply to scheduled snapshots when\nthe source disk is deleted. Default value: \"KEEP_AUTO_SNAPSHOTS\" Possible values: [\"KEEP_AUTO_SNAPSHOTS\", \"APPLY_RETENTION_POLICY\"]","description_kind":"plain","optional":true}},"description":"Retention policy applied to snapshots created by this resource policy.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"days_in_cycle":{"type":"number","description":"Defines a schedule with units measured in days. The value determines how many days pass between the start of each cycle. Days in cycle for snapshot schedule policy must be 1.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"This must be in UTC format that resolves to one of\n00:00, 04:00, 08:00, 12:00, 16:00, or 20:00. For example,\nboth 13:00-5 and 08:00 are valid.","description_kind":"plain","required":true}},"description":"The policy will execute every nth day at the specified time.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"hours_in_cycle":{"type":"number","description":"The number of hours between snapshots.","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in an hourly format \"HH:MM\",\nwhere HH : [00-23] and MM : [00] GMT.\neg: 21:00","description_kind":"plain","required":true}},"description":"The policy will execute every nth hour starting at the specified time.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"block_types":{"day_of_weeks":{"nesting_mode":"set","block":{"attributes":{"day":{"type":"string","description":"The day of the week to create the snapshot. e.g. MONDAY Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"start_time":{"type":"string","description":"Time within the window to start the operations.\nIt must be in format \"HH:MM\", where HH : [00-23] and MM : [00-00] GMT.","description_kind":"plain","required":true}},"description":"May contain up to seven (one for each day of the week) snapshot times.","description_kind":"plain"},"min_items":1,"max_items":7}},"description":"Allows specifying a snapshot time for each day of the week.","description_kind":"plain"},"max_items":1}},"description":"Contains one of an 'hourlySchedule', 'dailySchedule', or 'weeklySchedule'.","description_kind":"plain"},"min_items":1,"max_items":1},"snapshot_properties":{"nesting_mode":"list","block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and comply\nwith RFC1035.","description_kind":"plain","optional":true},"guest_flush":{"type":"bool","description":"Whether to perform a 'guest aware' snapshot.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key-value pairs.","description_kind":"plain","optional":true},"storage_locations":{"type":["set","string"],"description":"Cloud Storage bucket location to store the auto snapshot\n(regional or multi-regional)","description_kind":"plain","optional":true}},"description":"Properties with which the snapshots are created, such as labels.","description_kind":"plain"},"max_items":1}},"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_route":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property\nwhen you create the resource.","description_kind":"plain","optional":true},"dest_range":{"type":"string","description":"The destination range of outgoing packets that this route applies to.\nOnly IPv4 is supported.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network that this route applies to.","description_kind":"plain","required":true},"next_hop_gateway":{"type":"string","description":"URL to a gateway that should handle matching packets.\nCurrently, you can only specify the internet gateway, using a full or\npartial valid URL:\n* 'https://www.googleapis.com/compute/v1/projects/project/global/gateways/default-internet-gateway'\n* 'projects/project/global/gateways/default-internet-gateway'\n* 'global/gateways/default-internet-gateway'\n* The string 'default-internet-gateway'.","description_kind":"plain","optional":true},"next_hop_ilb":{"type":"string","description":"The IP address or URL to a forwarding rule of type\nloadBalancingScheme=INTERNAL that should handle matching\npackets.\n\nWith the GA provider you can only specify the forwarding\nrule as a partial or full URL. For example, the following\nare all valid values:\n* 10.128.0.56\n* https://www.googleapis.com/compute/v1/projects/project/regions/region/forwardingRules/forwardingRule\n* regions/region/forwardingRules/forwardingRule\n\nWhen the beta provider, you can also specify the IP address\nof a forwarding rule from the same VPC or any peered VPC.\n\nNote that this can only be used when the destinationRange is\na public (non-RFC 1918) IP CIDR range.","description_kind":"plain","optional":true},"next_hop_instance":{"type":"string","description":"URL to an instance that should handle matching packets.\nYou can specify this as a full or partial URL. For example:\n* 'https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/instance'\n* 'projects/project/zones/zone/instances/instance'\n* 'zones/zone/instances/instance'\n* Just the instance name, with the zone in 'next_hop_instance_zone'.","description_kind":"plain","optional":true},"next_hop_instance_zone":{"type":"string","description":"The zone of the instance specified in next_hop_instance. Omit if next_hop_instance is specified as a URL.","description_kind":"plain","optional":true,"computed":true},"next_hop_ip":{"type":"string","description":"Network IP address of an instance that should handle matching packets.","description_kind":"plain","optional":true,"computed":true},"next_hop_network":{"type":"string","description":"URL to a Network that should handle matching packets.","description_kind":"plain","computed":true},"next_hop_vpn_tunnel":{"type":"string","description":"URL to a VpnTunnel that should handle matching packets.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this route. Priority is used to break ties in cases\nwhere there is more than one matching route of equal prefix length.\n\nIn the case of two routes with equal prefix length, the one with the\nlowest-numbered priority value wins.\n\nDefault value is 1000. Valid range is 0 through 65535.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"A list of instance tags to which this route applies.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"bgp":{"nesting_mode":"list","block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement. Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom mode.\nThis field can only be populated if advertiseMode is CUSTOM and\nis advertised to all peers of the router. These groups will be\nadvertised in addition to any specified prefixes. Leave this field\nblank to advertise no custom groups.\n\nThis enum field has the one valid value: ALL_SUBNETS","description_kind":"plain","optional":true},"asn":{"type":"number","description":"Local BGP Autonomous System Number (ASN). Must be an RFC6996\nprivate ASN, either 16-bit or 32-bit. The value will be fixed for\nthis router resource. All VPN tunnels that link to this router\nwill have the same local ASN.","description_kind":"plain","required":true},"keepalive_interval":{"type":"number","description":"The interval in seconds between BGP keepalive messages that are sent\nto the peer. Hold time is three times the interval at which keepalive\nmessages are sent, and the hold time is the maximum number of seconds\nallowed to elapse between successive keepalive messages that BGP\nreceives from a peer.\n\nBGP will use the smaller of either the local hold time value or the\npeer's hold time value as the hold time for the BGP connection\nbetween the two peers. If set, this value must be between 20 and 60.\nThe default is 20.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis CUSTOM and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}}},"description":"BGP information specific to this router.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_interface":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interconnect_attachment":{"type":"string","description":"The name or resource link to the VLAN interconnect for this interface. Changing this forces a new interface to be created. Only one of interconnect_attachment, subnetwork or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"ip_range":{"type":"string","description":"The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the interface, required by GCE. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance. Changing this forces a new interface to be created.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which this interface's router belongs. If it is not provided, the provider project is used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"redundant_interface":{"type":"string","description":"The name of the interface that is redundant to this interface. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this interface's router sits in. If not specified, the project region will be used. Changing this forces a new interface to be created.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the router this interface will be attached to. Changing this forces a new interface to be created.","description_kind":"plain","required":true},"subnetwork":{"type":"string","description":"The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. Changing this forces a new interface to be created. Only one of subnetwork, interconnect_attachment or vpn_tunnel can be specified.","description_kind":"plain","optional":true},"vpn_tunnel":{"type":"string","description":"The name or resource link to the VPN tunnel this interface will be linked to. Changing this forces a new interface to be created. Only one of vpn_tunnel, interconnect_attachment or subnetwork can be specified.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","optional":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","optional":true,"computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","optional":true,"computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","optional":true,"computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","optional":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","optional":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","required":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","optional":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","optional":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","optional":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","optional":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Indicates whether or not to export logs.","description_kind":"plain","required":true},"filter":{"type":"string","description":"Specifies the desired filtering of logs on this NAT. Possible values: [\"ERRORS_ONLY\", \"TRANSLATIONS_ONLY\", \"ALL\"]","description_kind":"plain","required":true}},"description":"Configuration for logging on NAT","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this rule.","description_kind":"plain","optional":true},"match":{"type":"string","description":"CEL expression that specifies the match condition that egress traffic from a VM is evaluated against.\nIf it evaluates to true, the corresponding action is enforced.\n\nThe following examples are valid match expressions for public NAT:\n\n\"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\"\n\n\"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\"\n\nThe following example is a valid match expression for private NAT:\n\n\"nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'\"","description_kind":"plain","required":true},"rule_number":{"type":"number","description":"An integer uniquely identifying a rule in the list.\nThe rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.","description_kind":"plain","required":true}},"block_types":{"action":{"nesting_mode":"list","block":{"attributes":{"source_nat_active_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources used for this NAT rule.\nThese IP addresses must be valid static external IP addresses assigned to the project.\nThis field is used for public NAT.","description_kind":"plain","optional":true},"source_nat_drain_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained.\nThese IPs must be valid static external IPs that have been assigned to the NAT.\nThese IPs should be used for updating/patching a NAT rule only.\nThis field is used for public NAT.","description_kind":"plain","optional":true}},"description":"The action to be enforced for traffic that matches this rule.","description_kind":"plain"},"max_items":1}},"description":"A list of rules associated with this NAT.","description_kind":"plain"}},"subnetwork":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Self-link of subnetwork to NAT","description_kind":"plain","required":true},"secondary_ip_range_names":{"type":["set","string"],"description":"List of the secondary ranges of the subnetwork that are allowed\nto use NAT. This can be populated only if\n'LIST_OF_SECONDARY_IP_RANGES' is one of the values in\nsourceIpRangesToNat","description_kind":"plain","optional":true},"source_ip_ranges_to_nat":{"type":["set","string"],"description":"List of options for which source IPs in the subnetwork\nshould have NAT enabled. Supported values include:\n'ALL_IP_RANGES', 'LIST_OF_SECONDARY_IP_RANGES',\n'PRIMARY_IP_RANGE'.","description_kind":"plain","required":true}},"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_router_peer":{"version":0,"block":{"attributes":{"advertise_mode":{"type":"string","description":"User-specified flag to indicate which mode to use for advertisement.\nValid values of this enum field are: 'DEFAULT', 'CUSTOM' Default value: \"DEFAULT\" Possible values: [\"DEFAULT\", \"CUSTOM\"]","description_kind":"plain","optional":true},"advertised_groups":{"type":["list","string"],"description":"User-specified list of prefix groups to advertise in custom\nmode, which currently supports the following option:\n\n* 'ALL_SUBNETS': Advertises all of the router's own VPC subnets.\nThis excludes any routes learned for subnets that use VPC Network\nPeering.\n\n\nNote that this field can only be populated if advertiseMode is 'CUSTOM'\nand overrides the list defined for the router (in the \"bgp\" message).\nThese groups are advertised in addition to any specified prefixes.\nLeave this field blank to advertise no custom groups.","description_kind":"plain","optional":true},"advertised_route_priority":{"type":"number","description":"The priority of routes advertised to this BGP peer.\nWhere there is more than one matching route of maximum\nlength, the routes with the lowest priority value win.","description_kind":"plain","optional":true},"enable":{"type":"bool","description":"The status of the BGP peer connection. If set to false, any active session\nwith the peer is terminated and all associated routing information is removed.\nIf set to true, the peer connection can be established with routing information.\nThe default is true.","description_kind":"plain","optional":true},"enable_ipv6":{"type":"bool","description":"Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"interface":{"type":"string","description":"Name of the interface the BGP peer is associated with.","description_kind":"plain","required":true},"ip_address":{"type":"string","description":"IP address of the interface inside Google Cloud Platform.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the interface inside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"management_type":{"type":"string","description":"The resource that configures and manages this BGP peer.\n\n* 'MANAGED_BY_USER' is the default value and can be managed by\nyou or other users\n* 'MANAGED_BY_ATTACHMENT' is a BGP peer that is configured and\nmanaged by Cloud Interconnect, specifically by an\nInterconnectAttachment of type PARTNER. Google automatically\ncreates, updates, and deletes this type of BGP peer when the\nPARTNER InterconnectAttachment is created, updated,\nor deleted.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of this BGP peer. The name must be 1-63 characters long,\nand comply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_asn":{"type":"number","description":"Peer BGP Autonomous System Number (ASN).\nEach BGP interface may use a different value.","description_kind":"plain","required":true},"peer_ip_address":{"type":"string","description":"IP address of the BGP interface outside Google Cloud Platform.\nOnly IPv4 is supported. Required if 'ip_address' is set.","description_kind":"plain","optional":true,"computed":true},"peer_ipv6_nexthop_address":{"type":"string","description":"IPv6 address of the BGP interface outside Google Cloud Platform.\nThe address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.\nIf you do not specify the next hop addresses, Google Cloud automatically\nassigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the router and BgpPeer reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The name of the Cloud Router in which this BgpPeer will be configured.","description_kind":"plain","required":true},"router_appliance_instance":{"type":"string","description":"The URI of the VM instance that is used as third-party router appliances\nsuch as Next Gen Firewalls, Virtual Routers, or Router Appliances.\nThe VM instance must be located in zones contained in the same region as\nthis Cloud Router. The VM instance is the peer side of the BGP session.","description_kind":"plain","optional":true}},"block_types":{"advertised_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"User-specified description for the IP range.","description_kind":"plain","optional":true},"range":{"type":"string","description":"The IP range to advertise. The value must be a\nCIDR-formatted string.","description_kind":"plain","required":true}},"description":"User-specified list of individual IP ranges to advertise in\ncustom mode. This field can only be populated if advertiseMode\nis 'CUSTOM' and is advertised to all peers of the router. These IP\nranges will be advertised in addition to any specified groups.\nLeave this field blank to advertise no custom IP ranges.","description_kind":"plain"}},"bfd":{"nesting_mode":"list","block":{"attributes":{"min_receive_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\nreceived from the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the transmit interval of the other router. If set, this value\nmust be between 1000 and 30000.","description_kind":"plain","optional":true},"min_transmit_interval":{"type":"number","description":"The minimum interval, in milliseconds, between BFD control packets\ntransmitted to the peer router. The actual value is negotiated\nbetween the two routers and is equal to the greater of this value\nand the corresponding receive interval of the other router. If set,\nthis value must be between 1000 and 30000.","description_kind":"plain","optional":true},"multiplier":{"type":"number","description":"The number of consecutive BFD packets that must be missed before\nBFD declares that a peer is unavailable. If set, the value must\nbe a value between 5 and 16.","description_kind":"plain","optional":true},"session_initialization_mode":{"type":"string","description":"The BFD session initialization mode for this BGP peer.\nIf set to 'ACTIVE', the Cloud Router will initiate the BFD session\nfor this BGP peer. If set to 'PASSIVE', the Cloud Router will wait\nfor the peer router to initiate the BFD session for this BGP peer.\nIf set to 'DISABLED', BFD is disabled for this BGP peer. Possible values: [\"ACTIVE\", \"DISABLED\", \"PASSIVE\"]","description_kind":"plain","required":true}},"description":"BFD configuration for the BGP peering.","description_kind":"plain"},"max_items":1},"md5_authentication_key":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Value of the key.","description_kind":"plain","required":true,"sensitive":true},"name":{"type":"string","description":"[REQUIRED] Name used to identify the key.\nMust be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.","description_kind":"plain","required":true}},"description":"Present if MD5 authentication is enabled for the peering. Must be the name\nof one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this security policy. Max size is 2048.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the security policy.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"adaptive_protection_config":{"nesting_mode":"list","block":{"block_types":{"layer_7_ddos_defense_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"If set to true, enables CAAP for L7 DDoS detection.","description_kind":"plain","optional":true},"rule_visibility":{"type":"string","description":"Rule visibility. Supported values include: \"STANDARD\", \"PREMIUM\".","description_kind":"plain","optional":true}},"description":"Layer 7 DDoS Defense Config of this security policy","description_kind":"plain"},"max_items":1}},"description":"Adaptive Protection Config of this security policy.","description_kind":"plain"},"max_items":1},"advanced_options_config":{"nesting_mode":"list","block":{"attributes":{"json_parsing":{"type":"string","description":"JSON body parsing. Supported values include: \"DISABLED\", \"STANDARD\".","description_kind":"plain","optional":true,"computed":true},"log_level":{"type":"string","description":"Logging level. Supported values include: \"NORMAL\", \"VERBOSE\".","description_kind":"plain","optional":true,"computed":true},"user_ip_request_headers":{"type":["set","string"],"description":"An optional list of case-insensitive request header names to use for resolving the callers client IP address.","description_kind":"plain","optional":true}},"block_types":{"json_custom_config":{"nesting_mode":"list","block":{"attributes":{"content_types":{"type":["set","string"],"description":"A list of custom Content-Type header values to apply the JSON parsing.","description_kind":"plain","required":true}},"description":"Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.","description_kind":"plain"},"max_items":1}},"description":"Advanced Options Config of this security policy.","description_kind":"plain"},"max_items":1},"recaptcha_options_config":{"nesting_mode":"list","block":{"attributes":{"redirect_site_key":{"type":"string","description":"A field to supply a reCAPTCHA site key to be used for all the rules using the redirect action with the type of GOOGLE_RECAPTCHA under the security policy. The specified site key needs to be created from the reCAPTCHA API. The user is responsible for the validity of the specified site key. If not specified, a Google-managed site key is used.","description_kind":"plain","required":true}},"description":"reCAPTCHA configuration options to be applied for the security policy.","description_kind":"plain"},"max_items":1},"rule":{"nesting_mode":"set","block":{"attributes":{"action":{"type":"string","description":"Action to take when match matches the request.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this rule. Max size is 64.","description_kind":"plain","optional":true},"preview":{"type":"bool","description":"When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"An unique positive integer indicating the priority of evaluation for a rule. Rules are evaluated from highest priority (lowest numerically) to lowest priority (highest numerically) in order.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_adds":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to set.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value to set the named header to.","description_kind":"plain","optional":true}},"description":"The list of request headers to add or overwrite if they're already present.","description_kind":"plain"},"min_items":1}},"description":"Additional actions that are performed on headers.","description_kind":"plain"},"max_items":1},"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Predefined rule expression. If this field is specified, config must also be specified. Available options: SRC_IPS_V1: Must specify the corresponding src_ip_ranges field in config.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["set","string"],"description":"Set of IP addresses or ranges (IPV4 or IPV6) in CIDR notation to match against inbound traffic. There is a limit of 10 IP ranges per rule. A value of '*' matches all IPs (can be used to override the default behavior).","description_kind":"plain","required":true}},"description":"The configuration options available when specifying versioned_expr. This field must be specified if versioned_expr is specified and cannot be specified if versioned_expr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.","description_kind":"plain"},"min_items":1,"max_items":1},"rate_limit_options":{"nesting_mode":"list","block":{"attributes":{"ban_duration_sec":{"type":"number","description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, determines the time (in seconds) the traffic will continue to be banned by the rate limit after the rate falls below the threshold.","description_kind":"plain","optional":true},"conform_action":{"type":"string","description":"Action to take for requests that are under the configured rate limit threshold. Valid option is \"allow\" only.","description_kind":"plain","required":true},"enforce_on_key":{"type":"string","description":"Determines the key to enforce the rateLimitThreshold on","description_kind":"plain","optional":true},"enforce_on_key_name":{"type":"string","description":"Rate limit key name applicable only for the following key types: HTTP_HEADER -- Name of the HTTP header whose value is taken as the key value. HTTP_COOKIE -- Name of the HTTP cookie whose value is taken as the key value.","description_kind":"plain","optional":true},"exceed_action":{"type":"string","description":"Action to take for requests that are above the configured rate limit threshold, to either deny with a specified HTTP response code, or redirect to a different endpoint. Valid options are \"deny()\" where valid values for status are 403, 404, 429, and 502, and \"redirect\" where the redirect parameters come from exceedRedirectOptions below.","description_kind":"plain","required":true}},"block_types":{"ban_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Can only be specified if the action for the rule is \"rate_based_ban\". If specified, the key will be banned for the configured 'banDurationSec' when the number of requests that exceed the 'rateLimitThreshold' also exceed this 'banThreshold'.","description_kind":"plain"},"max_items":1},"exceed_redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action that is used as the exceed action. Cannot be specified if the exceed action is not redirect.","description_kind":"plain"},"max_items":1},"rate_limit_threshold":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"Number of HTTP(S) requests for calculating the threshold.","description_kind":"plain","required":true},"interval_sec":{"type":"number","description":"Interval over which the threshold is computed.","description_kind":"plain","required":true}},"description":"Threshold at which to begin ratelimiting.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rate limit threshold for this security policy. Must be specified if the action is \"rate_based_ban\" or \"throttle\". Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1},"redirect_options":{"nesting_mode":"list","block":{"attributes":{"target":{"type":"string","description":"Target for the redirect action. This is required if the type is EXTERNAL_302 and cannot be specified for GOOGLE_RECAPTCHA.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of the redirect action. Available options: EXTERNAL_302: Must specify the corresponding target field in config. GOOGLE_RECAPTCHA: Cannot specify target field in config.","description_kind":"plain","required":true}},"description":"Parameters defining the redirect action. Cannot be specified for any other actions.","description_kind":"plain"},"max_items":1}},"description":"The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match \"*\"). If no rules are provided when creating a security policy, a default rule with action \"allow\" will be added.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_security_policy_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The Action to perform when the rule is matched. The following are the valid actions:\n\n* allow: allow access to target.\n\n* deny(STATUS): deny access to target, returns the HTTP response code specified. Valid values for STATUS are 403, 404, and 502.\n\n* rate_based_ban: limit client traffic to the configured threshold and ban the client if the traffic exceeds the threshold. Configure parameters for this action in RateLimitOptions. Requires rateLimitOptions to be set.\n\n* redirect: redirect to a different target. This can either be an internal reCAPTCHA redirect, or an external URL-based redirect via a 302 response. Parameters for this action can be configured via redirectOptions. This action is only supported in Global Security Policies of type CLOUD_ARMOR.\n\n* throttle: limit client traffic to the configured threshold. Configure parameters for this action in rateLimitOptions. Requires rateLimitOptions to be set for this.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"preview":{"type":"bool","description":"If set to true, the specified action is not enforced.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"An integer indicating the priority of a rule in the list.\nThe priority must be a positive value between 0 and 2147483647.\nRules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_policy":{"type":"string","description":"The name of the security policy this rule belongs to.","description_kind":"plain","required":true}},"block_types":{"match":{"nesting_mode":"list","block":{"attributes":{"versioned_expr":{"type":"string","description":"Preconfigured versioned expression. If this field is specified, config must also be specified.\nAvailable preconfigured expressions along with their requirements are: SRC_IPS_V1 - must specify the corresponding srcIpRange field in config. Possible values: [\"SRC_IPS_V1\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"src_ip_ranges":{"type":["list","string"],"description":"CIDR IP address range. Maximum number of srcIpRanges allowed is 10.","description_kind":"plain","optional":true}},"description":"The configuration options available when specifying versionedExpr.\nThis field must be specified if versionedExpr is specified and cannot be specified if versionedExpr is not specified.","description_kind":"plain"},"max_items":1},"expr":{"nesting_mode":"list","block":{"attributes":{"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported.","description_kind":"plain","required":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A match condition that incoming traffic is evaluated against.\nIf it evaluates to true, the corresponding 'action' is enforced.","description_kind":"plain"},"max_items":1},"preconfigured_waf_config":{"nesting_mode":"list","block":{"block_types":{"exclusion":{"nesting_mode":"list","block":{"attributes":{"target_rule_ids":{"type":["list","string"],"description":"A list of target rule IDs under the WAF rule set to apply the preconfigured WAF exclusion.\nIf omitted, it refers to all the rule IDs under the WAF rule set.","description_kind":"plain","optional":true},"target_rule_set":{"type":"string","description":"Target WAF rule set to apply the preconfigured WAF exclusion.","description_kind":"plain","required":true}},"block_types":{"request_cookie":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request cookie whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_header":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request header whose value will be excluded from inspection during preconfigured WAF evaluation.","description_kind":"plain"}},"request_query_param":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation.\nNote that the parameter can be in the query string or in the POST body.","description_kind":"plain"}},"request_uri":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"You can specify an exact match or a partial match by using a field operator and a field value.\nAvailable options:\nEQUALS: The operator matches if the field value equals the specified value.\nSTARTS_WITH: The operator matches if the field value starts with the specified value.\nENDS_WITH: The operator matches if the field value ends with the specified value.\nCONTAINS: The operator matches if the field value contains the specified value.\nEQUALS_ANY: The operator matches if the field value is any value.","description_kind":"plain","required":true},"value":{"type":"string","description":"A request field matching the specified value will be excluded from inspection during preconfigured WAF evaluation.\nThe field value must be given if the field operator is not EQUALS_ANY, and cannot be given if the field operator is EQUALS_ANY.","description_kind":"plain","optional":true}},"description":"Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation.\nWhen specifying this field, the query or fragment part should be excluded.","description_kind":"plain"}}},"description":"An exclusion to apply during preconfigured WAF evaluation.","description_kind":"plain"}}},"description":"Preconfigured WAF configuration to be applied for the rule.\nIf the rule does not evaluate preconfigured WAF rules, i.e., if evaluatePreconfiguredWaf() is not used, this field will have no effect.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_service_attachment":{"version":0,"block":{"attributes":{"connected_endpoints":{"type":["list",["object",{"endpoint":"string","status":"string"}]],"description":"An array of the consumer forwarding rules connected to this service\nattachment.","description_kind":"plain","computed":true},"connection_preference":{"type":"string","description":"The connection preference to use for this service attachment. Valid\nvalues include \"ACCEPT_AUTOMATIC\", \"ACCEPT_MANUAL\".","description_kind":"plain","required":true},"consumer_reject_lists":{"type":["list","string"],"description":"An array of projects that are not allowed to connect to this service\nattachment.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"domain_names":{"type":["list","string"],"description":"If specified, the domain name will be used during the integration between\nthe PSC connected endpoints and the Cloud DNS. For example, this is a\nvalid domain name: \"p.mycompany.com.\". Current max number of domain names\nsupported is 1.","description_kind":"plain","optional":true},"enable_proxy_protocol":{"type":"bool","description":"If true, enable the proxy protocol which is for supplying client TCP/IP\naddress data in TCP connections that traverse proxies on their way to\ndestination servers.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during\nupdates of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"nat_subnets":{"type":["list","string"],"description":"An array of subnets that is provided for NAT in this service attachment.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconcile_connections":{"type":"bool","description":"This flag determines whether a consumer accept/reject list change can reconcile the statuses of existing ACCEPTED or REJECTED PSC endpoints.\n\nIf false, connection policy update will only affect existing PENDING PSC endpoints. Existing ACCEPTED/REJECTED endpoints will remain untouched regardless how the connection policy is modified .\nIf true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. For example, an ACCEPTED PSC endpoint will be moved to REJECTED if its project is added to the reject list.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"URL of the region where the resource resides.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"target_service":{"type":"string","description":"The URL of a forwarding rule that represents the service identified by\nthis service attachment.","description_kind":"plain","required":true}},"block_types":{"consumer_accept_lists":{"nesting_mode":"set","block":{"attributes":{"connection_limit":{"type":"number","description":"The number of consumer forwarding rules the consumer project can\ncreate.","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The network that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true},"project_id_or_num":{"type":"string","description":"A project that is allowed to connect to this service attachment.\nOnly one of project_id_or_num and network_url may be set.","description_kind":"plain","optional":true}},"description":"An array of projects that are allowed to connect to this service\nattachment.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_host_project":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC host project","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_shared_vpc_service_project":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the shared VPC service. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host_project":{"type":"string","description":"The ID of a host project to associate.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_project":{"type":"string","description":"The ID of the project that will serve as a Shared VPC service project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","required":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"snapshot_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_self_link":{"type":"string","description":"The name of the encryption key that is stored in Google Cloud KMS.","description_kind":"plain","optional":true},"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true},"sha256":{"type":"string","description":"The RFC 4648 base64 encoded SHA-256 hash of the customer-supplied\nencryption key that protects this resource.","description_kind":"plain","computed":true}},"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain"},"max_items":1},"source_disk_encryption_key":{"nesting_mode":"list","block":{"attributes":{"kms_key_service_account":{"type":"string","description":"The service account used for the encryption request for the given KMS key.\nIf absent, the Compute Engine Service Agent service account is used.","description_kind":"plain","optional":true},"raw_key":{"type":"string","description":"Specifies a 256-bit customer-supplied encryption key, encoded in\nRFC 4648 base64 to either encrypt or decrypt this resource.","description_kind":"plain","optional":true,"sensitive":true}},"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_snapshot_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","required":true,"sensitive":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource. This field can be set only at resource\ncreation time.","description_kind":"plain","optional":true},"external_ipv6_prefix":{"type":"string","description":"The range of external IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","optional":true,"computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. This field is used internally during updates of this resource.","description_kind":"plain","deprecated":true,"computed":true},"gateway_address":{"type":"string","description":"The gateway address for default routes to reach destination addresses\noutside this subnetwork.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description":"The internal IPv6 address range that is assigned to this subnetwork.","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that are owned by this subnetwork.\nProvide this property when you create the subnetwork. For example,\n10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and\nnon-overlapping within a network. Only IPv4 is supported.","description_kind":"plain","required":true},"ipv6_access_type":{"type":"string","description":"The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation\nor the first time the subnet is updated into IPV4_IPV6 dual stack. If the ipv6_type is EXTERNAL then this subnet\ncannot enable direct path. Possible values: [\"EXTERNAL\", \"INTERNAL\"]","description_kind":"plain","optional":true},"ipv6_cidr_range":{"type":"string","description":"The range of internal IPv6 addresses that are owned by this subnetwork.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially\ncreating the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this subnet belongs to.\nOnly networks that are in the distributed mode can have subnetworks.","description_kind":"plain","required":true},"private_ip_google_access":{"type":"bool","description":"When enabled, VMs in this subnetwork without external IP addresses can\naccess Google APIs and services by using Private Google Access.","description_kind":"plain","optional":true,"computed":true},"private_ipv6_google_access":{"type":"string","description":"The private IPv6 google access type for the VMs in this subnet.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description":"The purpose of the resource. This field can be either 'PRIVATE_RFC_1918', 'REGIONAL_MANAGED_PROXY', 'GLOBAL_MANAGED_PROXY', 'PRIVATE_SERVICE_CONNECT' or 'PRIVATE_NAT'([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).\nA subnet with purpose set to 'REGIONAL_MANAGED_PROXY' is a user-created subnetwork that is reserved for regional Envoy-based load balancers.\nA subnetwork in a given region with purpose set to 'GLOBAL_MANAGED_PROXY' is a proxy-only subnet and is shared between all the cross-regional Envoy-based load balancers.\nA subnetwork with purpose set to 'PRIVATE_SERVICE_CONNECT' reserves the subnet for hosting a Private Service Connect published service.\nA subnetwork with purpose set to 'PRIVATE_NAT' is used as source range for Private NAT gateways.\nNote that 'REGIONAL_MANAGED_PROXY' is the preferred setting for all regional Envoy load balancers.\nIf unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The GCP region for this subnetwork.","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The role of subnetwork.\nCurrently, this field is only used when 'purpose' is 'REGIONAL_MANAGED_PROXY'.\nThe value can be set to 'ACTIVE' or 'BACKUP'.\nAn 'ACTIVE' subnetwork is one that is currently being used for Envoy-based load balancers in a region.\nA 'BACKUP' subnetwork is one that is ready to be promoted to 'ACTIVE' or is currently draining. Possible values: [\"ACTIVE\", \"BACKUP\"]","description_kind":"plain","optional":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description":"An array of configurations for secondary IP ranges for VM instances\ncontained in this subnetwork. The primary IP of such VM must belong\nto the primary ipCidrRange of the subnetwork. The alias IPs may belong\nto either primary or secondary ranges.\n\n**Note**: This field uses [attr-as-block mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html) to avoid\nbreaking users during the 0.12 upgrade. To explicitly send a list\nof zero objects you must use the following syntax:\n'example=[]'\nFor more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value).","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this subnet to identify whether the IPv6 feature is enabled or not.\nIf not specified IPV4_ONLY will be used. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"aggregation_interval":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nToggles the aggregation interval for collecting flow logs. Increasing the\ninterval time will reduce the amount of generated flow logs for long\nlasting connections. Default is an interval of 5 seconds per connection. Default value: \"INTERVAL_5_SEC\" Possible values: [\"INTERVAL_5_SEC\", \"INTERVAL_30_SEC\", \"INTERVAL_1_MIN\", \"INTERVAL_5_MIN\", \"INTERVAL_10_MIN\", \"INTERVAL_15_MIN\"]","description_kind":"plain","optional":true},"filter_expr":{"type":"string","description":"Export filter used to define which VPC flow logs should be logged, as as CEL expression. See\nhttps://cloud.google.com/vpc/docs/flow-logs#filtering for details on how to format this field.\nThe default value is 'true', which evaluates to include everything.","description_kind":"plain","optional":true},"flow_sampling":{"type":"number","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nThe value of the field must be in [0, 1]. Set the sampling rate of VPC\nflow logs within the subnetwork where 1.0 means all collected logs are\nreported and 0.0 means no logs are reported. Default is 0.5 which means\nhalf of all collected logs are reported.","description_kind":"plain","optional":true},"metadata":{"type":"string","description":"Can only be specified if VPC flow logging for this subnetwork is enabled.\nConfigures whether metadata fields should be added to the reported VPC\nflow logs. Default value: \"INCLUDE_ALL_METADATA\" Possible values: [\"EXCLUDE_ALL_METADATA\", \"INCLUDE_ALL_METADATA\", \"CUSTOM_METADATA\"]","description_kind":"plain","optional":true},"metadata_fields":{"type":["set","string"],"description":"List of metadata fields that should be added to reported logs.\nCan only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" is set to CUSTOM_METADATA.","description_kind":"plain","optional":true}},"description":"This field denotes the VPC flow logging options for this subnetwork. If\nlogging is enabled, logs are exported to Cloud Logging. Flow logging\nisn't supported if the subnet 'purpose' field is set to subnetwork is\n'REGIONAL_MANAGED_PROXY' or 'GLOBAL_MANAGED_PROXY'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_subnetwork_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_target_grpc_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in\nthis object. This field is used in optimistic locking. This field\nwill be ignored when inserting a TargetGrpcProxy. An up-to-date\nfingerprint must be provided in order to patch/update the\nTargetGrpcProxy; otherwise, the request will fail with error\n412 conditionNotMet. To see the latest fingerprint, make a get()\nrequest to retrieve the TargetGrpcProxy. A base64-encoded string.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource\nis created. The name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long\nand match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which\nmeans the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"self_link_with_id":{"type":"string","description":"Server-defined URL with id for the resource.","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"URL to the UrlMap resource that defines the mapping from URL to\nthe BackendService. The protocol field in the BackendService\nmust be set to GRPC.","description_kind":"plain","optional":true},"validate_for_proxyless":{"type":"bool","description":"If true, indicates that the BackendServices referenced by\nthe urlMap may be accessed by gRPC applications without using\na sidecar proxy. This will enable configuration checks on urlMap\nand its referenced BackendServices to not allow unsupported features.\nA gRPC application must use \"xds:///\" scheme in the target URI\nof the service it is connecting to. If false, indicates that the\nBackendServices referenced by the urlMap will be accessed by gRPC\napplications via a sidecar proxy. In this case, a gRPC application\nmust not use \"xds:///\" scheme in the target URI of the service\nit is connecting to","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_http_proxy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_https_proxy":{"version":0,"block":{"attributes":{"certificate_manager_certificates":{"type":["list","string"],"description":"URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 certificates. Certificate manager certificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates fields can not be defined together.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}' or just the self_link 'projects/{project}/locations/{location}/certificates/{resourceName}'","description_kind":"plain","optional":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"http_keep_alive_timeout_sec":{"type":"number","description":"Specifies how long to keep a connection open, after completing a response,\nwhile there is no matching traffic (in seconds). If an HTTP keepalive is\nnot specified, a default value (610 seconds) will be used. For Global\nexternal HTTP(S) load balancer, the minimum allowed value is 5 seconds and\nthe maximum allowed value is 1200 seconds. For Global external HTTP(S)\nload balancer (classic), this option is not available publicly.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"quic_override":{"type":"string","description":"Specifies the QUIC override policy for this resource. This determines\nwhether the load balancer will attempt to negotiate QUIC with clients\nor not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is\nspecified, Google manages whether QUIC is used. Default value: \"NONE\" Possible values: [\"NONE\", \"ENABLE\", \"DISABLE\"]","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A URL referring to a networksecurity.ServerTlsPolicy\nresource that describes how the proxy should authenticate inbound\ntraffic. serverTlsPolicy only applies to a global TargetHttpsProxy\nattached to globalForwardingRules with the loadBalancingScheme\nset to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED.\nFor details which ServerTlsPolicy resources are accepted with\nINTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED\nloadBalancingScheme consult ServerTlsPolicy documentation.\nIf left blank, communications are not encrypted.","description_kind":"plain","optional":true},"ssl_certificates":{"type":["list","string"],"description":"URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer.\nCurrently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.\nsslCertificates and certificateManagerCertificates can not be defined together.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetHttpsProxy resource. If not set, the TargetHttpsProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true},"url_map":{"type":"string","description":"A reference to the UrlMap resource that defines the mapping from URL\nto the BackendService.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_instance":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The Compute instance VM handling traffic for this target instance.\nAccepts the instance self-link, relative path\n(e.g. 'projects/project/zones/zone/instances/instance') or name. If\nname is given, the zone will default to the given zone or\nthe provider-default zone and the project will default to the\nprovider-level project.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"nat_policy":{"type":"string","description":"NAT option controlling how IPs are NAT'ed to the instance.\nCurrently only NO_NAT (default value) is supported. Default value: \"NO_NAT\" Possible values: [\"NO_NAT\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"zone":{"type":"string","description":"URL of the zone where the target instance resides.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_pool":{"version":0,"block":{"attributes":{"backup_pool":{"type":"string","description":"URL to the backup target pool. Must also set failover_ratio.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Textual description field.","description_kind":"plain","optional":true},"failover_ratio":{"type":"number","description":"Ratio (0 to 1) of failed nodes before using the backup pool (which must also be set).","description_kind":"plain","optional":true},"health_checks":{"type":["list","string"],"description":"List of zero or one health check name or self_link. Only legacy google_compute_http_health_check is supported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description":"List of instances in the pool. They can be given as URLs, or in the form of \"zone/name\". Note that the instances need not exist at the time of target pool creation, so there is no need to use the Terraform interpolators to create a dependency on the instances from the target pool.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique name for the resource, required by GCE. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Where the target pool resides. Defaults to project region.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"How to distribute load. Options are \"NONE\" (no affinity). \"CLIENT_IP\" (hash of the source/dest addresses / ports), and \"CLIENT_IP_PROTO\" also includes the protocol (default \"NONE\").","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_ssl_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"certificate_map":{"type":"string","description":"A reference to the CertificateMap resource uri that identifies a certificate map\nassociated with the given target proxy. This field can only be set for global target proxies.\nAccepted format is '//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}'.","description_kind":"plain","optional":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_certificates":{"type":["list","string"],"description":"A list of SslCertificate resources that are used to authenticate\nconnections between users and the load balancer. At least one\nSSL certificate must be specified.","description_kind":"plain","optional":true},"ssl_policy":{"type":"string","description":"A reference to the SslPolicy resource that will be associated with\nthe TargetSslProxy resource. If not set, the TargetSslProxy\nresource will not have any SSL policy configured.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_target_tcp_proxy":{"version":0,"block":{"attributes":{"backend_service":{"type":"string","description":"A reference to the BackendService resource.","description_kind":"plain","required":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_bind":{"type":"bool","description":"This field only applies when the forwarding rule that references\nthis target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","optional":true,"computed":true},"proxy_header":{"type":"string","description":"Specifies the type of proxy header to append before sending data to\nthe backend. Default value: \"NONE\" Possible values: [\"NONE\", \"PROXY_V1\"]","description_kind":"plain","optional":true},"proxy_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_url_map":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given rules match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this object. This\nfield is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"map_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is created. The\nname must be 1-63 characters long, and comply with RFC1035. Specifically, the\nname must be 1-63 characters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase\nletter, and all following characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions\nlike URL rewrites, header transformations, etc. prior to forwarding the request to the selected backend.\nIf defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService\nis set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained. The default is set to false.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here take effect after\nheaderAction specified under pathMatcher.","description_kind":"plain"},"max_items":1},"host_rule":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"hosts":{"type":["set","string"],"description":"The list of host patterns to match. They must be valid hostnames, except * will\nmatch any string of ([a-z0-9-.]*). In that case, * must be the first character\nand must be followed in the pattern by either - or ..","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the PathMatcher to use to match the path portion of the URL if the\nhostRule matches the URL's host portion.","description_kind":"plain","required":true}},"description":"The list of HostRules to use against the URL.","description_kind":"plain"}},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"default_service":{"type":"string","description":"The backend service or backend bucket to use when none of the given paths match.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create\nthe resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"default_route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\nThis translates to the Access-Control-Allow-Credentials header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For regular expression grammar\nplease see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\nAn origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long results of a preflight request can be cached in seconds.\nThis translates to the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see\n[W3C Recommendation for Cross Origin Resource Sharing](https://www.w3.org/TR/cors/)","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request.\nThe value must be between 200 and 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be aborted as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault injection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will be introduced as part of fault injection.\nThe value must be between 0.0 and 100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault injection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure.\nAs part of fault injection, when clients send requests to a backend service, delays can be introduced by Loadbalancer on a\npercentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted\nby the Loadbalancer for a percentage of requests.\n\ntimeout and retryPolicy will be ignored by clients that are configured with a faultInjectionPolicy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service.\nLoadbalancer does not wait for responses from the shadow service. Prior to sending traffic to the shadow service,\nthe host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0. If not specified, defaults to 1.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with any 5xx response code,\n or if the backend service does not respond at all, example: disconnects, reset, read timeout,\n* connection failure, and refused streams.\n* gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures connecting to backend services,\n for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream:Loadbalancer will retry if the backend service resets the stream with a REFUSED_STREAM error code.\n This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are\nrepresented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies a non-zero timeout per retry attempt.\n\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction is not set,\nwill use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented\nwith a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.\nNote: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years","description_kind":"plain","optional":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time the request has been\nfully processed (i.e. end-of-stream) up until the response has been completely processed. Timeout includes all retries.\n\nIf not specified, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host header is replaced\nwith contents of hostRewrite.\n\nThe value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching portion of the\nrequest's path is replaced by pathPrefixRewrite.\n\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to the matched service.","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The full or partial URL to the default BackendService resource. Before forwarding the\nrequest to backendService, the loadbalancer applies any relevant headerActions\nspecified as part of this backendServiceWeight.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as\nweight / (sum of all weightedBackendService weights in routeAction) .\n\nThe selection of a backend service is determined only for new traffic. Once a user's request\nhas been directed to a backendService, subsequent requests will be sent to the same backendService\nas determined by the BackendService's session affinity policy.\n\nThe value must be between 0 and 1000","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request prior to\nforwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response prior to sending the\nresponse back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add to a matching request prior to forwarding the request to the backendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","optional":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","optional":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the header.\nIf true, headerValue is set for the header, discarding any values that were set for that header.","description_kind":"plain","optional":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService.\n\nheaderAction specified here take effect before headerAction in the enclosing\nHttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match occurs.\nThe weights determine the fraction of traffic that flows to their corresponding backend service.\nIf all traffic needs to go to a single backend service, there must be one weightedBackendService\nwith weight set to a non 0 number.\n\nOnce a backendService is identified and before forwarding the request to the backend service,\nadvanced routing actions like Url rewrites and header transformations are applied depending on\nadditional settings specified in this HttpRouteAction.","description_kind":"plain"}}},"description":"defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs\nadvanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request\nto the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set.\nConversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices.\n\nOnly one of defaultRouteAction or defaultUrlRedirect must be set.","description_kind":"plain"},"max_items":1},"default_url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to\nfalse, the URL scheme of the redirected request will remain the same as that of the\nrequest. This must only be set for UrlMaps used in TargetHttpProxys. Setting this\ntrue for TargetHttpsProxy is not permitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. pathRedirect cannot be supplied together with\nprefixRedirect. Supply one alone or neither. If neither is supplied, the path of the\noriginal request will be used for the redirect. The value must be between 1 and 1024\ncharacters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or\nneither. If neither is supplied, the path of the original request will be used for\nthe redirect. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior\nto redirecting the request. If set to false, the query portion of the original URL is\nretained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When none of the specified hostRules match, the request is redirected to a URL specified\nby defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or\ndefaultRouteAction must not be set.","description_kind":"plain"},"max_items":1},"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. HeaderAction specified here are applied after the\nmatching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap","description_kind":"plain"},"max_items":1},"path_rule":{"nesting_mode":"list","block":{"attributes":{"paths":{"type":["set","string"],"description":"The list of path patterns to match. Each must start with / and the only place a\n\\* is allowed is at the end following a /. The string fed to the path matcher\ndoes not include any text after the first ? or #, and those chars are not\nallowed here.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket to use if any of the given paths match.","description_kind":"plain","optional":true}},"block_types":{"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.","description_kind":"plain","required":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","required":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","required":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","required":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","optional":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\nany 5xx response code, or if the backend service does not respond at all,\nexample: disconnects, reset, read timeout, connection failure, and refused\nstreams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\nconnecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\nCurrently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\nREFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\nheader is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\ngRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\nheader is set to resource-exhausted\n* unavailable: Loadbalancer will retry if\nthe gRPC status code in the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching path, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one\nthat was supplied in the request. The value must be between 1 and 255\ncharacters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https.\nIf set to false, the URL scheme of the redirected request will remain the\nsame as that of the request. This must only be set for UrlMaps used in\nTargetHttpProxys. Setting this true for TargetHttpsProxy is not\npermitted. The default is set to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one\nthat was supplied in the request. pathRedirect cannot be supplied\ntogether with prefixRedirect. Supply one alone or neither. If neither is\nsupplied, the path of the original request will be used for the redirect.\nThe value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the\nHttpRouteRuleMatch, retaining the remaining portion of the URL before\nredirecting the request. prefixRedirect cannot be supplied together with\npathRedirect. Supply one alone or neither. If neither is supplied, the\npath of the original request will be used for the redirect. The value\nmust be between 1 and 1024 characters.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method\nwill be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case,\nthe request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is\nremoved prior to redirecting the request. If set to false, the query\nportion of the original URL is retained.\n This field is required to ensure an empty block is not set. The normal default value is false.","description_kind":"plain","required":true}},"description":"When a path pattern is matched, the request is redirected to a URL specified\nby urlRedirect. If urlRedirect is specified, service or routeAction must not\nbe set.","description_kind":"plain"},"max_items":1}},"description":"The list of path rules. Use this list instead of routeRules when routing based\non simple path matching is all that's required. The order by which path rules\nare specified does not matter. Matches are always done on the longest-path-first\nbasis. For example: a pathRule with a path /a/b/c/* will match before /a/b/*\nirrespective of the order in which those paths appear in this list. Within a\ngiven pathMatcher, only one of pathRules or routeRules must be set.","description_kind":"plain"}},"route_rules":{"nesting_mode":"list","block":{"attributes":{"priority":{"type":"number","description":"For routeRules within a given pathMatcher, priority determines the order\nin which load balancer will interpret routeRules. RouteRules are evaluated\nin order of priority, from the lowest to highest number. The priority of\na rule decreases as its number increases (1, 2, 3, N+1). The first rule\nthat matches the request is applied.\n\nYou cannot configure two or more routeRules with the same priority.\nPriority for each rule must be set to a number between 0 and\n2147483647 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules\nin the future without affecting the rest of the rules. For example,\n1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which\nyou could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the\nfuture without any impact on existing rules.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service resource to which traffic is\ndirected if this rule is matched. If routeAction is additionally specified,\nadvanced routing actions like URL Rewrites, etc. take effect prior to sending\nthe request to the backend. However, if service is specified, routeAction cannot\ncontain any weightedBackendService s. Conversely, if routeAction specifies any\nweightedBackendServices, service must not be specified. Only one of urlRedirect,\nservice or routeAction.weightedBackendService must be set.","description_kind":"plain","optional":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. The headerAction specified here are applied before\nthe matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].r\nouteAction.weightedBackendService.backendServiceWeightAction[].headerAction","description_kind":"plain"},"max_items":1},"match_rules":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly\nmatch the value specified in fullPathMatch after removing any query parameters\nand anchor that may be part of the original URL. FullPathMatch must be between 1\nand 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must\nbe specified.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.\nDefaults to false.","description_kind":"plain","optional":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the\nspecified prefixMatch. prefixMatch must begin with a /. The value must be\nbetween 1 and 1024 characters. Only one of prefixMatch, fullPathMatch or\nregexMatch must be specified.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must satisfy the\nregular expression specified in regexMatch after removing any query parameters\nand anchor supplied with the original URL. For regular expression grammar please\nsee en.cppreference.com/w/cpp/regex/ecmascript Only one of prefixMatch,\nfullPathMatch or regexMatch must be specified.","description_kind":"plain","optional":true}},"block_types":{"header_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value should exactly match contents of exactMatch. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The name of the HTTP header to match. For matching against the HTTP request's\nauthority, use a headerMatch with the header name \":authority\". For matching a\nrequest's method, use the headerName \":method\".","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false, the headerMatch is considered a match if the match criteria\nabove are met. If set to true, the headerMatch is considered a match if the\nmatch criteria above are NOT met. Defaults to false.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place\nwhether or not the request's header has a value or not. Only one of exactMatch,\nprefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The value of the header must match the regular expression specified in\nregexMatch. For regular expression grammar, please see:\nen.cppreference.com/w/cpp/regex/ecmascript For matching against a port\nspecified in the HTTP request, use a headerMatch with headerName set to PORT and\na regular expression that satisfies the RFC2616 Host header's port specifier.\nOnly one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or\nrangeMatch must be set.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain","optional":true}},"block_types":{"range_match":{"nesting_mode":"list","block":{"attributes":{"range_end":{"type":"number","description":"The end of the range (exclusive).","description_kind":"plain","required":true},"range_start":{"type":"number","description":"The start of the range (inclusive).","description_kind":"plain","required":true}},"description":"The header value must be an integer and its value must be in the range specified\nin rangeMatch. If the header does not contain an integer, number or is empty,\nthe match fails. For example for a range [-5, 0] - -3 will match. - 0 will\nnot match. - 0.25 will not match. - -3someString will not match. Only one of\nexactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch\nmust be set.","description_kind":"plain"},"max_items":1}},"description":"Specifies a list of header match criteria, all of which must match corresponding\nheaders in the request.","description_kind":"plain"}},"metadata_filters":{"nesting_mode":"list","block":{"attributes":{"filter_match_criteria":{"type":"string","description":"Specifies how individual filterLabel matches within the list of filterLabels\ncontribute towards the overall metadataFilter match. Supported values are:\n - MATCH_ANY: At least one of the filterLabels must have a matching label in the\nprovided metadata.\n - MATCH_ALL: All filterLabels must have matching labels in\nthe provided metadata. Possible values: [\"MATCH_ALL\", \"MATCH_ANY\"]","description_kind":"plain","required":true}},"block_types":{"filter_labels":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of metadata label. The name can have a maximum length of 1024 characters\nand must be at least 1 character long.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the label must match the specified value. value can have a maximum\nlength of 1024 characters.","description_kind":"plain","required":true}},"description":"The list of label value pairs that must match labels in the provided metadata\nbased on filterMatchCriteria This list must not be empty and can have at the\nmost 64 entries.","description_kind":"plain"},"min_items":1,"max_items":64}},"description":"Opaque filter criteria used by Loadbalancer to restrict routing configuration to\na limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS\nclients present node metadata. If a match takes place, the relevant routing\nconfiguration is made available to those proxies. For each metadataFilter in\nthis list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the\nfilterLabels must match the corresponding label provided in the metadata. If its\nfilterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match\nwith corresponding labels in the provided metadata. metadataFilters specified\nhere can be overrides those specified in ForwardingRule that refers to this\nUrlMap. metadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain"}},"query_parameter_matches":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches\nthe contents of exactMatch. Only one of presentMatch, exactMatch and regexMatch\nmust be set.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the\nrequest, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query\nparameter, irrespective of whether the parameter has a value or not. Only one of\npresentMatch, exactMatch and regexMatch must be set.","description_kind":"plain","optional":true},"regex_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter matches the\nregular expression specified by regexMatch. For the regular expression grammar,\nplease see en.cppreference.com/w/cpp/regex/ecmascript Only one of presentMatch,\nexactMatch and regexMatch must be set.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match\ncorresponding query parameters in the request.","description_kind":"plain"}}},"description":"The rules for determining a match.","description_kind":"plain"}},"route_action":{"nesting_mode":"list","block":{"block_types":{"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the\nactual request can include user credentials. This translates to the Access-\nControl-Allow-Credentials header. Defaults to false.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods header.","description_kind":"plain","optional":true},"allow_origin_regexes":{"type":["list","string"],"description":"Specifies the regular expression patterns that match allowed origins. For\nregular expression grammar please see en.cppreference.com/w/cpp/regex/ecmascript\nAn origin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests. An\norigin is allowed if it matches either allow_origins or allow_origin_regex.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled.\nwhich indicates that the CORS policy is in effect. Defaults to false.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Expose-Headers header.","description_kind":"plain","optional":true},"max_age":{"type":"number","description":"Specifies how long the results of a preflight request can be cached. This\ntranslates to the content for the Access-Control-Max-Age header.","description_kind":"plain","optional":true}},"description":"The specification for allowing client side cross-origin requests. Please see W3C\nRecommendation for Cross Origin Resource Sharing","description_kind":"plain"},"max_items":1},"fault_injection_policy":{"nesting_mode":"list","block":{"block_types":{"abort":{"nesting_mode":"list","block":{"attributes":{"http_status":{"type":"number","description":"The HTTP status code used to abort the request. The value must be between 200\nand 599 inclusive.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) which will be\naborted as part of fault injection. The value must be between 0.0 and 100.0\ninclusive.","description_kind":"plain","optional":true}},"description":"The specification for how client requests are aborted as part of fault\ninjection.","description_kind":"plain"},"max_items":1},"delay":{"nesting_mode":"list","block":{"attributes":{"percentage":{"type":"number","description":"The percentage of traffic (connections/operations/requests) on which delay will\nbe introduced as part of fault injection. The value must be between 0.0 and\n100.0 inclusive.","description_kind":"plain","optional":true}},"block_types":{"fixed_delay":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the value of the fixed delay interval.","description_kind":"plain"},"max_items":1}},"description":"The specification for how client requests are delayed as part of fault\ninjection, before being sent to a backend service.","description_kind":"plain"},"max_items":1}},"description":"The specification for fault injection introduced into traffic to test the\nresiliency of clients to backend service failure. As part of fault injection,\nwhen clients send requests to a backend service, delays can be introduced by\nLoadbalancer on a percentage of requests before sending those request to the\nbackend service. Similarly requests from clients can be aborted by the\nLoadbalancer for a percentage of requests. timeout and retry_policy will be\nignored by clients that are configured with a fault_injection_policy.","description_kind":"plain"},"max_items":1},"request_mirror_policy":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The BackendService resource being mirrored to.","description_kind":"plain","required":true}},"description":"Specifies the policy on how requests intended for the route's backends are\nshadowed to a separate mirrored backend service. Loadbalancer does not wait for\nresponses from the shadow service. Prior to sending traffic to the shadow\nservice, the host / authority header is suffixed with -shadow.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"num_retries":{"type":"number","description":"Specifies the allowed number retries. This number must be \u003e 0.","description_kind":"plain","required":true},"retry_conditions":{"type":["list","string"],"description":"Specfies one or more conditions when this retry rule applies. Valid values are:\n\n* 5xx: Loadbalancer will attempt a retry if the backend service responds with\n any 5xx response code, or if the backend service does not respond at all,\n example: disconnects, reset, read timeout, connection failure, and refused\n streams.\n* gateway-error: Similar to 5xx, but only applies to response codes\n 502, 503 or 504.\n* connect-failure: Loadbalancer will retry on failures\n connecting to backend services, for example due to connection timeouts.\n* retriable-4xx: Loadbalancer will retry for retriable 4xx response codes.\n Currently the only retriable error supported is 409.\n* refused-stream: Loadbalancer will retry if the backend service resets the stream with a\n REFUSED_STREAM error code. This reset type indicates that it is safe to retry.\n* cancelled: Loadbalancer will retry if the gRPC status code in the response\n header is set to cancelled\n* deadline-exceeded: Loadbalancer will retry if the\n gRPC status code in the response header is set to deadline-exceeded\n* resource-exhausted: Loadbalancer will retry if the gRPC status code in the response\n header is set to resource-exhausted\n* unavailable: Loadbalancer will retry if the gRPC status code in\n the response header is set to unavailable","description_kind":"plain","optional":true}},"block_types":{"per_try_timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies a non-zero timeout per retry attempt.\nIf not specified, will use the timeout set in HttpRouteAction. If timeout in HttpRouteAction\nis not set, will use the largest timeout among all backend services associated with the route.","description_kind":"plain"},"max_items":1}},"description":"Specifies the retry policy associated with this route.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"nanos":{"type":"number","description":"Span of time that's a fraction of a second at nanosecond resolution. Durations\nless than one second are represented with a 0 'seconds' field and a positive\n'nanos' field. Must be from 0 to 999,999,999 inclusive.","description_kind":"plain","optional":true},"seconds":{"type":"string","description":"Span of time at a resolution of a second. Must be from 0 to 315,576,000,000\ninclusive.","description_kind":"plain","required":true}},"description":"Specifies the timeout for the selected route. Timeout is computed from the time\nthe request is has been fully processed (i.e. end-of-stream) up until the\nresponse has been completely processed. Timeout includes all retries. If not\nspecified, the default value is 15 seconds.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected service, the request's host\nheader is replaced with contents of hostRewrite. The value must be between 1 and\n255 characters.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected backend service, the matching\nportion of the request's path is replaced by pathPrefixRewrite. The value must\nbe between 1 and 1024 characters.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The spec to modify the URL of the request, prior to forwarding the request to\nthe matched service","description_kind":"plain"},"max_items":1},"weighted_backend_services":{"nesting_mode":"list","block":{"attributes":{"backend_service":{"type":"string","description":"The default BackendService resource. Before\nforwarding the request to backendService, the loadbalancer applies any relevant\nheaderActions specified as part of this backendServiceWeight.","description_kind":"plain","required":true},"weight":{"type":"number","description":"Specifies the fraction of traffic sent to backendService, computed as weight /\n(sum of all weightedBackendService weights in routeAction) . The selection of a\nbackend service is determined only for new traffic. Once a user's request has\nbeen directed to a backendService, subsequent requests will be sent to the same\nbackendService as determined by the BackendService's session affinity policy.\nThe value must be between 0 and 1000","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"attributes":{"request_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the request\nprior to forwarding the request to the backendService.","description_kind":"plain","optional":true},"response_headers_to_remove":{"type":["list","string"],"description":"A list of header names for headers that need to be removed from the response\nprior to sending the response back to the client.","description_kind":"plain","optional":true}},"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add to a matching request prior to forwarding the request to the\nbackendService.","description_kind":"plain"}},"response_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"If false, headerValue is appended to any values that already exist for the\nheader. If true, headerValue is set for the header, discarding any values that\nwere set for that header.","description_kind":"plain","required":true}},"description":"Headers to add the response prior to sending the response back to the client.","description_kind":"plain"}}},"description":"Specifies changes to request and response headers that need to take effect for\nthe selected backendService. headerAction specified here take effect before\nheaderAction in the enclosing HttpRouteRule, PathMatcher and UrlMap.","description_kind":"plain"},"max_items":1}},"description":"A list of weighted backend services to send traffic to when a route match\noccurs. The weights determine the fraction of traffic that flows to their\ncorresponding backend service. If all traffic needs to go to a single backend\nservice, there must be one weightedBackendService with weight set to a non 0\nnumber. Once a backendService is identified and before forwarding the request to\nthe backend service, advanced routing actions like Url rewrites and header\ntransformations are applied depending on additional settings specified in this\nHttpRouteAction.","description_kind":"plain"}}},"description":"In response to a matching matchRule, the load balancer performs advanced routing\nactions like URL rewrites, header transformations, etc. prior to forwarding the\nrequest to the selected backend. If routeAction specifies any\nweightedBackendServices, service must not be set. Conversely if service is set,\nrouteAction cannot contain any weightedBackendServices. Only one of routeAction\nor urlRedirect must be set.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was\nsupplied in the request. The value must be between 1 and 255 characters.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set\nto false, the URL scheme of the redirected request will remain the same as that\nof the request. This must only be set for UrlMaps used in TargetHttpProxys.\nSetting this true for TargetHttpsProxy is not permitted. Defaults to false.","description_kind":"plain","optional":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was\nsupplied in the request. Only one of pathRedirect or prefixRedirect must be\nspecified. The value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch,\nretaining the remaining portion of the URL before redirecting the request.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction. Supported values are:\n\n* MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301.\n\n* FOUND, which corresponds to 302.\n\n* SEE_OTHER which corresponds to 303.\n\n* TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method will be retained.\n\n* PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method will be retained. Possible values: [\"FOUND\", \"MOVED_PERMANENTLY_DEFAULT\", \"PERMANENT_REDIRECT\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\"]","description_kind":"plain","optional":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed\nprior to redirecting the request. If set to false, the query portion of the\noriginal URL is retained. Defaults to false.","description_kind":"plain","optional":true}},"description":"When this rule is matched, the request is redirected to a URL specified by\nurlRedirect. If urlRedirect is specified, service or routeAction must not be\nset.","description_kind":"plain"},"max_items":1}},"description":"The list of ordered HTTP route rules. Use this list instead of pathRules when\nadvanced route matching and routing actions are desired. The order of specifying\nrouteRules matters: the first rule that matches will cause its specified routing\naction to take effect. Within a given pathMatcher, only one of pathRules or\nrouteRules must be set. routeRules are not supported in UrlMaps intended for\nExternal load balancers.","description_kind":"plain"}}},"description":"The list of named PathMatchers to use against the URL.","description_kind":"plain"}},"test":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of this test case.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Host portion of the URL.","description_kind":"plain","required":true},"path":{"type":"string","description":"Path portion of the URL.","description_kind":"plain","required":true},"service":{"type":"string","description":"The backend service or backend bucket link that should be matched by this test.","description_kind":"plain","required":true}},"description":"The list of expected URL mapping tests. Request to update this UrlMap will\nsucceed only if all of the test cases pass. You can specify a maximum of 100\ntests per UrlMap.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"gateway_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_vpn_tunnel":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"detailed_status":{"type":"string","description":"Detailed status message for the VPN tunnel.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ike_version":{"type":"number","description":"IKE protocol version to use when establishing the VPN tunnel with\npeer VPN gateway.\nAcceptable IKE versions are 1 or 2. Default version is 2.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this VpnTunnel.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"local_traffic_selector":{"type":["set","string"],"description":"Local traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63\ncharacters long and match the regular expression\n'[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character\nmust be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"peer_external_gateway":{"type":"string","description":"URL of the peer side external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_external_gateway_interface":{"type":"number","description":"The interface ID of the external VPN gateway to which this VPN tunnel is connected.","description_kind":"plain","optional":true},"peer_gcp_gateway":{"type":"string","description":"URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.\nIf provided, the VPN tunnel will automatically use the same vpn_gateway_interface\nID in the peer GCP VPN gateway.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"peer_ip":{"type":"string","description":"IP address of the peer VPN gateway. Only IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region where the tunnel is located. If unset, is set to the region of 'target_vpn_gateway'.","description_kind":"plain","optional":true,"computed":true},"remote_traffic_selector":{"type":["set","string"],"description":"Remote traffic selector to use when establishing the VPN tunnel with\npeer VPN gateway. The value should be a CIDR formatted string,\nfor example '192.168.0.0/16'. The ranges should be disjoint.\nOnly IPv4 is supported.","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"URL of router resource to be used for dynamic routing.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"shared_secret":{"type":"string","description":"Shared secret used to set the secure session between the Cloud VPN\ngateway and the peer VPN gateway.","description_kind":"plain","required":true,"sensitive":true},"shared_secret_hash":{"type":"string","description":"Hash of the shared secret.","description_kind":"plain","computed":true},"target_vpn_gateway":{"type":"string","description":"URL of the Target VPN gateway with which this VPN tunnel is\nassociated.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tunnel_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"vpn_gateway":{"type":"string","description":"URL of the VPN gateway with which this VPN tunnel is associated.\nThis must be used if a High Availability VPN gateway resource is created.\nThis field must reference a 'google_compute_ha_vpn_gateway' resource.","description_kind":"plain","optional":true},"vpn_gateway_interface":{"type":"number","description":"The interface ID of the VPN gateway with which this VPN tunnel is associated.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time this note was created.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"Time of expiration for this note. Leave empty if note does not expire.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The type of analysis this note describes","description_kind":"plain","computed":true},"long_description":{"type":"string","description":"A detailed description of the note","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the note.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"related_note_names":{"type":["set","string"],"description":"Names of other notes related to this note.","description_kind":"plain","optional":true},"short_description":{"type":"string","description":"A one sentence description of the note.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time this note was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation_authority":{"nesting_mode":"list","block":{"block_types":{"hint":{"nesting_mode":"list","block":{"attributes":{"human_readable_name":{"type":"string","description":"The human readable name of this Attestation Authority, for\nexample \"qa\".","description_kind":"plain","required":true}},"description":"This submessage provides human-readable hints about the purpose of\nthe AttestationAuthority. Because the name of a Note acts as its\nresource reference, it is important to disambiguate the canonical\nname of the Note (which might be a UUID for security purposes)\nfrom \"readable\" names more suitable for debug output. Note that\nthese hints should NOT be used to look up AttestationAuthorities\nin security sensitive contexts, such as when looking up\nAttestations to verify.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Note kind that represents a logical attestation \"role\" or \"authority\".\nFor example, an organization might have one AttestationAuthority for\n\"QA\" and one for \"build\". This Note is intended to act strictly as a\ngrouping mechanism for the attached Occurrences (Attestations). This\ngrouping mechanism also provides a security boundary, since IAM ACLs\ngate the ability for a principle to attach an Occurrence to a given\nNote. It also provides a single point of lookup to find all attached\nAttestation Occurrences, even if they don't all live in the same\nproject.","description_kind":"plain"},"min_items":1,"max_items":1},"related_url":{"nesting_mode":"set","block":{"attributes":{"label":{"type":"string","description":"Label to describe usage of the URL","description_kind":"plain","optional":true},"url":{"type":"string","description":"Specific URL associated with the resource.","description_kind":"plain","required":true}},"description":"URLs associated with this note and related metadata.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_analysis_note_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"note":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_analysis_occurrence":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"The note kind which explicitly denotes which of the occurrence\ndetails are specified. This field can be used as a filter in list\nrequests.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the occurrence.","description_kind":"plain","computed":true},"note_name":{"type":"string","description":"The analysis note associated with this occurrence, in the form of\nprojects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a\nfilter in list requests.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"remediation":{"type":"string","description":"A description of actions that can be taken to remedy the note.","description_kind":"plain","optional":true},"resource_uri":{"type":"string","description":"Required. Immutable. A URI that represents the resource for which\nthe occurrence applies. For example,\nhttps://gcr.io/project/image@sha256:123abc for a Docker image.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true}},"block_types":{"attestation":{"nesting_mode":"list","block":{"attributes":{"serialized_payload":{"type":"string","description":"The serialized payload that is verified by one or\nmore signatures. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"signatures":{"nesting_mode":"set","block":{"attributes":{"public_key_id":{"type":"string","description":"The identifier for the public key that verifies this\nsignature. MUST be an RFC3986 conformant\nURI. * When possible, the key id should be an\nimmutable reference, such as a cryptographic digest.\nExamples of valid values:\n\n* OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr\n for more details on this scheme.\n * 'openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA'\n* RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):\n * \"ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU\"","description_kind":"plain","required":true},"signature":{"type":"string","description":"The content of the signature, an opaque bytestring.\nThe payload that this signature verifies MUST be\nunambiguously provided with the Signature during\nverification. A wrapper message might provide the\npayload explicitly. Alternatively, a message might\nhave a canonical serialization that can always be\nunambiguously computed to derive the payload.","description_kind":"plain","optional":true}},"description":"One or more signatures over serializedPayload.\nVerifier implementations should consider this attestation\nmessage verified if at least one signature verifies\nserializedPayload. See Signature in common.proto for more\ndetails on signature structure and verification.","description_kind":"plain"},"min_items":1}},"description":"Occurrence that represents a single \"attestation\". The authenticity\nof an attestation can be verified using the attached signature.\nIf the verifier trusts the public key of the signer, then verifying\nthe signature is sufficient to establish trust. In this circumstance,\nthe authority to which this attestation is attached is primarily\nuseful for lookup (how to find this attestation if you already\nknow the authority and artifact to be verified) and intent (for\nwhich authority this attestation was intended to sign.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_attached_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same\nrestrictions as Kubernetes annotations. The total size of all keys and\nvalues combined is limited to 256k. Key can have 2 segments: prefix (optional)\nand name (required), separated by a slash (/). Prefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster_region":{"type":"string","description":"Output only. The region where this cluster runs.\n\nFor EKS clusters, this is an AWS region. For AKS clusters,\nthis is an Azure region.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine what flags to send on delete.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A human readable description of this attached cluster. Cannot be longer\nthan 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"distribution":{"type":"string","description":"The Kubernetes distribution of the underlying attached cluster. Supported values:\n\"eks\", \"aks\".","description_kind":"plain","required":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"errors":{"type":["list",["object",{"message":"string"}]],"description":"A set of errors found in the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kubernetes_version":{"type":"string","description":"The Kubernetes version of the cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"platform_version":{"type":"string","description":"The platform version for the cluster (e.g. '1.23.0-gke.1').","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the cluster. Possible values:\nSTATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR,\nDEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"attributes":{"admin_groups":{"type":["list","string"],"description":"Groups that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the groups. Up to ten admin groups can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true},"admin_users":{"type":["list","string"],"description":"Users that can perform operations as a cluster admin. A managed\nClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole\nto the users. Up to ten admin users can be provided.\n\nFor more info on RBAC, see\nhttps://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain","optional":true}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Configure Binary Authorization evaluation mode. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization configuration.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this\ncluster. Membership names are formatted as\nprojects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","required":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"logging_config":{"nesting_mode":"list","block":{"block_types":{"component_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"The components to be enabled. Possible values: [\"SYSTEM_COMPONENTS\", \"WORKLOADS\"]","description_kind":"plain","optional":true}},"description":"The configuration of the logging components","description_kind":"plain"},"max_items":1}},"description":"Logging configuration.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"managed_prometheus_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Managed Collection.","description_kind":"plain","optional":true}},"description":"Enable Google Cloud Managed Service for Prometheus in the cluster.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration.","description_kind":"plain"},"max_items":1},"oidc_config":{"nesting_mode":"list","block":{"attributes":{"issuer_url":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://'","description_kind":"plain","required":true},"jwks":{"type":"string","description":"OIDC verification keys in JWKS format (RFC 7517).","description_kind":"plain","optional":true}},"description":"OIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how GCP services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to GCP.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the 'issuer_url' field\nwhile clusters with private issuers need to provide both\n'issuer_url' and 'jwks'.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"block_types":{"kubernetes_secret":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Namespace of the kubernetes secret containing the proxy config.","description_kind":"plain","required":true}},"description":"The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.","description_kind":"plain"},"max_items":1}},"description":"Support for proxy configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"aws_region":{"type":"string","description":"The AWS region where the cluster runs. Each Google Cloud region supports a subset of nearby AWS regions. You can call to list all supported AWS regions within a given Google Cloud region.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM instance pofile to assign to each control plane replica.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to control plane replicas. The Anthos Multi-Cloud API will automatically create and manage security groups with the minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"subnet_ids":{"type":["list","string"],"description":"The list of subnets where control plane replicas will run. A replica will be provisioned on each subnet and up to three values can be provided. Each subnet must be in a different AWS Availability Zone (AZ).","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of AWS resource tags to propagate to all underlying managed AWS resources. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling .","description_kind":"plain","required":true}},"block_types":{"aws_services_authentication":{"nesting_mode":"list","block":{"attributes":{"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role that the Anthos Multi-Cloud API will assume when managing AWS resources on your account.","description_kind":"plain","required":true},"role_session_name":{"type":"string","description":"Optional. An identifier for the assumed role session. When unspecified, it defaults to `multicloud-service-agent`.","description_kind":"plain","optional":true,"computed":true}},"description":"Authentication configuration for management of AWS resources.","description_kind":"plain"},"min_items":1,"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt cluster secrets.","description_kind":"plain"},"min_items":1,"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 8 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. Volumes will be provisioned in the availability zone associated with the corresponding subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"per_node_pool_sg_rules_disabled":{"type":"bool","description":"Disable the per node pool subnet security group rules on the control plane security group. When set to true, you must also provide one or more security groups that ensure node pools are able to send requests to the control plane on TCP/443 and TCP/8132. Failure to do so may result in unavailable node pools.","description_kind":"plain","optional":true},"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"vpc_id":{"type":"string","description":"The VPC associated with the cluster. All component clusters (i.e. control plane and node pools) run on a single VPC. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_aws_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Key can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The awsCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The lifecycle state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The subnet where the node pool node run.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version to run on this node pool (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAwsServerConfig.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the NodePool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the NodePool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"iam_instance_profile":{"type":"string","description":"The name of the AWS IAM role assigned to nodes in the pool.","description_kind":"plain","required":true},"instance_type":{"type":"string","description":"Optional. The AWS instance type. When unspecified, it defaults to `m5.large`.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"security_group_ids":{"type":["list","string"],"description":"Optional. The IDs of additional security groups to add to nodes in this pool. The manager will automatically create security groups with minimum rules needed for a functioning cluster.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. Key/value metadata to assign to each underlying AWS resource. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true}},"block_types":{"autoscaling_metrics_collection":{"nesting_mode":"list","block":{"attributes":{"granularity":{"type":"string","description":"The frequency at which EC2 Auto Scaling sends aggregated data to AWS CloudWatch. The only valid value is \"1Minute\".","description_kind":"plain","required":true},"metrics":{"type":["list","string"],"description":"The metrics to enable. For a list of valid metrics, see https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html. If you specify granularity and don't specify any metrics, all metrics are enabled.","description_kind":"plain","optional":true}},"description":"Optional. Configuration related to CloudWatch metrics collection on the Auto Scaling group of the node pool. When unspecified, metrics collection is disabled.","description_kind":"plain"},"max_items":1},"config_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_arn":{"type":"string","description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain","required":true}},"description":"The ARN of the AWS KMS key used to encrypt node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"secret_arn":{"type":"string","description":"The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true},"secret_version":{"type":"string","description":"The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"iops":{"type":"number","description":"Optional. The number of I/O operations per second (IOPS) to provision for GP3 volume.","description_kind":"plain","optional":true,"computed":true},"kms_key_arn":{"type":"string","description":"Optional. The Amazon Resource Name (ARN) of the Customer Managed Key (CMK) used to encrypt AWS EBS volumes. If not specified, the default Amazon managed key associated to the AWS region where this cluster runs will be used.","description_kind":"plain","optional":true},"size_gib":{"type":"number","description":"Optional. The size of the volume, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true},"throughput":{"type":"number","description":"Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.","description_kind":"plain","optional":true,"computed":true},"volume_type":{"type":"string","description":"Optional. Type of the EBS volume. When unspecified, it defaults to GP2 volume. Possible values: VOLUME_TYPE_UNSPECIFIED, GP2, GP3","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Template for the root volume provisioned for node pool nodes. Volumes will be provisioned in the availability zone assigned to the node pool subnet. When unspecified, it defaults to 32 GiB with the GP2 volume type.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"ec2_key_pair":{"type":"string","description":"The name of the EC2 key pair used to login into cluster machines.","description_kind":"plain","required":true}},"description":"Optional. The SSH configuration.","description_kind":"plain"},"max_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"The taint effect. Possible values: EFFECT_UNSPECIFIED, NO_SCHEDULE, PREFER_NO_SCHEDULE, NO_EXECUTE","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for the taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for the taint.","description_kind":"plain","required":true}},"description":"Optional. The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"update_settings":{"nesting_mode":"list","block":{"block_types":{"surge_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Settings for surge update.","description_kind":"plain"},"max_items":1}},"description":"Optional. Update settings control the speed and disruption of the node pool update.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_azure_client":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID.","description_kind":"plain","required":true},"certificate":{"type":"string","description":"Output only. The PEM encoded x509 certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time at which this resource was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the client.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the cluster. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_region":{"type":"string","description":"The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.","description_kind":"plain","required":true},"client":{"type":"string","description":"Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/\u003cproject-number\u003e/locations/\u003cregion\u003e/azureClients/\u003cclient-id\u003e`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Output only. The time at which this cluster was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human readable description of this cluster. Cannot be longer than 255 UTF-8 encoded bytes.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"Output only. The endpoint of the cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently changes in flight to the cluster.","description_kind":"plain","computed":true},"resource_group_id":{"type":"string","description":"The ARM ID of the resource group where the cluster resources are deployed. For example: `/subscriptions/*/resourceGroups/*`","description_kind":"plain","required":true},"state":{"type":"string","description":"Output only. The current state of the cluster. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this cluster was last updated.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"identity_provider":"string","issuer_uri":"string","workload_pool":"string"}]],"description":"Output only. Workload Identity settings.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_groups":{"nesting_mode":"list","block":{"attributes":{"group":{"type":"string","description":"The name of the group, e.g. `my-group@domain.com`.","description_kind":"plain","required":true}},"description":"Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"}},"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. `my-gcp-id@gmail.com`.","description_kind":"plain","required":true}},"description":"Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles","description_kind":"plain"},"min_items":1}},"description":"Configuration related to the cluster RBAC settings.","description_kind":"plain"},"min_items":1,"max_items":1},"azure_services_authentication":{"nesting_mode":"list","block":{"attributes":{"application_id":{"type":"string","description":"The Azure Active Directory Application ID for Authentication configuration.","description_kind":"plain","required":true},"tenant_id":{"type":"string","description":"The Azure Active Directory Tenant ID for Authentication configuration.","description_kind":"plain","required":true}},"description":"Azure authentication configuration for management of Azure resources","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"attributes":{"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the control plane VMs are deployed. Example: `/subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/default`.","description_kind":"plain","required":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying control plane Azure resources.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Kubernetes version to run on control plane replicas (e.g. `1.19.10-gke.1000`). You can list all supported versions on a given Google Cloud region by calling GetAzureServerConfig.","description_kind":"plain","required":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. For available VM sizes, see https://docs.microsoft.com/en-us/azure/virtual-machines/vm-naming-conventions. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The ARM ID of the Azure Key Vault key to encrypt / decrypt data. For example: `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-id\u003e/providers/Microsoft.KeyVault/vaults/\u003ckey-vault-id\u003e/keys/\u003ckey-name\u003e` Encryption will always take the latest version of the key and hence specific version is not supported.","description_kind":"plain","required":true}},"description":"Optional. Configuration related to application-layer secrets encryption.","description_kind":"plain"},"max_items":1},"main_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the main volume provisioned for each control plane replica. The main volume is in charge of storing all of the cluster's etcd state. When unspecified, it defaults to a 8-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"replica_placements":{"nesting_mode":"list","block":{"attributes":{"azure_availability_zone":{"type":"string","description":"For a given replica, the Azure availability zone where to provision the control plane VM and the ETCD disk.","description_kind":"plain","required":true},"subnet_id":{"type":"string","description":"For a given replica, the ARM ID of the subnet where the control plane VM is deployed. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true}},"description":"Configuration for where to place the control plane replicas. Up to three replica placement instances can be specified. If replica_placements is set, the replica placement instances will be applied to the three control plane replicas as evenly as possible.","description_kind":"plain"}},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each control plane replica. When unspecified, it defaults to 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the underlying control plane machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration related to the cluster control plane.","description_kind":"plain"},"min_items":1,"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster. Membership names are formatted as projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The number of the Fleet host project where this cluster will be registered.","description_kind":"plain","optional":true,"computed":true}},"description":"Fleet configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range of the pods in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All pods in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"The IP address range for services in this cluster, in CIDR notation (e.g. `10.96.0.0/14`). All services in the cluster get assigned a unique RFC1918 IPv4 address from these ranges. Only a single range is supported. This field cannot be changed after creating a cluster.","description_kind":"plain","required":true},"virtual_network_id":{"type":"string","description":"The Azure Resource Manager (ARM) ID of the VNet associated with your cluster. All components in the cluster (i.e. control plane and node pools) run on a single VNet. Example: `/subscriptions/*/resourceGroups/*/providers/Microsoft.Network/virtualNetworks/*` This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"Cluster-wide networking configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_azure_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Optional. Annotations on the node pool. This field has the same restrictions as Kubernetes annotations. The total size of all keys and values combined is limited to 256k. Keys can have 2 segments: prefix (optional) and name (required), separated by a slash (/). Prefix must be a DNS subdomain. Name must be 63 characters or less, begin and end with alphanumerics, with dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field `effective_annotations` for all of the annotations present on the resource.","description_kind":"plain","optional":true},"azure_availability_zone":{"type":"string","description":"Optional. The Azure availability zone of the nodes in this nodepool. When unspecified, it defaults to `1`.","description_kind":"plain","optional":true,"computed":true},"cluster":{"type":"string","description":"The azureCluster for the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The time at which this node pool was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Allows clients to perform consistent read-modify-writes through optimistic concurrency control. May be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this resource.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. If set, there are currently pending changes to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current state of the node pool. Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"The ARM ID of the subnet where the node pool VMs run. Make sure it's a subnet under the virtual network in the cluster configuration.","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. A globally unique identifier for the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this node pool was last updated.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The Kubernetes version (e.g. `1.19.10-gke.1000`) running on this node pool.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Maximum number of nodes in the node pool. Must be \u003e= min_node_count.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the node pool. Must be \u003e= 1 and \u003c= max_node_count.","description_kind":"plain","required":true}},"description":"Autoscaler configuration for this node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The initial labels assigned to nodes of this node pool. An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"tags":{"type":["map","string"],"description":"Optional. A set of tags to apply to all underlying Azure resources for this node pool. This currently only includes Virtual Machine Scale Sets. Specify at most 50 pairs containing alphanumerics, spaces, and symbols (.+-=_:@/). Keys can be up to 127 Unicode characters. Values can be up to 255 Unicode characters.","description_kind":"plain","optional":true},"vm_size":{"type":"string","description":"Optional. The Azure VM size name. Example: `Standard_DS2_v2`. See (/anthos/clusters/docs/azure/reference/supported-vms) for options. When unspecified, it defaults to `Standard_DS2_v2`.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"proxy_config":{"nesting_mode":"list","block":{"attributes":{"resource_group_id":{"type":"string","description":"The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/\u003csubscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e`","description_kind":"plain","required":true},"secret_id":{"type":"string","description":"The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:\u003ckey-vault-name\u003e.vault.azure.net/secrets/\u003csecret-name\u003e/\u003csecret-version\u003e`.","description_kind":"plain","required":true}},"description":"Proxy configuration for outbound HTTP(S) traffic.","description_kind":"plain"},"max_items":1},"root_volume":{"nesting_mode":"list","block":{"attributes":{"size_gib":{"type":"number","description":"Optional. The size of the disk, in GiBs. When unspecified, a default value is provided. See the specific reference in the parent resource.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Configuration related to the root volume provisioned for each node pool machine. When unspecified, it defaults to a 32-GiB Azure Disk.","description_kind":"plain"},"max_items":1},"ssh_config":{"nesting_mode":"list","block":{"attributes":{"authorized_key":{"type":"string","description":"The SSH public key data for VMs managed by Anthos. This accepts the authorized_keys file format used in OpenSSH according to the sshd(8) manual page.","description_kind":"plain","required":true}},"description":"SSH configuration for how to access the node pool machines.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Optional. Whether or not the nodes will be automatically repaired.","description_kind":"plain","optional":true,"computed":true}},"description":"The Management configuration for this node pool.","description_kind":"plain"},"max_items":1},"max_pods_constraint":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods to schedule on a single node.","description_kind":"plain","required":true}},"description":"The constraint on the maximum number of pods that can be run simultaneously on a node in the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","optional":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","optional":true,"computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","optional":true,"computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","optional":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","optional":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","optional":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","optional":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","optional":true,"computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","optional":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","optional":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","optional":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","optional":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","optional":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true,"computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","optional":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","optional":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","optional":true,"computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","optional":true,"computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true}},"block_types":{"addons_config":{"nesting_mode":"list","block":{"block_types":{"cloudrun_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description_kind":"plain","optional":true}},"description":"The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.","description_kind":"plain"},"max_items":1},"config_connector_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The of the Config Connector addon.","description_kind":"plain"},"max_items":1},"dns_cache_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gce_persistent_disk_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.","description_kind":"plain"},"max_items":1},"gcp_filestore_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gcs_fuse_csi_driver_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1},"gke_backup_agent_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.","description_kind":"plain"},"max_items":1},"horizontal_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"http_load_balancing":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.","description_kind":"plain"},"max_items":1},"network_policy_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.","description_kind":"plain"},"max_items":1},"stateful_ha_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description_kind":"plain","required":true}},"description":"The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. Defaults to disabled; set enabled = true to enable.","description_kind":"plain"},"max_items":1}},"description":"The configuration for addons supported by GKE.","description_kind":"plain"},"max_items":1},"authenticator_groups_config":{"nesting_mode":"list","block":{"attributes":{"security_group":{"type":"string","description":"The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.","description_kind":"plain","required":true}},"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain"},"max_items":1},"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enable Binary Authorization for this cluster.","description_kind":"plain","deprecated":true,"optional":true},"evaluation_mode":{"type":"string","description":"Mode of operation for Binary Authorization policy evaluation.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain"},"max_items":1},"cluster_autoscaling":{"nesting_mode":"list","block":{"attributes":{"autoscaling_profile":{"type":"string","description":"Configuration options for the Autoscaling profile feature, which lets you choose whether the cluster autoscaler should optimize for resource utilization or resource availability when deciding to remove nodes from a cluster. Can be BALANCED or OPTIMIZE_UTILIZATION. Defaults to BALANCED.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"auto_provisioning_defaults":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The default image type used by NAP once a new node pool is being created.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["list","string"],"description":"Scopes that are used by NAP when creating node pools.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true}},"block_types":{"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.","description_kind":"plain","optional":true,"computed":true},"auto_upgrade":{"type":"bool","description":"Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.","description_kind":"plain","optional":true,"computed":true},"upgrade_options":{"type":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]],"description":"Specifies the Auto Upgrade knobs for the node pool.","description_kind":"plain","computed":true}},"description":"NodeManagement configuration for this NodePool.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.","description_kind":"plain","optional":true},"max_unavailable":{"type":"number","description":"The maximum number of nodes that can be simultaneously unavailable during the upgrade process.","description_kind":"plain","optional":true},"strategy":{"type":"string","description":"Update strategy of the node pool.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Standard policy for the blue-green upgrade.","description_kind":"plain"},"max_items":1}},"description":"Settings for blue-green upgrade strategy.","description_kind":"plain"},"max_items":1}},"description":"Specifies the upgrade settings for NAP created node pools","description_kind":"plain"},"max_items":1}},"description":"Contains defaults for a node pool created by NAP.","description_kind":"plain"},"max_items":1},"resource_limits":{"nesting_mode":"list","block":{"attributes":{"maximum":{"type":"number","description":"Maximum amount of the resource in the cluster.","description_kind":"plain","optional":true},"minimum":{"type":"number","description":"Minimum amount of the resource in the cluster.","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.","description_kind":"plain","required":true}},"description":"Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.","description_kind":"plain"}}},"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this cluster.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain"},"max_items":1},"cost_management_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.","description_kind":"plain","required":true}},"description":"Cost management configuration for the cluster.","description_kind":"plain"},"max_items":1},"database_encryption":{"nesting_mode":"list","block":{"attributes":{"key_name":{"type":"string","description":"The key to use to encrypt/decrypt secrets.","description_kind":"plain","optional":true},"state":{"type":"string","description":"ENCRYPTED or DECRYPTED.","description_kind":"plain","required":true}},"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain"},"max_items":1},"default_snat_status":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.","description_kind":"plain","required":true}},"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain"},"max_items":1},"dns_config":{"nesting_mode":"list","block":{"attributes":{"cluster_dns":{"type":"string","description":"Which in-cluster DNS provider should be used.","description_kind":"plain","optional":true},"cluster_dns_domain":{"type":"string","description":"The suffix used for all cluster service records.","description_kind":"plain","optional":true},"cluster_dns_scope":{"type":"string","description":"The scope of access to cluster DNS records.","description_kind":"plain","optional":true}},"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain"},"max_items":1},"enable_k8s_beta_apis":{"nesting_mode":"list","block":{"attributes":{"enabled_apis":{"type":["set","string"],"description":"Enabled Kubernetes Beta APIs.","description_kind":"plain","required":true}},"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"Full resource name of the registered fleet membership of the cluster.","description_kind":"plain","computed":true},"membership_id":{"type":"string","description":"Short name of the fleet membership, for example \"member-1\".","description_kind":"plain","computed":true},"membership_location":{"type":"string","description":"Location of the fleet membership, for example \"us-central1\".","description_kind":"plain","computed":true},"pre_registered":{"type":"bool","description":"Whether the cluster has been registered via the fleet API.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The Fleet host project of the cluster.","description_kind":"plain","optional":true}},"description":"Fleet configuration of the cluster.","description_kind":"plain"},"max_items":1},"gateway_api_config":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The Gateway API release channel to use for Gateway API.","description_kind":"plain","required":true}},"description":"Configuration for GKE Gateway API controller.","description_kind":"plain"},"max_items":1},"identity_service_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable the Identity Service component.","description_kind":"plain","optional":true}},"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain"},"max_items":1},"ip_allocation_policy":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_block":{"type":"string","description":"The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"cluster_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"services_ipv4_cidr_block":{"type":"string","description":"The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"services_secondary_range_name":{"type":"string","description":"The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.","description_kind":"plain","optional":true,"computed":true},"stack_type":{"type":"string","description":"The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set","description_kind":"plain","optional":true}},"block_types":{"additional_pod_ranges_config":{"nesting_mode":"list","block":{"attributes":{"pod_range_names":{"type":["set","string"],"description":"Name for pod secondary ipv4 range which has the actual range defined ahead.","description_kind":"plain","required":true}},"description":"AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for cluster level pod cidr overprovision. Default is disabled=false.","description_kind":"plain"},"max_items":1}},"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain"},"max_items":1},"logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.","description_kind":"plain","required":true}},"description":"Logging configuration for the cluster.","description_kind":"plain"},"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"daily_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description_kind":"plain","computed":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window specified for daily maintenance operations. Specify start_time in RFC3339 format \"HH:MM”, where HH : [00-23] and MM : [00-59] GMT.","description_kind":"plain"},"max_items":1},"maintenance_exclusion":{"nesting_mode":"set","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"exclusion_name":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"block_types":{"exclusion_options":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"The scope of automatic upgrades to restrict in the exclusion window.","description_kind":"plain","required":true}},"description":"Maintenance exclusion related options.","description_kind":"plain"},"max_items":1}},"description":"Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.","description_kind":"plain"},"max_items":20},"recurring_window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description_kind":"plain","required":true},"recurrence":{"type":"string","description_kind":"plain","required":true},"start_time":{"type":"string","description_kind":"plain","required":true}},"description":"Time window for recurring maintenance operations.","description_kind":"plain"},"max_items":1}},"description":"The maintenance policy to use for the cluster.","description_kind":"plain"},"max_items":1},"master_auth":{"nesting_mode":"list","block":{"attributes":{"client_certificate":{"type":"string","description":"Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"Base64 encoded private key used by clients to authenticate to the cluster endpoint.","description_kind":"plain","computed":true,"sensitive":true},"cluster_ca_certificate":{"type":"string","description":"Base64 encoded public certificate that is the root of trust for the cluster.","description_kind":"plain","computed":true}},"block_types":{"client_certificate_config":{"nesting_mode":"list","block":{"attributes":{"issue_client_certificate":{"type":"bool","description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain","required":true}},"description":"Whether client certificate authorization is enabled for this cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain"},"max_items":1},"master_authorized_networks_config":{"nesting_mode":"list","block":{"attributes":{"gcp_public_cidrs_access_enabled":{"type":"bool","description":"Whether Kubernetes master is accessible via Google Compute Engine Public IPs.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"cidr_blocks":{"nesting_mode":"set","block":{"attributes":{"cidr_block":{"type":"string","description":"External network that can access Kubernetes master through HTTPS. Must be specified in CIDR notation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Field for users to identify CIDR blocks.","description_kind":"plain","optional":true}},"description":"External networks that can access the Kubernetes cluster master through HTTPS.","description_kind":"plain"}}},"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain"},"max_items":1},"mesh_certificates":{"nesting_mode":"list","block":{"attributes":{"enable_certificates":{"type":"bool","description":"When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","required":true}},"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain"},"max_items":1},"monitoring_config":{"nesting_mode":"list","block":{"attributes":{"enable_components":{"type":["list","string"],"description":"GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"advanced_datapath_observability_config":{"nesting_mode":"list","block":{"attributes":{"enable_metrics":{"type":"bool","description":"Whether or not the advanced datapath metrics are enabled.","description_kind":"plain","required":true},"enable_relay":{"type":"bool","description":"Whether or not Relay is enabled.","description_kind":"plain","optional":true},"relay_mode":{"type":"string","description":"Mode used to make Relay available.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"description":"Configuration of Advanced Datapath Observability features.","description_kind":"plain"},"max_items":1},"managed_prometheus":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the managed collection is enabled.","description_kind":"plain","required":true}},"description":"Configuration for Google Cloud Managed Services for Prometheus.","description_kind":"plain"},"max_items":1}},"description":"Monitoring configuration for the cluster.","description_kind":"plain"},"max_items":1},"network_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether network policy is enabled on the cluster.","description_kind":"plain","required":true},"provider":{"type":"string","description":"The selected network policy provider.","description_kind":"plain","optional":true}},"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"node_pool":{"nesting_mode":"list","block":{"attributes":{"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain"}},"node_pool_auto_config":{"nesting_mode":"list","block":{"attributes":{"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true}},"block_types":{"network_tags":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"List of network tags applied to auto-provisioned node pools.","description_kind":"plain","optional":true}},"description":"Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.","description_kind":"plain"},"max_items":1}},"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain"},"max_items":1},"node_pool_defaults":{"nesting_mode":"list","block":{"block_types":{"node_config_defaults":{"nesting_mode":"list","block":{"attributes":{"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true}},"description":"Subset of NodeConfig message that has defaults.","description_kind":"plain"},"max_items":1}},"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not the notification config is enabled","description_kind":"plain","required":true},"topic":{"type":"string","description":"The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"event_type":{"type":["list","string"],"description":"Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT","description_kind":"plain","required":true}},"description":"Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent","description_kind":"plain"},"max_items":1}},"description":"Notification config for Cloud Pub/Sub","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain"},"max_items":1},"private_cluster_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_endpoint":{"type":"bool","description":"When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.","description_kind":"plain","optional":true},"master_ipv4_cidr_block":{"type":"string","description":"The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.","description_kind":"plain","optional":true,"computed":true},"peering_name":{"type":"string","description":"The name of the peering between this cluster and the Google owned VPC.","description_kind":"plain","computed":true},"private_endpoint":{"type":"string","description":"The internal IP address of this cluster's master endpoint.","description_kind":"plain","computed":true},"private_endpoint_subnetwork":{"type":"string","description":"Subnetwork in cluster's network where master's endpoint will be provisioned.","description_kind":"plain","optional":true},"public_endpoint":{"type":"string","description":"The external IP address of this cluster's master endpoint.","description_kind":"plain","computed":true}},"block_types":{"master_global_access_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether the cluster master is accessible globally or not.","description_kind":"plain","required":true}},"description":"Controls cluster master global access settings.","description_kind":"plain"},"max_items":1}},"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain"},"max_items":1},"release_channel":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The selected release channel. Accepted values are:\n* UNSPECIFIED: Not set.\n* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features.\n* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel.\n* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.","description_kind":"plain","required":true}},"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain"},"max_items":1},"resource_usage_export_config":{"nesting_mode":"list","block":{"attributes":{"enable_network_egress_metering":{"type":"bool","description":"Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.","description_kind":"plain","optional":true},"enable_resource_consumption_metering":{"type":"bool","description":"Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of a BigQuery Dataset.","description_kind":"plain","required":true}},"description":"Parameters for using BigQuery as the destination of resource usage export.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.","description_kind":"plain","optional":true,"computed":true},"vulnerability_mode":{"type":"string","description":"Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED, VULNERABILITY_BASIC and VULNERABILITY_ENTERPRISE.","description_kind":"plain","optional":true,"computed":true}},"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain"},"max_items":1},"service_external_ips_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"When enabled, services with external ips specified will be allowed.","description_kind":"plain","required":true}},"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vertical_pod_autoscaling":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables vertical pod autoscaling.","description_kind":"plain","required":true}},"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain"},"max_items":1},"workload_identity_config":{"nesting_mode":"list","block":{"attributes":{"workload_pool":{"type":"string","description":"The workload pool to attach all Kubernetes service accounts to.","description_kind":"plain","optional":true}},"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_node_pool":{"version":1,"block":{"attributes":{"cluster":{"type":"string","description":"The cluster to create the node pool for. Cluster must be present in location provided for zonal clusters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"initial_node_count":{"type":"number","description":"The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource.","description_kind":"plain","optional":true,"computed":true},"instance_group_urls":{"type":["list","string"],"description":"The resource URLs of the managed instance groups associated with this node pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) of the cluster.","description_kind":"plain","optional":true,"computed":true},"managed_instance_group_urls":{"type":["list","string"],"description":"List of instance group URLs which have been assigned to this node pool.","description_kind":"plain","computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods per node in this node pool. Note that this does not work on node pools which are \"route-based\" - that is, node pools belonging to clusters that do not have IP Aliasing enabled.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the node pool. If left blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description":"Creates a unique name for the node pool beginning with the specified prefix. Conflicts with name.","description_kind":"plain","optional":true,"computed":true},"node_count":{"type":"number","description":"The number of nodes per instance group. This field can be used to update the number of nodes per instance group but should not be used alongside autoscaling.","description_kind":"plain","optional":true,"computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the node pool's nodes should be located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If unspecified, the cluster-level node_locations will be used.","description_kind":"plain","optional":true,"computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which to create the node pool. If blank, the provider-configured project will be used.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"string","description":"The Kubernetes version for the nodes in this pool. Note that if this field and auto_upgrade are both specified, they will fight each other for what the node version should be, so setting both is highly discouraged. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"location_policy":{"type":"string","description":"Location policy specifies the algorithm used when scaling-up the node pool. \"BALANCED\" - Is a best effort policy that aims to balance the sizes of available zones. \"ANY\" - Instructs the cluster autoscaler to prioritize utilization of unused reservations, and reduces preemption risk for Spot VMs.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"Maximum number of nodes per zone in the node pool. Must be \u003e= min_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"Minimum number of nodes per zone in the node pool. Must be \u003e=0 and \u003c= max_node_count. Cannot be used with total limits.","description_kind":"plain","optional":true},"total_max_node_count":{"type":"number","description":"Maximum number of all nodes in the node pool. Must be \u003e= total_min_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true},"total_min_node_count":{"type":"number","description":"Minimum number of all nodes in the node pool. Must be \u003e=0 and \u003c= total_max_node_count. Cannot be used with per zone limits.","description_kind":"plain","optional":true}},"description":"Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage.","description_kind":"plain"},"max_items":1},"management":{"nesting_mode":"list","block":{"attributes":{"auto_repair":{"type":"bool","description":"Whether the nodes will be automatically repaired. Enabled by default.","description_kind":"plain","optional":true},"auto_upgrade":{"type":"bool","description":"Whether the nodes will be automatically upgraded. Enabled by default.","description_kind":"plain","optional":true}},"description":"Node management configuration, wherein auto-repair and auto-upgrade is configured.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"create_pod_range":{"type":"bool","description":"Whether to create a new range for pod IPs in this node pool. Defaults are provided for pod_range and pod_ipv4_cidr_block if they are not specified.","description_kind":"plain","optional":true},"enable_private_nodes":{"type":"bool","description":"Whether nodes have internal IP addresses only.","description_kind":"plain","optional":true,"computed":true},"pod_ipv4_cidr_block":{"type":"string","description":"The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.","description_kind":"plain","optional":true,"computed":true},"pod_range":{"type":"string","description":"The ID of the secondary range for pod IPs. If create_pod_range is true, this ID is used for the new range. If create_pod_range is false, uses an existing secondary range with this ID.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"network_performance_config":{"nesting_mode":"list","block":{"attributes":{"total_egress_bandwidth_tier":{"type":"string","description":"Specifies the total network bandwidth tier for the NodePool.","description_kind":"plain","required":true}},"description":"Network bandwidth tier configuration.","description_kind":"plain"},"max_items":1},"pod_cidr_overprovision_config":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description_kind":"plain","required":true}},"description":"Configuration for node-pool level pod cidr overprovision. If not set, the cluster level setting will be inherited","description_kind":"plain"},"max_items":1}},"description":"Networking configuration for this NodePool. If specified, it overrides the cluster-level defaults.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_kms_key":{"type":"string","description":"The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Type of the disk attached to each node. Such as pd-standard, pd-balanced or pd-ssd","description_kind":"plain","optional":true,"computed":true},"effective_taints":{"type":["list",["object",{"effect":"string","key":"string","value":"string"}]],"description":"List of kubernetes taints applied to each node.","description_kind":"plain","computed":true},"enable_confidential_storage":{"type":"bool","description":"If enabled boot disks are configured with confidential mode.","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","optional":true,"computed":true},"image_type":{"type":"string","description":"The image type to use for this node. Note that for a given image type, the latest version of it will be used.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node. These will added in addition to any default label(s) that Kubernetes may apply to the node.","description_kind":"plain","optional":true,"computed":true},"local_ssd_count":{"type":"number","description":"The number of local SSD disks to be attached to the node.","description_kind":"plain","optional":true,"computed":true},"logging_variant":{"type":"string","description":"Type of logging agent that is used as the default value for node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The metadata key/value pairs assigned to instances in the cluster.","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform.","description_kind":"plain","optional":true,"computed":true},"node_group":{"type":"string","description":"Setting this field will assign instances of this pool to run on the specified node group. This is useful for running workloads on sole tenant nodes.","description_kind":"plain","optional":true},"oauth_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs.","description_kind":"plain","optional":true,"computed":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances.","description_kind":"plain","optional":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the node pool.","description_kind":"plain","optional":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags. Resource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"The Google Cloud Platform Service Account to be used by the node VMs.","description_kind":"plain","optional":true,"computed":true},"spot":{"type":"bool","description":"Whether the nodes are created as spot VM instances.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The list of instance tags applied to all nodes.","description_kind":"plain","optional":true}},"block_types":{"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. To disable simultaneous multithreading (SMT) set this to 1. If unset, the maximum number of threads supported per core by the underlying processor is assumed.","description_kind":"plain","required":true}},"description":"Specifies options for controlling advanced machine features.","description_kind":"plain"},"max_items":1},"confidential_nodes":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether Confidential Nodes feature is enabled for all nodes in this pool.","description_kind":"plain","required":true}},"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after pool creation without deleting and recreating the entire pool.","description_kind":"plain"},"max_items":1},"ephemeral_storage_local_ssd_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of local SSDs to use to back ephemeral storage. Uses NVMe interfaces. Each local SSD must be 375 or 3000 GB in size, and all local SSDs must share the same size.","description_kind":"plain","required":true}},"description":"Parameters for the ephemeral storage filesystem. If unspecified, ephemeral storage is backed by the boot disk.","description_kind":"plain"},"max_items":1},"fast_socket":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not NCCL Fast Socket is enabled","description_kind":"plain","required":true}},"description":"Enable or disable NCCL Fast Socket in the node pool.","description_kind":"plain"},"max_items":1},"gcfs_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not GCFS is enabled","description_kind":"plain","required":true}},"description":"GCFS configuration for this node.","description_kind":"plain"},"max_items":1},"gvnic":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether or not gvnic is enabled","description_kind":"plain","required":true}},"description":"Enable or disable gvnic in the node pool.","description_kind":"plain"},"max_items":1},"host_maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"maintenance_interval":{"type":"string","description":".","description_kind":"plain","required":true}},"description":"The maintenance policy for the hosts on which the GKE VMs run on.","description_kind":"plain"},"max_items":1},"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"cpu_cfs_quota":{"type":"bool","description":"Enable CPU CFS quota enforcement for containers that specify CPU limits.","description_kind":"plain","optional":true},"cpu_cfs_quota_period":{"type":"string","description":"Set the CPU CFS quota period value 'cpu.cfs_period_us'.","description_kind":"plain","optional":true},"cpu_manager_policy":{"type":"string","description":"Control the CPU management policy on the node.","description_kind":"plain","required":true},"pod_pids_limit":{"type":"number","description":"Controls the maximum number of processes allowed to run in a pod.","description_kind":"plain","optional":true}},"description":"Node kubelet configs.","description_kind":"plain"},"max_items":1},"linux_node_config":{"nesting_mode":"list","block":{"attributes":{"cgroup_mode":{"type":"string","description":"cgroupMode specifies the cgroup mode to be used on the node.","description_kind":"plain","optional":true,"computed":true},"sysctls":{"type":["map","string"],"description":"The Linux kernel parameters to be applied to the nodes and all pods running on the nodes.","description_kind":"plain","optional":true}},"description":"Parameters that can be configured on Linux nodes.","description_kind":"plain"},"max_items":1},"local_nvme_ssd_block_config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"Number of raw-block local NVMe SSD disks to be attached to the node. Each local SSD is 375 GB in size.","description_kind":"plain","required":true}},"description":"Parameters for raw-block local NVMe SSDs.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Corresponds to the type of reservation consumption.","description_kind":"plain","required":true},"key":{"type":"string","description":"The label key of a reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The label values of the reservation resource.","description_kind":"plain","optional":true}},"description":"The reservation affinity configuration for the node pool.","description_kind":"plain"},"max_items":1},"secondary_boot_disks":{"nesting_mode":"list","block":{"attributes":{"disk_image":{"type":"string","description":"Disk image to create the secondary boot disk from","description_kind":"plain","required":true},"mode":{"type":"string","description":"Mode for how the secondary boot disk is used.","description_kind":"plain","optional":true}},"description":"Secondary boot disks for preloading data or container images.","description_kind":"plain"},"max_items":127},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance options.","description_kind":"plain"},"max_items":1},"sole_tenant_config":{"nesting_mode":"list","block":{"block_types":{"node_affinity":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":".","description_kind":"plain","required":true},"operator":{"type":"string","description":".","description_kind":"plain","required":true},"values":{"type":["list","string"],"description":".","description_kind":"plain","required":true}},"description":".","description_kind":"plain"},"min_items":1}},"description":"Node affinity options for sole tenant node pools.","description_kind":"plain"},"max_items":1},"taint":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Effect for taint.","description_kind":"plain","required":true},"key":{"type":"string","description":"Key for taint.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value for taint.","description_kind":"plain","required":true}},"description":"List of Kubernetes taints to be applied to each node.","description_kind":"plain"}},"workload_metadata_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode is the configuration for how to expose metadata to workloads running on the node.","description_kind":"plain","required":true}},"description":"The workload metadata configuration for this node.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the nodepool","description_kind":"plain"},"max_items":1},"placement_policy":{"nesting_mode":"list","block":{"attributes":{"policy_name":{"type":"string","description":"If set, refers to the name of a custom resource policy supplied by the user. The resource policy must be in the same project and region as the node pool. If not found, InvalidArgument error is returned.","description_kind":"plain","optional":true},"tpu_topology":{"type":"string","description":"TPU placement topology for pod slice node pool. https://cloud.google.com/tpu/docs/types-topologies#tpu_topologies","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type defines the type of placement policy","description_kind":"plain","required":true}},"description":"Specifies the node placement policy","description_kind":"plain"},"max_items":1},"queued_provisioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether nodes in this node pool are obtainable solely through the ProvisioningRequest API","description_kind":"plain","required":true}},"description":"Specifies the configuration of queued provisioning","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_settings":{"nesting_mode":"list","block":{"attributes":{"max_surge":{"type":"number","description":"The number of additional nodes that can be added to the node pool during an upgrade. Increasing max_surge raises the number of nodes that can be upgraded simultaneously. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"max_unavailable":{"type":"number","description":"The number of nodes that can be simultaneously unavailable during an upgrade. Increasing max_unavailable raises the number of nodes that can be upgraded in parallel. Can be set to 0 or greater.","description_kind":"plain","optional":true,"computed":true},"strategy":{"type":"string","description":"Update strategy for the given nodepool.","description_kind":"plain","optional":true}},"block_types":{"blue_green_settings":{"nesting_mode":"list","block":{"attributes":{"node_pool_soak_duration":{"type":"string","description":"Time needed after draining entire blue pool. After this period, blue pool will be cleaned up.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"standard_rollout_policy":{"nesting_mode":"list","block":{"attributes":{"batch_node_count":{"type":"number","description":"Number of blue nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_percentage":{"type":"number","description":"Percentage of the blue pool nodes to drain in a batch.","description_kind":"plain","optional":true,"computed":true},"batch_soak_duration":{"type":"string","description":"Soak time after each batch gets drained.","description_kind":"plain","optional":true,"computed":true}},"description":"Standard rollout policy is the default policy for blue-green.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for BlueGreen node pool upgrade.","description_kind":"plain"},"max_items":1}},"description":"Specify node upgrade settings to change how many nodes GKE attempts to upgrade at once. The number of nodes upgraded simultaneously is the sum of max_surge and max_unavailable. The maximum number of nodes upgraded simultaneously is limited to 20.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_container_registry":{"version":0,"block":{"attributes":{"bucket_self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the registry. One of ASIA, EU, US or not specified. See the official documentation for more information on registry locations.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_entry":{"version":0,"block":{"attributes":{"bigquery_date_sharded_spec":{"type":["list",["object",{"dataset":"string","shard_count":"number","table_prefix":"string"}]],"description":"Specification for a group of BigQuery tables with name pattern [prefix]YYYYMMDD.\nContext: https://cloud.google.com/bigquery/docs/partitioned-tables#partitioning_versus_sharding.","description_kind":"plain","computed":true},"bigquery_table_spec":{"type":["list",["object",{"table_source_type":"string","table_spec":["list",["object",{"grouped_entry":"string"}]],"view_spec":["list",["object",{"view_query":"string"}]]}]],"description":"Specification that applies to a BigQuery table. This is only valid on entries of type TABLE.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Entry description, which can consist of several sentences or paragraphs that describe entry contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display information such as title and description. A short name to identify the entry,\nfor example, \"Analytics Data - Jan 2011\".","description_kind":"plain","optional":true},"entry_group":{"type":"string","description":"The name of the entry group this entry is in.","description_kind":"plain","required":true},"entry_id":{"type":"string","description":"The id of the entry to create.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"integrated_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog integrates with, such as BigQuery or Pub/Sub.","description_kind":"plain","computed":true},"linked_resource":{"type":"string","description":"The resource this metadata entry refers to.\nFor Google Cloud Platform resources, linkedResource is the full name of the resource.\nFor example, the linkedResource for a table resource from BigQuery is:\n//bigquery.googleapis.com/projects/projectId/datasets/datasetId/tables/tableId\nOutput only when Entry is of type in the EntryType enum. For entries with userSpecifiedType,\nthis field is optional and defaults to an empty string.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The Data Catalog resource name of the entry in URL format.\nExample: projects/{project_id}/locations/{location}/entryGroups/{entryGroupId}/entries/{entryId}.\nNote that this Entry and its child resources may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"schema":{"type":"string","description":"Schema of the entry (e.g. BigQuery, GoogleSQL, Avro schema), as a json string. An entry might not have any schema\nattached to it. See\nhttps://cloud.google.com/data-catalog/docs/reference/rest/v1/projects.locations.entryGroups.entries#schema\nfor what fields this schema can contain.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the entry. Only used for Entries with types in the EntryType enum.\nCurrently, only FILESET enum value is allowed. All other entries created through Data Catalog must use userSpecifiedType. Possible values: [\"FILESET\"]","description_kind":"plain","optional":true},"user_specified_system":{"type":"string","description":"This field indicates the entry's source system that Data Catalog does not integrate with.\nuserSpecifiedSystem strings must begin with a letter or underscore and can only contain letters, numbers,\nand underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true},"user_specified_type":{"type":"string","description":"Entry type if it does not fit any of the input-allowed values listed in EntryType enum above.\nWhen creating an entry, users should check the enum values first, if nothing matches the entry\nto be created, then provide a custom value, for example \"my_special_type\".\nuserSpecifiedType strings must begin with a letter or underscore and can only contain letters,\nnumbers, and underscores; are case insensitive; must be at least 1 character and at most 64 characters long.","description_kind":"plain","optional":true}},"block_types":{"gcs_fileset_spec":{"nesting_mode":"list","block":{"attributes":{"file_patterns":{"type":["list","string"],"description":"Patterns to identify a set of files in Google Cloud Storage.\nSee [Cloud Storage documentation](https://cloud.google.com/storage/docs/gsutil/addlhelp/WildcardNames)\nfor more information. Note that bucket wildcards are currently not supported. Examples of valid filePatterns:\n\n* gs://bucket_name/dir/*: matches all files within bucket_name/dir directory.\n* gs://bucket_name/dir/**: matches all files in bucket_name/dir spanning all subdirectories.\n* gs://bucket_name/file*: matches files prefixed by file in bucket_name\n* gs://bucket_name/??.txt: matches files with two characters followed by .txt in bucket_name\n* gs://bucket_name/[aeiou].txt: matches files that contain a single vowel character followed by .txt in bucket_name\n* gs://bucket_name/[a-m].txt: matches files that contain a, b, ... or m followed by .txt in bucket_name\n* gs://bucket_name/a/*/b: matches all files in bucket_name that match a/*/b pattern, such as a/c/b, a/d/b\n* gs://another_bucket/a.txt: matches gs://another_bucket/a.txt","description_kind":"plain","required":true},"sample_gcs_file_specs":{"type":["list",["object",{"file_path":"string","size_bytes":"number"}]],"description":"Sample files contained in this fileset, not all files contained in this fileset are represented here.","description_kind":"plain","computed":true}},"description":"Specification that applies to a Cloud Storage fileset. This is only valid on entries of type FILESET.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Entry group description, which can consist of several sentences or paragraphs that describe entry group contents.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A short name to identify the entry group, for example, \"analytics data - jan 2011\".","description_kind":"plain","optional":true},"entry_group_id":{"type":"string","description":"The id of the entry group to create. The id must begin with a letter or underscore,\ncontain only English letters, numbers and underscores, and be at most 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the entry group in URL format. Example: projects/{project}/locations/{location}/entryGroups/{entryGroupId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"EntryGroup location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_binding":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_member":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag":{"version":0,"block":{"attributes":{"child_policy_tags":{"type":["list","string"],"description":"Resource names of child policy tags of this policy tag.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this policy tag. It must: contain only unicode characters, tabs,\nnewlines, carriage returns and page breaks; and be at most 2000 bytes long when\nencoded in UTF-8. If not set, defaults to an empty description.\nIf not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this policy tag. It must: be unique within the parent\ntaxonomy; contain only unicode letters, numbers, underscores, dashes and spaces;\nnot start or end with spaces; and be at most 200 bytes long when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this policy tag, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}/policyTags/{policytag}\"","description_kind":"plain","computed":true},"parent_policy_tag":{"type":"string","description":"Resource name of this policy tag's parent policy tag.\nIf empty, it means this policy tag is a top level policy tag.\nIf not set, defaults to an empty string.","description_kind":"plain","optional":true},"taxonomy":{"type":"string","description":"Taxonomy the policy tag is associated with","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag":{"version":0,"block":{"attributes":{"column":{"type":"string","description":"Resources like Entry can have schemas associated with them. This scope allows users to attach tags to an\nindividual column based on that schema.\n\nFor attaching a tag to a nested column, use '.' to separate the column names. Example:\n'outer_column.inner_column'","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag in URL format. Example:\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/entries/{entryId}/tags/{tag_id} or\nprojects/{project_id}/locations/{location}/entrygroups/{entryGroupId}/tags/{tag_id}\nwhere tag_id is a system-generated identifier. Note that this Tag may not actually be stored in the location in this name.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The name of the parent this tag is attached to. This can be the name of an entry or an entry group. If an entry group, the tag will be attached to\nall entries in that group.","description_kind":"plain","optional":true},"template":{"type":"string","description":"The resource name of the tag template that this tag uses. Example:\nprojects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}\nThis field cannot be modified after creation.","description_kind":"plain","required":true},"template_displayname":{"type":"string","description":"The display name of the tag template.","description_kind":"plain","computed":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"bool_value":{"type":"bool","description":"Holds the value for a tag field with boolean type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of this field","description_kind":"plain","computed":true},"double_value":{"type":"number","description":"Holds the value for a tag field with double type.","description_kind":"plain","optional":true},"enum_value":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","optional":true},"field_name":{"type":"string","description_kind":"plain","required":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag. For example, a higher value can indicate\na more important field. The value can be negative. Multiple fields can have the same order, and field orders\nwithin a tag do not have to be sequential.","description_kind":"plain","computed":true},"string_value":{"type":"string","description":"Holds the value for a tag field with string type.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"Holds the value for a tag field with timestamp type.","description_kind":"plain","optional":true}},"description":"This maps the ID of a tag field to the value of and additional information about that field.\nValid field IDs are defined by the tag's template. A tag must have at least 1 field and at most 500 fields.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name for this template.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"This confirms the deletion of any possible tags using this template. Must be set to true in order to delete the tag template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Template location region.","description_kind":"plain","optional":true,"computed":true},"tag_template_id":{"type":"string","description":"The id of the tag template to create.","description_kind":"plain","required":true}},"block_types":{"fields":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A description for this field.","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"The display name for this field.","description_kind":"plain","optional":true,"computed":true},"field_id":{"type":"string","description_kind":"plain","required":true},"is_required":{"type":"bool","description":"Whether this is a required field. Defaults to false.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the tag template field in URL format. Example: projects/{project_id}/locations/{location}/tagTemplates/{tagTemplateId}/fields/{field}","description_kind":"plain","computed":true},"order":{"type":"number","description":"The order of this field with respect to other fields in this tag template.\nA higher value indicates a more important field. The value can be negative.\nMultiple fields can have the same order, and field orders within a tag do not have to be sequential.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"type":{"nesting_mode":"list","block":{"attributes":{"primitive_type":{"type":"string","description":"Represents primitive types - string, bool etc.\n Exactly one of 'primitive_type' or 'enum_type' must be set Possible values: [\"DOUBLE\", \"STRING\", \"BOOL\", \"TIMESTAMP\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enum_type":{"nesting_mode":"list","block":{"block_types":{"allowed_values":{"nesting_mode":"set","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the enum value.","description_kind":"plain","required":true}},"description":"The set of allowed values for this enum. The display names of the\nvalues must be case-insensitively unique within this set. Currently,\nenum values can only be added to the list of allowed values. Deletion\nand renaming of enum values are not supported.\nCan have up to 500 allowed values.","description_kind":"plain"},"min_items":1}},"description":"Represents an enum type.\n Exactly one of 'primitive_type' or 'enum_type' must be set","description_kind":"plain"},"max_items":1}},"description":"The type of value this tag field can contain.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of tag template field IDs and the settings for the field. This set is an exhaustive list of the allowed fields. This set must contain at least one field and at most 500 fields. The change of field_id will be resulting in re-creating of field. The change of primitive_type will be resulting in re-creating of field, however if the field is a required, you cannot update it.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy":{"version":0,"block":{"attributes":{"activated_policy_types":{"type":["list","string"],"description":"A list of policy types that are activated for this taxonomy. If not set,\ndefaults to an empty list. Possible values: [\"POLICY_TYPE_UNSPECIFIED\", \"FINE_GRAINED_ACCESS_CONTROL\"]","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of this taxonomy. It must: contain only unicode characters,\ntabs, newlines, carriage returns and page breaks; and be at most 2000 bytes\nlong when encoded in UTF-8. If not set, defaults to an empty description.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User defined name of this taxonomy.\nThe taxonomy display name must be unique within an organization.\nIt must: contain only unicode letters, numbers, underscores, dashes\nand spaces; not start or end with spaces; and be at most 200 bytes\nlong when encoded in UTF-8.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of this taxonomy, whose format is:\n\"projects/{project}/locations/{region}/taxonomies/{taxonomy}\".","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Taxonomy location region.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance":{"version":0,"block":{"attributes":{"api_endpoint":{"type":"string","description":"Endpoint on which the REST APIs is accessible.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"dataproc_service_account":{"type":"string","description":"User-managed service account to set on Dataproc when Cloud Data Fusion creates Dataproc to run data processing pipelines.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of the instance.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name for an instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_rbac":{"type":"bool","description":"Option to enable granular role-based access control.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Option to enable Stackdriver Logging.","description_kind":"plain","optional":true},"enable_stackdriver_monitoring":{"type":"bool","description":"Option to enable Stackdriver Monitoring.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket generated by Data Fusion in the customer project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for instance to use to annotate any related underlying resources,\nsuch as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"options":{"type":["map","string"],"description":"Map of additional options used to configure the behavior of Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"p4_service_account":{"type":"string","description":"P4 service account for the customer project.","description_kind":"plain","computed":true},"private_instance":{"type":"bool","description":"Specifies whether the Data Fusion instance should be private. If set to\ntrue, all Data Fusion nodes will have private IP addresses and will not be\nable to access the public internet.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Data Fusion instance.","description_kind":"plain","optional":true,"computed":true},"service_endpoint":{"type":"string","description":"Endpoint on which the Data Fusion UI and REST APIs are accessible.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this Data Fusion instance.\n- CREATING: Instance is being created\n- RUNNING: Instance is running and ready for requests\n- FAILED: Instance creation failed\n- DELETING: Instance is being deleted\n- UPGRADING: Instance is being upgraded\n- RESTARTING: Instance is being restarted","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of this Data Fusion instance if available.","description_kind":"plain","computed":true},"tenant_project_id":{"type":"string","description":"The name of the tenant project.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Represents the type of Data Fusion instance. Each type is configured with\nthe default settings for processing and memory.\n- BASIC: Basic Data Fusion instance. In Basic type, the user will be able to create data pipelines\nusing point and click UI. However, there are certain limitations, such as fewer number\nof concurrent pipelines, no support for streaming pipelines, etc.\n- ENTERPRISE: Enterprise Data Fusion instance. In Enterprise type, the user will have more features\navailable, such as support for streaming pipelines, higher number of concurrent pipelines, etc.\n- DEVELOPER: Developer Data Fusion instance. In Developer type, the user will have all features available but\nwith restrictive capabilities. This is to help enterprises design and develop their data ingestion and integration\npipelines at low cost. Possible values: [\"BASIC\", \"ENTERPRISE\", \"DEVELOPER\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time the instance was last updated in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds.","description_kind":"plain","computed":true},"version":{"type":"string","description":"Current version of the Data Fusion.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"Name of the zone in which the Data Fusion instance will be created. Only DEVELOPER instances use this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"CDC\", \"HEALTHCARE\", \"CCAI_INSIGHTS\"]","description_kind":"plain","required":true},"state":{"type":"string","description":"The type of an accelator for a CDF instance. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true}},"description":"List of accelerators enabled for this CDF instance.\n\nIf accelerators are enabled it is possible a permadiff will be created with the Options field.\nUsers will need to either manually update their state file to include these diffed options, or include the field in a [lifecycle ignore changes block](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes).","description_kind":"plain"}},"crypto_key_config":{"nesting_mode":"list","block":{"attributes":{"key_reference":{"type":"string","description":"The name of the key which is used to encrypt/decrypt customer data. For key in Cloud KMS, the key should be in the format of projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","required":true}},"description":"The crypto key configuration. This field is used by the Customer-Managed Encryption Keys (CMEK) feature.","description_kind":"plain"},"max_items":1},"event_publish_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Option to enable Event Publishing.","description_kind":"plain","required":true},"topic":{"type":"string","description":"The resource name of the Pub/Sub topic. Format: projects/{projectId}/topics/{topic_id}","description_kind":"plain","required":true}},"description":"Option to enable and pass metadata for event publishing.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"ip_allocation":{"type":"string","description":"The IP range in CIDR notation to use for the managed Data Fusion instance\nnodes. This range must not overlap with any other ranges used in the Data Fusion instance network.","description_kind":"plain","required":true},"network":{"type":"string","description":"Name of the network in the project with which the tenant project\nwill be peered for executing pipelines. In case of shared VPC where the network resides in another host\nproject the network should specified in the form of projects/{host-project-id}/global/networks/{network}","description_kind":"plain","required":true}},"description":"Network configuration options. These are required when a private Data Fusion instance is to be created.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_fusion_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_loss_prevention_deidentify_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an deidentifyTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"deidentify_config":{"nesting_mode":"list","block":{"block_types":{"image_transformations":{"nesting_mode":"list","block":{"block_types":{"transforms":{"nesting_mode":"list","block":{"block_types":{"all_info_types":{"nesting_mode":"list","block":{"description":"Apply transformation to all findings not specified in other ImageTransformation's selectedInfoTypes.","description_kind":"plain"},"max_items":1},"all_text":{"nesting_mode":"list","block":{"description":"Apply transformation to all text that doesn't match an infoType.","description_kind":"plain"},"max_items":1},"redaction_color":{"nesting_mode":"list","block":{"attributes":{"blue":{"type":"number","description":"The amount of blue in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"green":{"type":"number","description":"The amount of green in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true},"red":{"type":"number","description":"The amount of red in the color as a value in the interval [0, 1].","description_kind":"plain","optional":true}},"description":"The color to use when redacting content from an image. If not specified, the default is black.","description_kind":"plain"},"max_items":1},"selected_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"},"min_items":1}},"description":"Apply transformation to the selected infoTypes.","description_kind":"plain"},"max_items":1}},"description":"For determination of how redaction of images should occur.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as an image and redact.","description_kind":"plain"},"max_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"attributes":{"replace_with_info_type_config":{"type":"bool","description":"Replace each matching finding with the name of the info type.","description_kind":"plain","optional":true}},"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character.\nMasking can start from the beginning or end of the string.","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"Range of shift in days. Negative means shift to earlier in time.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends).\nNegative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"An integer value.","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month, or 0 if specifying a\nyear by itself or a year and month where the day is not significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12, or 0 if specifying a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999, or 0 if specifying a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Primitive transformation to apply to the infoType.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the dataset as free-form text and apply the same free text transformation everywhere","description_kind":"plain"},"max_items":1},"record_transformations":{"nesting_mode":"list","block":{"block_types":{"field_transformations":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against.\nThe 'value' block must only contain one argument. For example when a condition is evaluated against a string-type field, only 'string_value' should be set.\nThis argument is mandatory, except for conditions using the 'EXISTS' operator.","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression.","description_kind":"plain"},"max_items":1}},"description":"Only apply the transformation if the condition evaluates to true for the given RecordCondition. The conditions are allowed to reference fields that are not used in the actual transformation.\nExample Use Cases:\n- Apply a different bucket transformation to an age column if the zip code column for the same record is within a specific range.\n- Redact a field if the date of birth field is greater than 85.","description_kind":"plain"},"max_items":1},"fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Input field(s) to apply the transformation to. When you have columns that reference their position within a list, omit the index from the FieldId.\nFieldId name matching ignores the index. For example, instead of \"contact.nums[0].type\", use \"contact.nums.type\".","description_kind":"plain"},"min_items":1},"info_type_transformations":{"nesting_mode":"list","block":{"block_types":{"transformations":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"InfoTypes to apply the transformation to. Leaving this empty will apply the transformation to apply to\nall findings that correspond to infoTypes that were requested in InspectConfig.","description_kind":"plain"}},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"},"min_items":1}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking. Only one of this or 'common_characters_to_ignore' must be specified.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Only one of this or 'characters_to_skip' must be specified. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Only one of this, 'custom_alphabet' or 'radix' must be specified. Possible values: [\"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''. Only one of this, 'common_alphabet' or 'radix' must be specified.","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\]. Only one of this, 'custom_alphabet' or 'common_alphabet' must be specified.","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"min_items":1,"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","required":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key). Only one of this, 'transient' or 'unwrapped' must be specified.\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes. Only one of this, 'unwrapped' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true,"sensitive":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible. Only one of this, 'transient' or 'kms_wrapped' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace each input value with a given value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"replace_with_info_type_config":{"nesting_mode":"list","block":{"description":"Replace each matching finding with the name of the info type.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","required":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Transformation for each infoType. Cannot specify more than one for a given infoType.","description_kind":"plain"},"min_items":1}},"description":"Treat the contents of the field as free text, and selectively transform content that matches an InfoType.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1},"primitive_transformation":{"nesting_mode":"list","block":{"block_types":{"bucketing_config":{"nesting_mode":"list","block":{"block_types":{"buckets":{"nesting_mode":"list","block":{"block_types":{"max":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound of the range, exclusive; type must match min.\nThe 'max' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"min":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound of the range, inclusive. Type should be the same as max if used.\nThe 'min' block must only contain one argument. See the 'bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"max_items":1},"replacement_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replacement value for this bucket.\nThe 'replacement_value' block must only contain one argument.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Set of buckets. Ranges must be non-overlapping.\nBucket is represented as a range, along with replacement values.","description_kind":"plain"}}},"description":"Generalization function that buckets values based on ranges. The ranges and replacement values are dynamically provided by the user for custom behavior, such as 1-30 -\u003e LOW 31-65 -\u003e MEDIUM 66-100 -\u003e HIGH\nThis can be used on data of type: number, long, string, timestamp.\nIf the provided value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"character_mask_config":{"nesting_mode":"list","block":{"attributes":{"masking_character":{"type":"string","description":"Character to use to mask the sensitive values—for example, * for an alphabetic string such as a name, or 0 for a numeric string\nsuch as ZIP code or credit card number. This string must have a length of 1. If not supplied, this value defaults to * for\nstrings, and 0 for digits.","description_kind":"plain","optional":true},"number_to_mask":{"type":"number","description":"Number of characters to mask. If not set, all matching chars will be masked. Skipped characters do not count towards this tally.\nIf number_to_mask is negative, this denotes inverse masking. Cloud DLP masks all but a number of characters. For example, suppose you have the following values:\n- 'masking_character' is *\n- 'number_to_mask' is -4\n- 'reverse_order' is false\n- 'characters_to_ignore' includes -\n- Input string is 1234-5678-9012-3456\n\nThe resulting de-identified string is ****-****-****-3456. Cloud DLP masks all but the last four characters. If reverseOrder is true, all but the first four characters are masked as 1234-****-****-****.","description_kind":"plain","optional":true},"reverse_order":{"type":"bool","description":"Mask characters in reverse order. For example, if masking_character is 0, number_to_mask is 14, and reverse_order is 'false', then the\ninput string '1234-5678-9012-3456' is masked as '00000000000000-3456'.","description_kind":"plain","optional":true}},"block_types":{"characters_to_ignore":{"nesting_mode":"list","block":{"attributes":{"characters_to_skip":{"type":"string","description":"Characters to not transform when masking.","description_kind":"plain","optional":true},"common_characters_to_ignore":{"type":"string","description":"Common characters to not transform when masking. Useful to avoid removing punctuation. Possible values: [\"NUMERIC\", \"ALPHA_UPPER_CASE\", \"ALPHA_LOWER_CASE\", \"PUNCTUATION\", \"WHITESPACE\"]","description_kind":"plain","optional":true}},"description":"Characters to skip when doing de-identification of a value. These will be left alone and skipped.","description_kind":"plain"}}},"description":"Partially mask a string by replacing a given number of characters with a fixed character. Masking can start from the beginning or end of the string. This can be used on data of any type (numbers, longs, and so on) and when de-identifying structured data we'll attempt to preserve the original data's type. (This allows you to take a long like 123 and modify it to a string like **3).","description_kind":"plain"},"max_items":1},"crypto_deterministic_config":{"nesting_mode":"list","block":{"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"A context may be used for higher security and maintaining referential integrity such that the same identifier in two different contexts will be given a distinct surrogate. The context is appended to plaintext value being encrypted. On decryption the provided context is validated against the value used during encryption. If a context was provided during encryption, same context must be provided during decryption as well.\n\nIf the context is not set, plaintext would be used as is for encryption. If the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\nplaintext would be used as is for encryption.\n\nNote that case (1) is expected when an InfoTypeTransformation is applied to both structured and unstructured ContentItems.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function. For deterministic encryption using AES-SIV, the provided key is internally expanded to 64 bytes prior to use.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom info type to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom info type followed by the number of characters comprising the surrogate. The following scheme defines the format: {info type name}({surrogate character count}):{surrogate}\n\nFor example, if the name of custom info type is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom info type 'Surrogate'. This facilitates reversal of the surrogate when it occurs in free text.\n\nNote: For record transformations where the entire cell in a table is being transformed, surrogates are not mandatory. Surrogates are used to denote the location of the token and are necessary for re-identification in free form text.\n\nIn order for inspection to work properly, the name of this info type must not occur naturally anywhere in your data; otherwise, inspection may either\n\n* reverse a surrogate that does not correspond to an actual identifier\n* be unable to parse the surrogate and result in an error\n\nTherefore, choose your custom info type name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates deterministic encryption for the given input. Outputs a base64 encoded representation of the encrypted output. Uses AES-SIV based on the RFC [https://tools.ietf.org/html/rfc5297](https://tools.ietf.org/html/rfc5297).","description_kind":"plain"},"max_items":1},"crypto_hash_config":{"nesting_mode":"list","block":{"block_types":{"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption function.","description_kind":"plain"},"max_items":1}},"description":"Pseudonymization method that generates surrogates via cryptographic hashing. Uses SHA-256. The key size must be either 32 or 64 bytes.\nOutputs a base64 encoded representation of the hashed output (for example, L7k0BHmF1ha5U3NfGykjro4xWi1MPVQPjhMAZbSV9mM=).\nCurrently, only string and integer values can be hashed.\nSee https://cloud.google.com/dlp/docs/pseudonymization to learn more.","description_kind":"plain"},"max_items":1},"crypto_replace_ffx_fpe_config":{"nesting_mode":"list","block":{"attributes":{"common_alphabet":{"type":"string","description":"Common alphabets. Possible values: [\"FFX_COMMON_NATIVE_ALPHABET_UNSPECIFIED\", \"NUMERIC\", \"HEXADECIMAL\", \"UPPER_CASE_ALPHA_NUMERIC\", \"ALPHA_NUMERIC\"]","description_kind":"plain","optional":true},"custom_alphabet":{"type":"string","description":"This is supported by mapping these to the alphanumeric characters that the FFX mode natively supports. This happens before/after encryption/decryption. Each character listed must appear only once. Number of characters must be in the range \\[2, 95\\]. This must be encoded as ASCII. The order of characters does not matter. The full list of allowed characters is:\n\n''0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ~'!@#$%^\u0026*()_-+={[}]|:;\"'\u003c,\u003e.?/''","description_kind":"plain","optional":true},"radix":{"type":"number","description":"The native way to select the alphabet. Must be in the range \\[2, 95\\].","description_kind":"plain","optional":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"The 'tweak', a context may be used for higher security since the same identifier in two different contexts won't be given the same surrogate. If the context is not set, a default tweak will be used.\n\nIf the context is set but:\n\n1. there is no record present when transforming a given value or\n2. the field is not present when transforming a given value,\n\na default tweak will be used.\n\nNote that case (1) is expected when an 'InfoTypeTransformation' is applied to both structured and non-structured 'ContentItem's. Currently, the referenced field may be of value type integer or string.\n\nThe tweak is constructed as a sequence of bytes in big endian byte order such that:\n\n* a 64 bit integer is encoded followed by a single byte of value 1\n* a string is encoded in UTF-8 format followed by a single byte of value 2","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"The key used by the encryption algorithm.","description_kind":"plain"},"max_items":1},"surrogate_info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed at [https://cloud.google.com/dlp/docs/infotypes-reference](https://cloud.google.com/dlp/docs/infotypes-reference) when specifying a built-in type. When sending Cloud DLP results to Data Catalog, infoType names should conform to the pattern '[A-Za-z0-9$-_]{1,64}'.","description_kind":"plain","optional":true},"version":{"type":"string","description":"Optional version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"The custom infoType to annotate the surrogate with. This annotation will be applied to the surrogate by prefixing it with the name of the custom infoType followed by the number of characters comprising the surrogate. The following scheme defines the format: info\\_type\\_name(surrogate\\_character\\_count):surrogate\n\nFor example, if the name of custom infoType is 'MY\\_TOKEN\\_INFO\\_TYPE' and the surrogate is 'abc', the full replacement value will be: 'MY\\_TOKEN\\_INFO\\_TYPE(3):abc'\n\nThis annotation identifies the surrogate when inspecting content using the custom infoType ['SurrogateType'](https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#surrogatetype). This facilitates reversal of the surrogate when it occurs in free text.\n\nIn order for inspection to work properly, the name of this infoType must not occur naturally anywhere in your data; otherwise, inspection may find a surrogate that does not correspond to an actual identifier. Therefore, choose your custom infoType name carefully after considering what your data looks like. One way to select a name that has a high chance of yielding reliable detection is to include one or more unicode characters that are highly improbable to exist in your data. For example, assuming your data is entered from a regular ASCII keyboard, the symbol with the hex code point 29DD might be used like so: ⧝MY\\_TOKEN\\_TYPE","description_kind":"plain"},"max_items":1}},"description":"Replaces an identifier with a surrogate using Format Preserving Encryption (FPE) with the FFX mode of operation; however when used in the 'content.reidentify' API method, it serves the opposite function by reversing the surrogate back into the original identifier. The identifier must be encoded as ASCII. For a given crypto key and context, the same identifier will be replaced with the same surrogate. Identifiers must be at least two characters long. In the case that the identifier is the empty string, it will be skipped. See [https://cloud.google.com/dlp/docs/pseudonymization](https://cloud.google.com/dlp/docs/pseudonymization) to learn more.\n\nNote: We recommend using CryptoDeterministicConfig for all use cases which do not require preserving the input alphabet space and size, plus warrant referential integrity.","description_kind":"plain"},"max_items":1},"date_shift_config":{"nesting_mode":"list","block":{"attributes":{"lower_bound_days":{"type":"number","description":"For example, -5 means shift date to at most 5 days back in the past.","description_kind":"plain","required":true},"upper_bound_days":{"type":"number","description":"Range of shift in days. Actual shift will be selected at random within this range (inclusive ends). Negative means shift to earlier in time. Must not be more than 365250 days (1000 years) each direction.\n\nFor example, 3 means shift date to at most 3 days into the future.","description_kind":"plain","required":true}},"block_types":{"context":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Points to the field that contains the context, for example, an entity id.\nIf set, must also set cryptoKey. If set, shift will be consistent for the given context.","description_kind":"plain"},"max_items":1},"crypto_key":{"nesting_mode":"list","block":{"block_types":{"kms_wrapped":{"nesting_mode":"list","block":{"attributes":{"crypto_key_name":{"type":"string","description":"The resource name of the KMS CryptoKey to use for unwrapping.","description_kind":"plain","required":true},"wrapped_key":{"type":"string","description":"The wrapped data crypto key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"KMS wrapped key.\nInclude to use an existing data crypto key wrapped by KMS. The wrapped key must be a 128-, 192-, or 256-bit key. Authorization requires the following IAM permissions when sending a request to perform a crypto transformation using a KMS-wrapped crypto key: dlp.kms.encrypt\nFor more information, see [Creating a wrapped key](https://cloud.google.com/dlp/docs/create-wrapped-key).\nNote: When you use Cloud KMS for cryptographic operations, [charges apply](https://cloud.google.com/kms/pricing).","description_kind":"plain"},"max_items":1},"transient":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the key. This is an arbitrary string used to differentiate different keys. A unique key is generated per name: two separate 'TransientCryptoKey' protos share the same generated key if their names are the same. When the data crypto key is generated, this name is not used in any way (repeating the api call will result in a different key being generated).","description_kind":"plain","required":true}},"description":"Transient crypto key. Use this to have a random data crypto key generated. It will be discarded after the request finishes.","description_kind":"plain"},"max_items":1},"unwrapped":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A 128/192/256 bit key.\n\nA base64-encoded string.","description_kind":"plain","required":true}},"description":"Unwrapped crypto key. Using raw keys is prone to security risks due to accidentally leaking the key. Choose another type of key if possible.","description_kind":"plain"},"max_items":1}},"description":"Causes the shift to be computed based on this key and the context. This results in the same shift for the same context and cryptoKey. If set, must also set context. Can only be applied to table items.","description_kind":"plain"},"max_items":1}},"description":"Shifts dates by random number of days, with option to be consistent for the same context. See https://cloud.google.com/dlp/docs/concepts-date-shifting to learn more.","description_kind":"plain"},"max_items":1},"fixed_size_bucketing_config":{"nesting_mode":"list","block":{"attributes":{"bucket_size":{"type":"number","description":"Size of each bucket (except for minimum and maximum buckets).\nSo if lower_bound = 10, upper_bound = 89, and bucketSize = 10, then the following buckets would be used: -10, 10-20, 20-30, 30-40, 40-50, 50-60, 60-70, 70-80, 80-89, 89+.\nPrecision up to 2 decimals works.","description_kind":"plain","required":true}},"block_types":{"lower_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Lower bound value of buckets.\nAll values less than lower_bound are grouped together into a single bucket; for example if lower_bound = 10, then all values less than 10 are replaced with the value \"-10\".\nThe 'lower_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1},"upper_bound":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Upper bound value of buckets.\nAll values greater than upper_bound are grouped together into a single bucket; for example if upper_bound = 89, then all values greater than 89 are replaced with the value \"89+\".\nThe 'upper_bound' block must only contain one argument. See the 'fixed_size_bucketing_config' block description for more information about choosing a data type.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Buckets values based on fixed size ranges. The Bucketing transformation can provide all of this functionality, but requires more configuration. This message is provided as a convenience to the user for simple bucketing strategies.\n\nThe transformed value will be a hyphenated string of {lower_bound}-{upper_bound}. For example, if lower_bound = 10 and upper_bound = 20, all values that are within this bucket will be replaced with \"10-20\".\n\nThis can be used on data of type: double, long.\n\nIf the bound Value type differs from the type of data being transformed, we will first attempt converting the type of the data to be transformed to match the type of the bound before comparing.\n\nSee https://cloud.google.com/dlp/docs/concepts-bucketing to learn more.","description_kind":"plain"},"max_items":1},"redact_config":{"nesting_mode":"list","block":{"description":"Redact a given value. For example, if used with an InfoTypeTransformation transforming PHONE_NUMBER, and input 'My phone number is 206-555-0123', the output would be 'My phone number is '.","description_kind":"plain"},"max_items":1},"replace_config":{"nesting_mode":"list","block":{"block_types":{"new_value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Replace each input value with a given value.\nThe 'new_value' block must only contain one argument. For example when replacing the contents of a string-type field, only 'string_value' should be set.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Replace with a specified value.","description_kind":"plain"},"max_items":1},"replace_dictionary_config":{"nesting_mode":"list","block":{"block_types":{"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one phrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"A list of words to select from for random replacement. The [limits](https://cloud.google.com/dlp/limits) page contains details about the size limits of dictionaries.","description_kind":"plain"},"max_items":1}},"description":"Replace with a value randomly drawn (with replacement) from a dictionary.","description_kind":"plain"},"max_items":1},"time_part_config":{"nesting_mode":"list","block":{"attributes":{"part_to_extract":{"type":"string","description":"The part of the time to keep. Possible values: [\"YEAR\", \"MONTH\", \"DAY_OF_MONTH\", \"DAY_OF_WEEK\", \"WEEK_OF_YEAR\", \"HOUR_OF_DAY\"]","description_kind":"plain","optional":true}},"description":"For use with Date, Timestamp, and TimeOfDay, extract or preserve a portion of the value.","description_kind":"plain"},"max_items":1}},"description":"Apply the transformation to the entire field.\nThe 'primitive_transformation' block must only contain one argument, corresponding to the type of transformation.\nOnly one of 'primitive_transformation' or 'info_type_transformations' must be specified.","description_kind":"plain"},"max_items":1}},"description":"Transform the record by applying various field transformations.","description_kind":"plain"}},"record_suppressions":{"nesting_mode":"list","block":{"block_types":{"condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the result of conditions. Default and currently only supported value is AND. Default value: \"AND\" Possible values: [\"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"operator":{"type":"string","description":"Operator used to compare the field or infoType to the value. Possible values: [\"EQUAL_TO\", \"NOT_EQUAL_TO\", \"GREATER_THAN\", \"LESS_THAN\", \"GREATER_THAN_OR_EQUALS\", \"LESS_THAN_OR_EQUALS\", \"EXISTS\"]","description_kind":"plain","required":true}},"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","optional":true}},"description":"Field within the record this condition is evaluated against.","description_kind":"plain"},"min_items":1,"max_items":1},"value":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"A boolean value.","description_kind":"plain","optional":true},"day_of_week_value":{"type":"string","description":"Represents a day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true},"float_value":{"type":"number","description":"A float value.","description_kind":"plain","optional":true},"integer_value":{"type":"string","description":"An integer value (int64 format)","description_kind":"plain","optional":true},"string_value":{"type":"string","description":"A string value.","description_kind":"plain","optional":true},"timestamp_value":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"date_value":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0 to specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a month and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without a year.","description_kind":"plain","optional":true}},"description":"Represents a whole or partial calendar date.","description_kind":"plain"},"max_items":1},"time_value":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23. An API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Represents a time of day.","description_kind":"plain"},"max_items":1}},"description":"Value to compare against. [Mandatory, except for EXISTS tests.]","description_kind":"plain"},"max_items":1}},"description":"A collection of conditions.","description_kind":"plain"}}},"description":"Conditions to apply to the expression.","description_kind":"plain"},"max_items":1}},"description":"An expression, consisting of an operator and conditions.","description_kind":"plain"},"max_items":1}},"description":"A condition that when it evaluates to true will result in the record being evaluated to be suppressed from the transformed content.","description_kind":"plain"},"max_items":1}},"description":"Configuration defining which records get suppressed entirely. Records that match any suppression rule are omitted from the output.","description_kind":"plain"}}},"description":"Treat the dataset as structured. Transformations can be applied to specific locations within structured datasets, such as transforming a column within a table.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the deidentify template","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_discovery_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The creation timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Display Name (max 1000 Chars)","description_kind":"plain","optional":true},"errors":{"type":["list",["object",{"details":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"timestamp":"string"}]],"description":"Output only. A stream of errors encountered when the config was activated. Repeated errors may result in the config automatically being paused. Output only field. Will return the last 100 errors. Whenever the config is modified this list will be cleared.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_templates":{"type":["list","string"],"description":"Detection logic for profile generation","description_kind":"plain","optional":true},"last_run_time":{"type":"string","description":"Output only. The timestamp of the last time this config was executed","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location to create the discovery config in.","description_kind":"plain","required":true},"name":{"type":"string","description":"Unique resource name for the DiscoveryConfig, assigned by the service when the DiscoveryConfig is created.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the discovery config in any of the following formats:\n\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Required. A status for this configuration Possible values: [\"RUNNING\", \"PAUSED\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of a DiscoveryConfig.","description_kind":"plain","computed":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"export_data":{"nesting_mode":"list","block":{"block_types":{"profile_table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset Id of the table","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table. If omitted, the project ID is inferred from the API call.","description_kind":"plain","optional":true},"table_id":{"type":"string","description":"Name of the table","description_kind":"plain","optional":true}},"description":"Store all table and column profiles in an existing table or a new table in an existing dataset. Each re-generation will result in a new row in BigQuery","description_kind":"plain"},"max_items":1}},"description":"Export data profiles into a provided location","description_kind":"plain"},"max_items":1},"pub_sub_notification":{"nesting_mode":"list","block":{"attributes":{"detail_of_message":{"type":"string","description":"How much data to include in the pub/sub message. Possible values: [\"TABLE_PROFILE\", \"RESOURCE_NAME\"]","description_kind":"plain","optional":true},"event":{"type":"string","description":"The type of event that triggers a Pub/Sub. At most one PubSubNotification per EventType is permitted. Possible values: [\"NEW_PROFILE\", \"CHANGED_PROFILE\", \"SCORE_INCREASED\", \"ERROR_CHANGED\"]","description_kind":"plain","optional":true},"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to. Format is projects/{project}/topics/{topic}.","description_kind":"plain","optional":true}},"block_types":{"pubsub_condition":{"nesting_mode":"list","block":{"block_types":{"expressions":{"nesting_mode":"list","block":{"attributes":{"logical_operator":{"type":"string","description":"The operator to apply to the collection of conditions Possible values: [\"OR\", \"AND\"]","description_kind":"plain","optional":true}},"block_types":{"conditions":{"nesting_mode":"list","block":{"attributes":{"minimum_risk_score":{"type":"string","description":"The minimum data risk score that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true},"minimum_sensitivity_score":{"type":"string","description":"The minimum sensitivity level that triggers the condition. Possible values: [\"HIGH\", \"MEDIUM_OR_HIGH\"]","description_kind":"plain","optional":true}},"description":"Conditions to apply to the expression","description_kind":"plain"}}},"description":"An expression","description_kind":"plain"},"max_items":1}},"description":"Conditions for triggering pubsub","description_kind":"plain"},"max_items":1}},"description":"Publish a message into the Pub/Sub topic.","description_kind":"plain"},"max_items":1}},"description":"Actions to execute at the completion of scanning","description_kind":"plain"}},"org_config":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project that will run the scan. The DLP service account that exists within this project must have access to all resources that are profiled, and the cloud DLP API must be enabled.","description_kind":"plain","optional":true}},"block_types":{"location":{"nesting_mode":"list","block":{"attributes":{"folder_id":{"type":"string","description":"The ID for the folder within an organization to scan","description_kind":"plain","optional":true},"organization_id":{"type":"string","description":"The ID of an organization to scan","description_kind":"plain","optional":true}},"description":"The data to scan folder org or project","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"targets":{"nesting_mode":"list","block":{"block_types":{"big_query_target":{"nesting_mode":"list","block":{"block_types":{"cadence":{"nesting_mode":"list","block":{"block_types":{"schema_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently profiles may be updated when schemas are modified. Default to monthly Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table's schema has been modified and should have the profile updated. Defaults to NEW_COLUMN. Possible values: [\"SCHEMA_NEW_COLUMNS\", \"SCHEMA_REMOVED_COLUMNS\"]","description_kind":"plain","optional":true}},"description":"Governs when to update data profiles when a schema is modified","description_kind":"plain"},"max_items":1},"table_modified_cadence":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"How frequently data profiles can be updated when tables are modified. Defaults to never. Possible values: [\"UPDATE_FREQUENCY_NEVER\", \"UPDATE_FREQUENCY_DAILY\", \"UPDATE_FREQUENCY_MONTHLY\"]","description_kind":"plain","optional":true},"types":{"type":["list","string"],"description":"The type of events to consider when deciding if the table has been modified and should have the profile updated. Defaults to MODIFIED_TIMESTAMP Possible values: [\"TABLE_MODIFIED_TIMESTAMP\"]","description_kind":"plain","optional":true}},"description":"Governs when to update profile when a table is modified.","description_kind":"plain"},"max_items":1}},"description":"How often and when to update profiles. New tables that match both the fiter and conditions are scanned as quickly as possible depending on system capacity.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"created_after":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format with nanosecond resolution and upto nine fractional digits.","description_kind":"plain","optional":true},"type_collection":{"type":"string","description":"Restrict discovery to categories of table types. Currently view, materialized view, snapshot and non-biglake external tables are supported. Possible values: [\"BIG_QUERY_COLLECTION_ALL_TYPES\", \"BIG_QUERY_COLLECTION_ONLY_SUPPORTED_TYPES\"]","description_kind":"plain","optional":true}},"block_types":{"or_conditions":{"nesting_mode":"list","block":{"attributes":{"min_age":{"type":"string","description":"Duration format. The minimum age a table must have before Cloud DLP can profile it. Value greater than 1.","description_kind":"plain","optional":true},"min_row_count":{"type":"number","description":"Minimum number of rows that should be present before Cloud DLP profiles as a table.","description_kind":"plain","optional":true}},"description":"At least one of the conditions must be true for a table to be scanned.","description_kind":"plain"},"max_items":1},"types":{"nesting_mode":"list","block":{"attributes":{"types":{"type":["list","string"],"description":"A set of BiqQuery table types Possible values: [\"BIG_QUERY_TABLE_TYPE_TABLE\", \"BIG_QUERY_TABLE_TYPE_EXTERNAL_BIG_LAKE\"]","description_kind":"plain","optional":true}},"description":"Restrict discovery to specific table type","description_kind":"plain"},"max_items":1}},"description":"In addition to matching the filter, these conditions must be true before a profile is generated","description_kind":"plain"},"max_items":1},"disabled":{"nesting_mode":"list","block":{"description":"Tables that match this filter will not have profiles created.","description_kind":"plain"},"max_items":1},"filter":{"nesting_mode":"list","block":{"block_types":{"other_tables":{"nesting_mode":"list","block":{"description":"Catch-all. This should always be the last filter in the list because anything above it will apply first.","description_kind":"plain"},"max_items":1},"tables":{"nesting_mode":"list","block":{"block_types":{"include_regexes":{"nesting_mode":"list","block":{"block_types":{"patterns":{"nesting_mode":"list","block":{"attributes":{"dataset_id_regex":{"type":"string","description":"if unset, this property matches all datasets","description_kind":"plain","optional":true},"project_id_regex":{"type":"string","description":"For organizations, if unset, will match all projects. Has no effect for data profile configurations created within a project.","description_kind":"plain","optional":true},"table_id_regex":{"type":"string","description":"if unset, this property matches all tables","description_kind":"plain","optional":true}},"description":"A single BigQuery regular expression pattern to match against one or more tables, datasets, or projects that contain BigQuery tables.","description_kind":"plain"}}},"description":"A collection of regular expressions to match a BQ table against.","description_kind":"plain"},"max_items":1}},"description":"A specific set of tables for this filter to apply to. A table collection must be specified in only one filter per config.","description_kind":"plain"},"max_items":1}},"description":"Required. The tables the discovery cadence applies to. The first target with a matching filter will be the one to apply to a table","description_kind":"plain"},"max_items":1}},"description":"BigQuery target for Discovery. The first target to match a table will be the one applied.","description_kind":"plain"},"max_items":1}},"description":"Target to match against for determining what to scan and how frequently","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_inspect_template":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the inspect template.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the inspect template.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the inspect template. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the inspect template in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"template_id":{"type":"string","description":"The template id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is\n100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"inspect_config":{"nesting_mode":"list","block":{"attributes":{"content_options":{"type":["list","string"],"description":"List of options defining data content to scan. If empty, text, images, and other content will be included. Possible values: [\"CONTENT_TEXT\", \"CONTENT_IMAGE\"]","description_kind":"plain","optional":true},"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","required":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","required":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","required":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"},"min_items":1},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider.","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider.","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.\nFor tabular data, the context includes the column name.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version name for this InfoType.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"min_items":1,"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"min_items":1,"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_loss_prevention_job_trigger":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the job trigger.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the job trigger.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_run_time":{"type":"string","description":"The timestamp of the last time this trigger executed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the job trigger. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the trigger, either in the format 'projects/{{project}}'\nor 'projects/{{project}}/locations/{{location}}'","description_kind":"plain","required":true},"status":{"type":"string","description":"Whether the trigger is currently active. Default value: \"HEALTHY\" Possible values: [\"PAUSED\", \"HEALTHY\", \"CANCELLED\"]","description_kind":"plain","optional":true},"trigger_id":{"type":"string","description":"The trigger id can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+.\nThe maximum length is 100 characters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The last update timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true}},"block_types":{"inspect_job":{"nesting_mode":"list","block":{"attributes":{"inspect_template_name":{"type":"string","description":"The name of the template to run when this job is triggered.","description_kind":"plain","optional":true}},"block_types":{"actions":{"nesting_mode":"list","block":{"block_types":{"deidentify":{"nesting_mode":"list","block":{"attributes":{"cloud_storage_output":{"type":"string","description":"User settable Cloud Storage bucket and folders to store de-identified files.\n\nThis field must be set for cloud storage deidentification.\n\nThe output Cloud Storage bucket must be different from the input bucket.\n\nDe-identified files will overwrite files in the output path.\n\nForm of: gs://bucket/folder/ or gs://bucket","description_kind":"plain","required":true},"file_types_to_transform":{"type":["list","string"],"description":"List of user-specified file type groups to transform. If specified, only the files with these filetypes will be transformed.\n\nIf empty, all supported files will be transformed. Supported types may be automatically added over time.\n\nIf a file type is set in this field that isn't supported by the Deidentify action then the job will fail and will not be successfully created/started. Possible values: [\"IMAGE\", \"TEXT_FILE\", \"CSV\", \"TSV\"]","description_kind":"plain","optional":true}},"block_types":{"transformation_config":{"nesting_mode":"list","block":{"attributes":{"deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the default de-identify template.","description_kind":"plain","optional":true},"image_redact_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for images.","description_kind":"plain","optional":true},"structured_deidentify_template":{"type":"string","description":"If this template is specified, it will serve as the de-identify template for structured content such as delimited files and tables.","description_kind":"plain","optional":true}},"description":"User specified deidentify templates and configs for structured, unstructured, and image files.","description_kind":"plain"},"max_items":1},"transformation_details_storage_config":{"nesting_mode":"list","block":{"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The ID of the dataset containing this table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the project containing this table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The ID of the table. The ID must contain only letters (a-z,\nA-Z), numbers (0-9), or underscores (_). The maximum length\nis 1,024 characters.","description_kind":"plain","optional":true}},"description":"The BigQuery table in which to store the output.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Config for storing transformation details.","description_kind":"plain"},"max_items":1}},"description":"Create a de-identified copy of the requested table or files.","description_kind":"plain"},"max_items":1},"job_notification_emails":{"nesting_mode":"list","block":{"description":"Sends an email when the job completes. The email goes to IAM project owners and technical Essential Contacts.","description_kind":"plain"},"max_items":1},"pub_sub":{"nesting_mode":"list","block":{"attributes":{"topic":{"type":"string","description":"Cloud Pub/Sub topic to send notifications to.","description_kind":"plain","required":true}},"description":"Publish a message into a given Pub/Sub topic when the job completes.","description_kind":"plain"},"max_items":1},"publish_findings_to_cloud_data_catalog":{"nesting_mode":"list","block":{"description":"Publish findings of a DlpJob to Data Catalog.","description_kind":"plain"},"max_items":1},"publish_summary_to_cscc":{"nesting_mode":"list","block":{"description":"Publish the result summary of a DlpJob to the Cloud Security Command Center.","description_kind":"plain"},"max_items":1},"publish_to_stackdriver":{"nesting_mode":"list","block":{"description":"Enable Stackdriver metric dlp.googleapis.com/findingCount.","description_kind":"plain"},"max_items":1},"save_findings":{"nesting_mode":"list","block":{"block_types":{"output_config":{"nesting_mode":"list","block":{"attributes":{"output_schema":{"type":"string","description":"Schema used for writing the findings for Inspect jobs. This field is only used for\nInspect and must be unspecified for Risk jobs. Columns are derived from the Finding\nobject. If appending to an existing table, any columns from the predefined schema\nthat are missing will be added. No columns in the existing table will be deleted.\n\nIf unspecified, then all available columns will be used for a new table or an (existing)\ntable with no schema, and no changes will be made to an existing table that has a schema.\nOnly for use with external storage. Possible values: [\"BASIC_COLUMNS\", \"GCS_COLUMNS\", \"DATASTORE_COLUMNS\", \"BIG_QUERY_COLUMNS\", \"ALL_COLUMNS\"]","description_kind":"plain","optional":true}},"block_types":{"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"Name of the table. If is not set a new one will be generated for you with the following format:\n'dlp_googleapis_yyyy_mm_dd_[dlp_job_id]'. Pacific timezone will be used for generating the date details.","description_kind":"plain","optional":true}},"description":"Information on the location of the target BigQuery Table.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information on where to store output","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk","description_kind":"plain"},"max_items":1}},"description":"Configuration block for the actions to execute on the completion of a job. Can be specified multiple times, but only one for each type. Each action block supports fields documented below. This argument is processed in [attribute-as-blocks mode](https://www.terraform.io/docs/configuration/attr-as-blocks.html).","description_kind":"plain"}},"inspect_config":{"nesting_mode":"list","block":{"attributes":{"exclude_info_types":{"type":"bool","description":"When true, excludes type information of the findings.","description_kind":"plain","optional":true},"include_quote":{"type":"bool","description":"When true, a contextual quote from the data that triggered a finding is included in the response.","description_kind":"plain","optional":true},"min_likelihood":{"type":"string","description":"Only returns findings equal or above this threshold. See https://cloud.google.com/dlp/docs/likelihood for more info Default value: \"POSSIBLE\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"custom_info_types":{"nesting_mode":"list","block":{"attributes":{"exclusion_type":{"type":"string","description":"If set to EXCLUSION_TYPE_EXCLUDE this infoType will not cause a finding to be returned. It still can be used for rules matching. Possible values: [\"EXCLUSION_TYPE_EXCLUDE\"]","description_kind":"plain","optional":true},"likelihood":{"type":"string","description":"Likelihood to return for this CustomInfoType. This base value can be altered by a detection rule if the finding meets the criteria\nspecified by the rule. Default value: \"VERY_LIKELY\" Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names\nlisted at https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"CustomInfoType can either be a new infoType, or an extension of built-in infoType, when the name matches one of existing\ninfoTypes and that infoType is specified in 'info_types' field. Specifying the latter adds findings to the\none detected by the system. If built-in info type is not specified in 'info_types' list then the name is\ntreated as a custom info type.","description_kind":"plain"},"min_items":1,"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1},"stored_type":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"The creation timestamp of an inspectTemplate. Set by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Resource name of the requested StoredInfoType, for example 'organizations/433245324/storedInfoTypes/432452342'\nor 'projects/project-id/storedInfoTypes/432452342'.","description_kind":"plain","required":true}},"description":"A reference to a StoredInfoType to use with scanning.","description_kind":"plain"},"max_items":1},"surrogate_type":{"nesting_mode":"list","block":{"description":"Message for detecting output from deidentification transformations that support reversing.","description_kind":"plain"},"max_items":1}},"description":"Custom info types to be used. See https://cloud.google.com/dlp/docs/creating-custom-infotypes to learn more.","description_kind":"plain"}},"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Restricts what infoTypes to look for. The values must correspond to InfoType values returned by infoTypes.list\nor listed at https://cloud.google.com/dlp/docs/infotypes-reference.\n\nWhen no InfoTypes or CustomInfoTypes are specified in a request, the system may automatically choose what detectors to run.\nBy default this may be all types, but may change over time as detectors are updated.","description_kind":"plain"}},"limits":{"nesting_mode":"list","block":{"attributes":{"max_findings_per_item":{"type":"number","description":"Max number of findings that will be returned for each item scanned. The maximum returned is 2000.","description_kind":"plain","optional":true},"max_findings_per_request":{"type":"number","description":"Max number of findings that will be returned per request/job. The maximum returned is 2000.","description_kind":"plain","optional":true}},"block_types":{"max_findings_per_info_type":{"nesting_mode":"list","block":{"attributes":{"max_findings":{"type":"number","description":"Max findings limit for the given infoType.","description_kind":"plain","optional":true}},"block_types":{"info_type":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"Type of information the findings limit applies to. Only one limit per infoType should be provided. If InfoTypeLimit does\nnot have an infoType, the DLP API applies the limit against all infoTypes that are found but not\nspecified in another InfoTypeLimit.","description_kind":"plain"},"max_items":1}},"description":"Configuration of findings limit given for specified infoTypes.","description_kind":"plain"}}},"description":"Configuration to control the number of findings returned.","description_kind":"plain"},"max_items":1},"rule_set":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"List of infoTypes this rule set is applied to.","description_kind":"plain"}},"rules":{"nesting_mode":"list","block":{"block_types":{"exclusion_rule":{"nesting_mode":"list","block":{"attributes":{"matching_type":{"type":"string","description":"How the rule is applied. See the documentation for more information: https://cloud.google.com/dlp/docs/reference/rest/v2/InspectConfig#MatchingType Possible values: [\"MATCHING_TYPE_FULL_MATCH\", \"MATCHING_TYPE_PARTIAL_MATCH\", \"MATCHING_TYPE_INVERSE_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"exclude_by_hotword":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Drop if the hotword rule is contained in the proximate context.","description_kind":"plain"},"max_items":1},"exclude_info_types":{"nesting_mode":"list","block":{"block_types":{"info_types":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the information type. Either a name of your choosing when creating a CustomInfoType, or one of the names listed\nat https://cloud.google.com/dlp/docs/infotypes-reference when specifying a built-in type.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the information type to use. By default, the version is set to stable.","description_kind":"plain","optional":true}},"block_types":{"sensitivity_score":{"nesting_mode":"list","block":{"attributes":{"score":{"type":"string","description":"The sensitivity score applied to the resource. Possible values: [\"SENSITIVITY_LOW\", \"SENSITIVITY_MODERATE\", \"SENSITIVITY_HIGH\"]","description_kind":"plain","required":true}},"description":"Optional custom sensitivity for this InfoType. This only applies to data profiling.","description_kind":"plain"},"max_items":1}},"description":"If a finding is matched by any of the infoType detectors listed here, the finding will be excluded from the scan results.","description_kind":"plain"},"min_items":1}},"description":"Set of infoTypes for which findings would affect this rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1}},"description":"The rule that specifies conditions when findings of infoTypes specified in InspectionRuleSet are removed from results.","description_kind":"plain"},"max_items":1},"hotword_rule":{"nesting_mode":"list","block":{"block_types":{"hotword_regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified,\nthe entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression. Its syntax\n(https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","optional":true}},"description":"Regular expression pattern defining what qualifies as a hotword.","description_kind":"plain"},"max_items":1},"likelihood_adjustment":{"nesting_mode":"list","block":{"attributes":{"fixed_likelihood":{"type":"string","description":"Set the likelihood of a finding to a fixed value. Either this or relative_likelihood can be set. Possible values: [\"VERY_UNLIKELY\", \"UNLIKELY\", \"POSSIBLE\", \"LIKELY\", \"VERY_LIKELY\"]","description_kind":"plain","optional":true},"relative_likelihood":{"type":"number","description":"Increase or decrease the likelihood by the specified number of levels. For example,\nif a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1,\nthen it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY.\nLikelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an\nadjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY\nwill result in a final likelihood of LIKELY. Either this or fixed_likelihood can be set.","description_kind":"plain","optional":true}},"description":"Likelihood adjustment to apply to all matching findings.","description_kind":"plain"},"max_items":1},"proximity":{"nesting_mode":"list","block":{"attributes":{"window_after":{"type":"number","description":"Number of characters after the finding to consider. Either this or window_before must be specified","description_kind":"plain","optional":true},"window_before":{"type":"number","description":"Number of characters before the finding to consider. Either this or window_after must be specified","description_kind":"plain","optional":true}},"description":"Proximity of the finding within which the entire hotword must reside. The total length of the window cannot\nexceed 1000 characters. Note that the finding itself will be included in the window, so that hotwords may be\nused to match substrings of the finding itself. For example, the certainty of a phone number regex\n'(\\d{3}) \\d{3}-\\d{4}' could be adjusted upwards if the area code is known to be the local area code of a company\noffice using the hotword regex '(xxx)', where 'xxx' is the area code in question.","description_kind":"plain"},"max_items":1}},"description":"Hotword-based detection rule.","description_kind":"plain"},"max_items":1}},"description":"Set of rules to be applied to infoTypes. The rules are applied in order.","description_kind":"plain"},"min_items":1}},"description":"Set of rules to apply to the findings for this InspectConfig. Exclusion rules, contained in the set are executed in the end,\nother rules are executed in the order they are specified for each info type.","description_kind":"plain"}}},"description":"The core content of the template.","description_kind":"plain"},"max_items":1},"storage_config":{"nesting_mode":"list","block":{"block_types":{"big_query_options":{"nesting_mode":"list","block":{"attributes":{"rows_limit":{"type":"number","description":"Max number of rows to scan. If the table has more rows than this value, the rest of the rows are omitted.\nIf not set, or if set to 0, all rows will be scanned. Only one of rowsLimit and rowsLimitPercent can be\nspecified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"rows_limit_percent":{"type":"number","description":"Max percentage of rows to scan. The rest are omitted. The number of rows scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit. Defaults to 0. Only one of\nrowsLimit and rowsLimitPercent can be specified. Cannot be used in conjunction with TimespanConfig.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample rows if not all rows are scanned. Meaningful only when used in conjunction with either\nrowsLimit or rowsLimitPercent. If not specified, rows are scanned in the order BigQuery reads them. Default value: \"TOP\" Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"excluded_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field excluded from scanning.","description_kind":"plain","required":true}},"description":"References to fields excluded from scanning.\nThis allows you to skip inspection of entire columns which you know have no findings.","description_kind":"plain"}},"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of a BigQuery field to be returned with the findings.","description_kind":"plain","required":true}},"description":"Specifies the BigQuery fields that will be returned with findings.\nIf not specified, no identifying fields will be returned for findings.","description_kind":"plain"}},"included_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field to which scanning is limited.","description_kind":"plain","required":true}},"description":"Limit scanning only to these fields.","description_kind":"plain"}},"table_reference":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining BigQuery table and row identifiers.","description_kind":"plain"},"max_items":1},"cloud_storage_options":{"nesting_mode":"list","block":{"attributes":{"bytes_limit_per_file":{"type":"number","description":"Max number of bytes to scan from a file. If a scanned file's size is bigger than this value\nthen the rest of the bytes are omitted.","description_kind":"plain","optional":true},"bytes_limit_per_file_percent":{"type":"number","description":"Max percentage of bytes to scan from a file. The rest are omitted. The number of bytes scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"file_types":{"type":["list","string"],"description":"List of file type groups to include in the scan. If empty, all files are scanned and available data\nformat processors are applied. In addition, the binary content of the selected files is always scanned as well.\nImages are scanned only as binary if the specified region does not support image inspection and no fileTypes were specified. Possible values: [\"BINARY_FILE\", \"TEXT_FILE\", \"IMAGE\", \"WORD\", \"PDF\", \"AVRO\", \"CSV\", \"TSV\", \"POWERPOINT\", \"EXCEL\"]","description_kind":"plain","optional":true},"files_limit_percent":{"type":"number","description":"Limits the number of files to scan to this percentage of the input FileSet. Number of files scanned is rounded down.\nMust be between 0 and 100, inclusively. Both 0 and 100 means no limit.","description_kind":"plain","optional":true},"sample_method":{"type":"string","description":"How to sample bytes if not all bytes are scanned. Meaningful only when used in conjunction with bytesLimitPerFile.\nIf not specified, scanning would start from the top. Possible values: [\"TOP\", \"RANDOM_START\"]","description_kind":"plain","optional":true}},"block_types":{"file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The Cloud Storage url of the file(s) to scan, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard\nin the path is allowed.\n\nIf the url ends in a trailing slash, the bucket or directory represented by the url will be scanned\nnon-recursively (content in sub-directories will not be scanned). This means that 'gs://mybucket/' is\nequivalent to 'gs://mybucket/*', and 'gs://mybucket/directory/' is equivalent to 'gs://mybucket/directory/*'.","description_kind":"plain","optional":true}},"block_types":{"regex_file_set":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"The name of a Cloud Storage bucket.","description_kind":"plain","required":true},"exclude_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to exclude. All files in the bucket that match at\nleast one of these regular expressions will be excluded from the scan.","description_kind":"plain","optional":true},"include_regex":{"type":["list","string"],"description":"A list of regular expressions matching file paths to include. All files in the bucket\nthat match at least one of these regular expressions will be included in the set of files,\nexcept for those that also match an item in excludeRegex. Leaving this field empty will\nmatch all files by default (this is equivalent to including .* in the list)","description_kind":"plain","optional":true}},"description":"The regex-filtered set of files to scan.","description_kind":"plain"},"max_items":1}},"description":"Set of files to scan.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a file or a set of files within a Google Cloud Storage bucket.","description_kind":"plain"},"max_items":1},"datastore_options":{"nesting_mode":"list","block":{"block_types":{"kind":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the Datastore kind.","description_kind":"plain","required":true}},"description":"A representation of a Datastore kind.","description_kind":"plain"},"min_items":1,"max_items":1},"partition_id":{"nesting_mode":"list","block":{"attributes":{"namespace_id":{"type":"string","description":"If not empty, the ID of the namespace to which the entities belong.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the project to which the entities belong.","description_kind":"plain","required":true}},"description":"Datastore partition ID. A partition ID identifies a grouping of entities. The grouping\nis always by project and namespace, however the namespace ID may be empty.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options defining a data set within Google Cloud Datastore.","description_kind":"plain"},"max_items":1},"hybrid_options":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A short description of where the data is coming from. Will be stored once in the job. 256 max length.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"To organize findings, these labels will be added to each finding.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nLabel values must be between 0 and 63 characters long and must conform to the regular expression '([a-z]([-a-z0-9]*[a-z0-9])?)?'.\n\nNo more than 10 labels can be associated with a given finding.\n\nExamples:\n* '\"environment\" : \"production\"'\n* '\"pipeline\" : \"etl\"'","description_kind":"plain","optional":true},"required_finding_label_keys":{"type":["list","string"],"description":"These are labels that each inspection request must include within their 'finding_labels' map. Request\nmay contain others, but any missing one of these will be rejected.\n\nLabel keys must be between 1 and 63 characters long and must conform to the following regular expression: '[a-z]([-a-z0-9]*[a-z0-9])?'.\n\nNo more than 10 keys can be required.","description_kind":"plain","optional":true}},"block_types":{"table_options":{"nesting_mode":"list","block":{"block_types":{"identifying_fields":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"The columns that are the primary keys for table objects included in ContentItem. A copy of this\ncell's value will stored alongside alongside each finding so that the finding can be traced to\nthe specific row it came from. No more than 3 may be provided.","description_kind":"plain"}}},"description":"If the container is a table, additional information to make findings meaningful such as the columns that are primary keys.","description_kind":"plain"},"max_items":1}},"description":"Configuration to control jobs where the content being inspected is outside of Google Cloud Platform.","description_kind":"plain"},"max_items":1},"timespan_config":{"nesting_mode":"list","block":{"attributes":{"enable_auto_population_of_timespan_config":{"type":"bool","description":"When the job is started by a JobTrigger we will automatically figure out a valid startTime to avoid\nscanning files that have not been modified since the last time the JobTrigger executed. This will\nbe based on the time of the execution of the last run of the JobTrigger or the timespan endTime\nused in the last run of the JobTrigger.","description_kind":"plain","optional":true},"end_time":{"type":"string","description":"Exclude files, tables, or rows newer than this value. If not set, no upper time limit is applied.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"Exclude files, tables, or rows older than this value. If not set, no lower time limit is applied.","description_kind":"plain","optional":true}},"block_types":{"timestamp_field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Specification of the field containing the timestamp of scanned items. Used for data sources like Datastore and BigQuery.\n\nFor BigQuery: Required to filter out rows based on the given start and end times. If not specified and the table was\nmodified between the given start and end times, the entire table will be scanned. The valid data types of the timestamp\nfield are: INTEGER, DATE, TIMESTAMP, or DATETIME BigQuery column.\n\nFor Datastore. Valid data types of the timestamp field are: TIMESTAMP. Datastore entity will be scanned if the\ntimestamp property does not exist or its value is empty or invalid.","description_kind":"plain","required":true}},"description":"Specification of the field containing the timestamp of scanned items.","description_kind":"plain"},"max_items":1}},"description":"Configuration of the timespan of the items to include in scanning","description_kind":"plain"},"max_items":1}},"description":"Information on where to inspect","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Controls what and how to inspect for findings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"triggers":{"nesting_mode":"list","block":{"block_types":{"manual":{"nesting_mode":"list","block":{"description":"For use with hybrid jobs. Jobs must be manually created and finished.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"recurrence_period_duration":{"type":"string","description":"With this option a job is started a regular periodic basis. For example: every day (86400 seconds).\n\nA scheduled start time will be skipped if the previous execution has not ended when its scheduled time occurs.\n\nThis value must be set to a time duration greater than or equal to 1 day and can be no longer than 60 days.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Schedule for triggered jobs","description_kind":"plain"},"max_items":1}},"description":"What event needs to occur for a new job to be started.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_data_loss_prevention_stored_info_type":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the info type.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User set display name of the info type.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the info type. Set by the server.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the info type in any of the following formats:\n\n* 'projects/{{project}}'\n* 'projects/{{project}}/locations/{{location}}'\n* 'organizations/{{organization_id}}'\n* 'organizations/{{organization_id}}/locations/{{location}}'","description_kind":"plain","required":true},"stored_info_type_id":{"type":"string","description":"The storedInfoType ID can contain uppercase and lowercase letters, numbers, and hyphens;\nthat is, it must match the regular expression: [a-zA-Z\\d-_]+. The maximum length is 100\ncharacters. Can be empty to allow the system to generate one.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"dictionary":{"nesting_mode":"list","block":{"block_types":{"cloud_storage_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Newline-delimited file of words in Cloud Storage. Only a single file is accepted.","description_kind":"plain"},"max_items":1},"word_list":{"nesting_mode":"list","block":{"attributes":{"words":{"type":["list","string"],"description":"Words or phrases defining the dictionary. The dictionary must contain at least one\nphrase and every phrase must contain at least 2 characters that are letters or digits.","description_kind":"plain","required":true}},"description":"List of words or phrases to search for.","description_kind":"plain"},"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"large_custom_dictionary":{"nesting_mode":"list","block":{"block_types":{"big_query_field":{"nesting_mode":"list","block":{"block_types":{"field":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name describing the field.","description_kind":"plain","required":true}},"description":"Designated field in the BigQuery table.","description_kind":"plain"},"min_items":1,"max_items":1},"table":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"The dataset ID of the table.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The Google Cloud Platform project ID of the project containing the table.","description_kind":"plain","required":true},"table_id":{"type":"string","description":"The name of the table.","description_kind":"plain","required":true}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Field in a BigQuery table where each cell represents a dictionary phrase.","description_kind":"plain"},"max_items":1},"cloud_storage_file_set":{"nesting_mode":"list","block":{"attributes":{"url":{"type":"string","description":"The url, in the format 'gs://\u003cbucket\u003e/\u003cpath\u003e'. Trailing wildcard in the path is allowed.","description_kind":"plain","required":true}},"description":"Set of files containing newline-delimited lists of dictionary phrases.","description_kind":"plain"},"max_items":1},"output_path":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"A url representing a file or path (no wildcards) in Cloud Storage. Example: 'gs://[BUCKET_NAME]/dictionary.txt'","description_kind":"plain","required":true}},"description":"Location to store dictionary artifacts in Google Cloud Storage. These files will only be accessible by project owners and the DLP API.\nIf any of these artifacts are modified, the dictionary is considered invalid and can no longer be used.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Dictionary which defines the rule.","description_kind":"plain"},"max_items":1},"regex":{"nesting_mode":"list","block":{"attributes":{"group_indexes":{"type":["list","number"],"description":"The index of the submatch to extract as findings. When not specified, the entire match is returned. No more than 3 may be included.","description_kind":"plain","optional":true},"pattern":{"type":"string","description":"Pattern defining the regular expression.\nIts syntax (https://github.com/google/re2/wiki/Syntax) can be found under the google/re2 repository on GitHub.","description_kind":"plain","required":true}},"description":"Regular expression which defines the rule.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_data_pipeline_pipeline":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the pipeline was initially created. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the pipeline. It can contain only letters ([A-Za-z]), numbers ([0-9]), hyphens (-), and underscores (_).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_count":{"type":"number","description":"Number of jobs.","description_kind":"plain","computed":true},"last_update_time":{"type":"string","description":"The timestamp when the pipeline was last modified. Set by the Data Pipelines service.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"\"The pipeline name. For example': 'projects/PROJECT_ID/locations/LOCATION_ID/pipelines/PIPELINE_ID.\"\n\"- PROJECT_ID can contain letters ([A-Za-z]), numbers ([0-9]), hyphens (-), colons (:), and periods (.). For more information, see Identifying projects.\"\n\"LOCATION_ID is the canonical ID for the pipeline's location. The list of available locations can be obtained by calling google.cloud.location.Locations.ListLocations. Note that the Data Pipelines service is not available in all regions. It depends on Cloud Scheduler, an App Engine application, so it's only available in App Engine regions.\"\n\"PIPELINE_ID is the ID of the pipeline. Must be unique for the selected project and location.\"","description_kind":"plain","required":true},"pipeline_sources":{"type":["map","string"],"description":"The sources of the pipeline (for example, Dataplex). The keys and values are set by the corresponding sources during pipeline creation.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"A reference to the region","description_kind":"plain","optional":true},"scheduler_service_account_email":{"type":"string","description":"Optional. A service account email to be used with the Cloud Scheduler job. If not specified, the default compute engine service account will be used.","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pipeline. When the pipeline is created, the state is set to 'PIPELINE_STATE_ACTIVE' by default. State changes can be requested by setting the state to stopping, paused, or resuming. State cannot be changed through pipelines.patch requests.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#state Possible values: [\"STATE_UNSPECIFIED\", \"STATE_RESUMING\", \"STATE_ACTIVE\", \"STATE_STOPPING\", \"STATE_ARCHIVED\", \"STATE_PAUSED\"]","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of the pipeline. This field affects the scheduling of the pipeline and the type of metrics to show for the pipeline.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#pipelinetype Possible values: [\"PIPELINE_TYPE_UNSPECIFIED\", \"PIPELINE_TYPE_BATCH\", \"PIPELINE_TYPE_STREAMING\"]","description_kind":"plain","required":true}},"block_types":{"schedule_info":{"nesting_mode":"list","block":{"attributes":{"next_job_time":{"type":"string","description":"When the next Scheduler job is going to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"schedule":{"type":"string","description":"Unix-cron format of the schedule. This information is retrieved from the linked Cloud Scheduler.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"Timezone ID. This matches the timezone IDs used by the Cloud Scheduler API. If empty, UTC time is assumed.","description_kind":"plain","optional":true}},"description":"Internal scheduling information for a pipeline. If this information is provided, periodic jobs will be created per the schedule. If not, users are responsible for creating jobs externally.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#schedulespec","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"workload":{"nesting_mode":"list","block":{"block_types":{"dataflow_flex_template_request":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The regional endpoint to which to direct the request. For example, us-central1, us-west1.","description_kind":"plain","required":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description":"If true, the request is validated but not actually executed. Defaults to false.","description_kind":"plain","optional":true}},"block_types":{"launch_parameter":{"nesting_mode":"list","block":{"attributes":{"container_spec_gcs_path":{"type":"string","description":"Cloud Storage path to a file with a JSON-serialized ContainerSpec as content.","description_kind":"plain","optional":true},"job_name":{"type":"string","description":"The job name to use for the created job. For an update job request, the job name should be the same as the existing running job.","description_kind":"plain","required":true},"launch_options":{"type":["map","string"],"description":"Launch options for this Flex Template job. This is a common set of options across languages and templates. This should not be used to pass job parameters.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"'The parameters for the Flex Template. Example: {\"numWorkers\":\"5\"}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mappings":{"type":["map","string"],"description":"'Use this to pass transform name mappings for streaming update jobs. Example: {\"oldTransformName\":\"newTransformName\",...}'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"Set this to true if you are sending a request to update a running streaming job. When set, the job name should be the same as the running job.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"flexrs_goal":{"type":"string","description":"Set FlexRS goal for the job. https://cloud.google.com/dataflow/docs/guides/flexrs\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexResourceSchedulingGoal Possible values: [\"FLEXRS_UNSPECIFIED\", \"FLEXRS_SPEED_OPTIMIZED\", \"FLEXRS_COST_OPTIMIZED\"]","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the Flex Template job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#FlexTemplateRuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"Parameter to launch a job from a Flex Template.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplateparameter","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the flex launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchflextemplaterequest","description_kind":"plain"},"max_items":1},"dataflow_launch_template_request":{"nesting_mode":"list","block":{"attributes":{"gcs_path":{"type":"string","description":"A Cloud Storage path to the template from which to create the job. Must be a valid Cloud Storage URL, beginning with 'gs://'.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The regional endpoint to which to direct the request.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The ID of the Cloud Platform project that the job belongs to.","description_kind":"plain","required":true},"validate_only":{"type":"bool","description_kind":"plain","optional":true}},"block_types":{"launch_parameters":{"nesting_mode":"list","block":{"attributes":{"job_name":{"type":"string","description":"The job name to use for the created job.","description_kind":"plain","required":true},"parameters":{"type":["map","string"],"description":"The runtime parameters to pass to the job.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"transform_name_mapping":{"type":["map","string"],"description":"Map of transform name prefixes of the job to be replaced to the corresponding name prefixes of the new job. Only applicable when updating a pipeline.\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"update":{"type":"bool","description":"If set, replace the existing pipeline with the name specified by jobName with this pipeline, preserving state.","description_kind":"plain","optional":true}},"block_types":{"environment":{"nesting_mode":"list","block":{"attributes":{"additional_experiments":{"type":["list","string"],"description":"Additional experiment flags for the job.","description_kind":"plain","optional":true},"additional_user_labels":{"type":["map","string"],"description":"Additional user labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. An object containing a list of key/value pairs.\n'Example: { \"name\": \"wrench\", \"mass\": \"1kg\", \"count\": \"3\" }.'\n'An object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.'","description_kind":"plain","optional":true},"bypass_temp_dir_validation":{"type":"bool","description":"Whether to bypass the safety checks for the job's temporary directory. Use with caution.","description_kind":"plain","optional":true},"enable_streaming_engine":{"type":"bool","description":"Whether to enable Streaming Engine for the job.","description_kind":"plain","optional":true},"ip_configuration":{"type":"string","description":"Configuration for VM IPs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#WorkerIPAddressConfiguration Possible values: [\"WORKER_IP_UNSPECIFIED\", \"WORKER_IP_PUBLIC\", \"WORKER_IP_PRIVATE\"]","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"'Name for the Cloud KMS key for the job. The key format is: projects//locations//keyRings//cryptoKeys/'","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job. Defaults to the value from the template if not specified.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The maximum number of Compute Engine instances to be made available to your pipeline during execution, from 1 to 1000.","description_kind":"plain","optional":true},"network":{"type":"string","description":"Network to which VMs will be assigned. If empty or unspecified, the service will use the network \"default\".","description_kind":"plain","optional":true,"computed":true},"num_workers":{"type":"number","description":"The initial number of Compute Engine instances for the job.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The email address of the service account to run the job as.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Subnetwork to which VMs will be assigned, if desired. You can specify a subnetwork using either a complete URL or an abbreviated path. Expected to be of the form \"https://www.googleapis.com/compute/v1/projects/HOST_PROJECT_ID/regions/REGION/subnetworks/SUBNETWORK\" or \"regions/REGION/subnetworks/SUBNETWORK\". If the subnetwork is located in a Shared VPC network, you must use the complete URL.","description_kind":"plain","optional":true},"temp_location":{"type":"string","description":"The Cloud Storage path to use for temporary files. Must be a valid Cloud Storage URL, beginning with gs://.","description_kind":"plain","optional":true},"worker_region":{"type":"string","description":"The Compute Engine region (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1\". Mutually exclusive with workerZone. If neither workerRegion nor workerZone is specified, default to the control plane's region.","description_kind":"plain","optional":true},"worker_zone":{"type":"string","description":"The Compute Engine zone (https://cloud.google.com/compute/docs/regions-zones/regions-zones) in which worker processing should occur, e.g. \"us-west1-a\". Mutually exclusive with workerRegion. If neither workerRegion nor workerZone is specified, a zone in the control plane's region is chosen based on available capacity. If both workerZone and zone are set, workerZone takes precedence.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Compute Engine availability zone for launching worker instances to run your pipeline. In the future, workerZone will take precedence.","description_kind":"plain","optional":true}},"description":"The runtime environment for the job.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#RuntimeEnvironment","description_kind":"plain"},"max_items":1}},"description":"The parameters of the template to launch. This should be part of the body of the POST request.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplateparameters","description_kind":"plain"},"max_items":1}},"description":"Template information and additional parameters needed to launch a Dataflow job using the standard launch API.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#launchtemplaterequest","description_kind":"plain"},"max_items":1}},"description":"Workload information for creating new jobs.\nhttps://cloud.google.com/dataflow/docs/reference/data-pipelines/rest/v1/projects.locations.pipelines#workload","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_database_migration_service_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The ID of the connection profile.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"dbprovider":{"type":"string","description":"The database provider.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The connection profile display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"description":"Output only. The error details in case of state FAILED.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the connection profile should reside.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"alloydb":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"Required. The AlloyDB cluster ID that this connection profile is associated with.","description_kind":"plain","required":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels for the AlloyDB cluster created by DMS.","description_kind":"plain","optional":true},"vpc_network":{"type":"string","description":"Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.\nIt is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.","description_kind":"plain","required":true}},"block_types":{"initial_user":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The initial password for the user.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates if the initialUser.password field has been set.","description_kind":"plain","computed":true},"user":{"type":"string","description":"The database username.","description_kind":"plain","required":true}},"description":"Required. Input only. Initial user to setup during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"primary_instance_settings":{"nesting_mode":"list","block":{"attributes":{"database_flags":{"type":["map","string"],"description":"Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The database username.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels for the AlloyDB primary instance created by DMS.","description_kind":"plain","optional":true},"private_ip":{"type":"string","description":"Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.","description_kind":"plain","computed":true}},"block_types":{"machine_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"The number of CPU's in the VM instance.","description_kind":"plain","required":true}},"description":"Configuration for the machines that host the underlying database engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for the cluster's primary instance","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination AlloyDB cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.","description_kind":"plain"},"max_items":1},"cloudsql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"Output only. The Cloud SQL instance ID that this connection profile is associated with.","description_kind":"plain","computed":true},"private_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's private IP.","description_kind":"plain","computed":true},"public_ip":{"type":"string","description":"Output only. The Cloud SQL database instance's public IP.","description_kind":"plain","computed":true}},"block_types":{"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'. Possible values: [\"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true},"auto_storage_increase":{"type":"bool","description":"If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.\nIf the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.","description_kind":"plain","optional":true},"cmek_key_name":{"type":"string","description":"The KMS key name used for the csql instance.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The Cloud SQL default instance level collation.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"string","description":"The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"The type of storage. Possible values: [\"PD_SSD\", \"PD_HDD\"]","description_kind":"plain","optional":true},"database_flags":{"type":["map","string"],"description":"The database flags passed to the Cloud SQL instance at startup.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The database engine type and version.\nCurrently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the given Cloud SQL instance. Possible values: [\"ENTERPRISE\", \"ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"root_password":{"type":"string","description":"Input only. Initial root password.","description_kind":"plain","optional":true,"sensitive":true},"root_password_set":{"type":"bool","description":"Output only. Indicates If this connection profile root password is stored.","description_kind":"plain","computed":true},"source_id":{"type":"string","description":"The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID","description_kind":"plain","required":true},"storage_auto_resize_limit":{"type":"string","description":"The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).\nFor more information, see https://cloud.google.com/sql/docs/mysql/instance-settings","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.","description_kind":"plain","optional":true}},"block_types":{"ip_config":{"nesting_mode":"list","block":{"attributes":{"enable_ipv4":{"type":"bool","description":"Whether the instance should be assigned an IPv4 address or not.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.\nThis setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP should be enforced or not.","description_kind":"plain","optional":true}},"block_types":{"authorized_networks":{"nesting_mode":"list","block":{"attributes":{"expire_time":{"type":"string","description":"The time when this access control entry expires in RFC 3339 format.","description_kind":"plain","optional":true},"label":{"type":"string","description":"A label to identify this entry.","description_kind":"plain","optional":true},"ttl":{"type":"string","description":"Input only. The time-to-leave of this access control entry.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The allowlisted value for the access control list.","description_kind":"plain","required":true}},"description":"The list of external networks that are allowed to connect to the instance using the IP.","description_kind":"plain"}}},"description":"The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.","description_kind":"plain"},"max_items":1}},"description":"Immutable. Metadata used to create the destination Cloud SQL database.","description_kind":"plain"},"max_items":1}},"description":"Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.","description_kind":"plain"},"max_items":1},"mysql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for MySQL databases.","description_kind":"plain"},"max_items":1},"oracle":{"nesting_mode":"list","block":{"attributes":{"database_service":{"type":"string","description":"Required. Database service for the Oracle connection.","description_kind":"plain","required":true},"host":{"type":"string","description":"Required. The IP or hostname of the source Oracle database.","description_kind":"plain","required":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source Oracle database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Required. Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"Input only. SSH password. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel, default value is 22.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"Input only. SSH private key. Only one of 'password' and 'private_key' can be configured.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Required. Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"Required. The resource name (URI) of the private connection.","description_kind":"plain","required":true}},"description":"Configuration for using a private network to communicate with the source database","description_kind":"plain"},"max_items":1},"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1},"static_service_ip_connectivity":{"nesting_mode":"list","block":{"description":"This object has no nested fields.\n\nStatic IP address connectivity configured on service project.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for Oracle databases.","description_kind":"plain"},"max_items":1},"postgresql":{"nesting_mode":"list","block":{"attributes":{"cloud_sql_id":{"type":"string","description":"If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.","description_kind":"plain","optional":true},"host":{"type":"string","description":"Required. The IP or hostname of the source MySQL database.","description_kind":"plain","required":true},"network_architecture":{"type":"string","description":"Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.","description_kind":"plain","computed":true},"password":{"type":"string","description":"Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.\nThis field is not returned on request, and the value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true,"sensitive":true},"password_set":{"type":"bool","description":"Output only. Indicates If this connection profile password is stored.","description_kind":"plain","computed":true},"port":{"type":"number","description":"Required. The network port of the source MySQL database.","description_kind":"plain","required":true},"username":{"type":"string","description":"Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.","description_kind":"plain","required":true}},"block_types":{"ssl":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.\nThe replica will use this certificate to verify it's connecting to the right host.","description_kind":"plain","required":true,"sensitive":true},"client_certificate":{"type":"string","description":"Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.\nIf this field is used then the 'clientKey' field is mandatory","description_kind":"plain","optional":true,"sensitive":true},"client_key":{"type":"string","description":"Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'clientCertificate' field is mandatory.","description_kind":"plain","optional":true,"sensitive":true},"type":{"type":"string","description":"The current connection profile state.","description_kind":"plain","computed":true}},"description":"SSL configuration for the destination to connect to the source database.","description_kind":"plain"},"max_items":1}},"description":"Specifies connection parameters required specifically for PostgreSQL databases.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_database_migration_service_private_connection":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc_name":{"type":"string","description":"Fully qualified name of the VPC that Database Migration Service will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween databasemigrationservice and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataflow_job":{"version":1,"block":{"attributes":{"additional_experiments":{"type":["set","string"],"description":"List of experiments that should be used by the job. An example value is [\"enable_stackdriver_agent_metrics\"].","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_streaming_engine":{"type":"bool","description":"Indicates if the job should use the streaming engine feature.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_configuration":{"type":"string","description":"The configuration for VM IPs. Options are \"WORKER_IP_PUBLIC\" or \"WORKER_IP_PRIVATE\".","description_kind":"plain","optional":true},"job_id":{"type":"string","description":"The unique ID of this job.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The name for the Cloud KMS key for the job. Key format is: projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"User labels to be specified for the job. Keys and values should follow the restrictions specified in the labeling restrictions page. NOTE: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The machine type to use for the job.","description_kind":"plain","optional":true},"max_workers":{"type":"number","description":"The number of workers permitted to work on the job. More workers may improve processing speed at additional cost.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique name for the resource, required by Dataflow.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network to which VMs will be assigned. If it is not provided, \"default\" will be used.","description_kind":"plain","optional":true},"on_delete":{"type":"string","description":"One of \"drain\" or \"cancel\". Specifies behavior of deletion during terraform destroy.","description_kind":"plain","optional":true},"parameters":{"type":["map","string"],"description":"Key/Value pairs to be passed to the Dataflow job (as used in the template).","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the resource belongs.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the created job should run.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The Service Account email used to create the job.","description_kind":"plain","optional":true},"skip_wait_on_job_termination":{"type":"bool","description":"If true, treat DRAINING and CANCELLING as terminal job states and do not wait for further changes before removing from terraform state and moving on. WARNING: this will lead to job name conflicts if you do not ensure that the job names are different, e.g. by embedding a release ID or by using a random_id.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The current state of the resource, selected from the JobState enum.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork to which VMs will be assigned. Should be of the form \"regions/REGION/subnetworks/SUBNETWORK\".","description_kind":"plain","optional":true},"temp_gcs_location":{"type":"string","description":"A writeable location on Google Cloud Storage for the Dataflow job to dump its temporary data.","description_kind":"plain","required":true},"template_gcs_path":{"type":"string","description":"The Google Cloud Storage path to the Dataflow job template.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"transform_name_mapping":{"type":["map","string"],"description":"Only applicable when updating a pipeline. Map of transform name prefixes of the job to be replaced with the corresponding name prefixes of the new job.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of this job, selected from the JobType enum.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone in which the created job should run. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the asset was created.","description_kind":"plain","computed":true},"dataplex_zone":{"type":"string","description":"The zone for the resource","description_kind":"plain","required":true},"description":{"type":"string","description":"Optional. Description of the asset.","description_kind":"plain","optional":true},"discovery_status":{"type":["list",["object",{"last_run_duration":"string","last_run_time":"string","message":"string","state":"string","stats":["list",["object",{"data_items":"number","data_size":"number","filesets":"number","tables":"number"}]],"update_time":"string"}]],"description":"Output only. Status of the discovery feature applied to data referenced by this asset.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the asset.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the asset.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"resource_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the resource referenced by this asset.","description_kind":"plain","computed":true},"security_status":{"type":["list",["object",{"message":"string","state":"string","update_time":"string"}]],"description":"Output only. Status of the security policy applied to resource referenced by this asset.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the asset. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the asset. This ID will be different if the asset is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the asset was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data referenced by this asset. When this spec is left unset, the asset will use the spec set on the parent zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Immutable. Relative name of the cloud resource that contains the data that is being managed within a lake. For example: `projects/{project_number}/buckets/{bucket_id}` `projects/{project_number}/datasets/{dataset_id}`","description_kind":"plain","optional":true},"read_access_mode":{"type":"string","description":"Optional. Determines how read permissions are handled for each asset and their associated tables. Only available to storage buckets assets. Possible values: DIRECT, MANAGED","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"Required. Immutable. Type of resource. Possible values: STORAGE_BUCKET, BIGQUERY_DATASET","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resource that is referenced by this asset.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_asset_iam_binding":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_member":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the scan was created.","description_kind":"plain","computed":true},"data_scan_id":{"type":"string","description":"DataScan identifier. Must contain only lowercase letters, numbers and hyphens. Must start with a letter. Must end with a number or a letter.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description of the scan.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job_end_time":"string","latest_job_start_time":"string"}]],"description":"Status of the data scan execution.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the scan. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the data scan should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the scan, of the form: projects/{project}/locations/{locationId}/dataScans/{datascan_id}, where project refers to a project_id or project_number and locationId refers to a GCP region.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the DataScan.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of DataScan.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the scan. This ID will be different if the scan is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the scan was last updated.","description_kind":"plain","computed":true}},"block_types":{"data":{"nesting_mode":"list","block":{"attributes":{"entity":{"type":"string","description":"The Dataplex entity that represents the data source(e.g. BigQuery table) for Datascan.","description_kind":"plain","optional":true},"resource":{"type":"string","description":"The service-qualified full resource name of the cloud resource for a DataScan job to scan against. The field could be:\n(Cloud Storage bucket for DataDiscoveryScan)BigQuery table of type \"TABLE\" for DataProfileScan/DataQualityScan.","description_kind":"plain","optional":true}},"description":"The data source for DataScan.","description_kind":"plain"},"min_items":1,"max_items":1},"data_profile_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"exclude_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to exclude from data profile.\nIf specified, the fields will be excluded from data profile, regardless of 'include_fields' value.","description_kind":"plain"},"max_items":1},"include_fields":{"nesting_mode":"list","block":{"attributes":{"field_names":{"type":["list","string"],"description":"Expected input is a list of fully qualified names of fields as in the schema.\nOnly top-level field names for nested fields are supported.\nFor instance, if 'x' is of nested field type, listing 'x' is supported but 'x.y.z' is not supported. Here 'y' and 'y.z' are nested fields of 'x'.","description_kind":"plain","optional":true}},"description":"The fields to include in data profile.\nIf not specified, all fields at the time of profile scan job execution are included, except for ones listed in 'exclude_fields'.","description_kind":"plain"},"max_items":1},"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataProfileScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1}},"description":"DataProfileScan related setting.","description_kind":"plain"},"max_items":1},"data_quality_spec":{"nesting_mode":"list","block":{"attributes":{"row_filter":{"type":"string","description":"A filter applied to all rows in a single DataScan job. The filter needs to be a valid SQL expression for a WHERE clause in BigQuery standard SQL syntax. Example: col1 \u003e= 0 AND col2 \u003c 10","description_kind":"plain","optional":true},"sampling_percent":{"type":"number","description":"The percentage of the records to be selected from the dataset for DataScan.\nValue can range between 0.0 and 100.0 with up to 3 significant decimal digits.\nSampling is not applied if 'sampling_percent' is not specified, 0 or 100.","description_kind":"plain","optional":true}},"block_types":{"post_scan_actions":{"nesting_mode":"list","block":{"block_types":{"bigquery_export":{"nesting_mode":"list","block":{"attributes":{"results_table":{"type":"string","description":"The BigQuery table to export DataQualityScan results to.\nFormat://bigquery.googleapis.com/projects/PROJECT_ID/datasets/DATASET_ID/tables/TABLE_ID","description_kind":"plain","optional":true}},"description":"If set, results will be exported to the provided BigQuery table.","description_kind":"plain"},"max_items":1}},"description":"Actions to take upon job completion.","description_kind":"plain"},"max_items":1},"rules":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"The unnested column which this rule is evaluated against.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the rule.\nThe maximum length is 1,024 characters.","description_kind":"plain","optional":true},"dimension":{"type":"string","description":"The dimension a rule belongs to. Results are also aggregated at the dimension level. Supported dimensions are [\"COMPLETENESS\", \"ACCURACY\", \"CONSISTENCY\", \"VALIDITY\", \"UNIQUENESS\", \"INTEGRITY\"]","description_kind":"plain","required":true},"ignore_null":{"type":"bool","description":"Rows with null values will automatically fail a rule, unless ignoreNull is true. In that case, such null rows are trivially considered passing. Only applicable to ColumnMap rules.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A mutable name for the rule.\nThe name must contain only letters (a-z, A-Z), numbers (0-9), or hyphens (-).\nThe maximum length is 63 characters.\nMust start with a letter.\nMust end with a number or a letter.","description_kind":"plain","optional":true},"threshold":{"type":"number","description":"The minimum ratio of passing_rows / total_rows required to pass this rule, with a range of [0.0, 1.0]. 0 indicates default value (i.e. 1.0).","description_kind":"plain","optional":true}},"block_types":{"non_null_expectation":{"nesting_mode":"list","block":{"description":"ColumnMap rule which evaluates whether each column value is null.","description_kind":"plain"},"max_items":1},"range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column value allowed for a row to pass this validation. At least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"strict_max_enabled":{"type":"bool","description":"Whether each value needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether each value needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnMap rule which evaluates whether each column value lies between a specified range.","description_kind":"plain"},"max_items":1},"regex_expectation":{"nesting_mode":"list","block":{"attributes":{"regex":{"type":"string","description":"A regular expression the column value is expected to match.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value matches a specified regex.","description_kind":"plain"},"max_items":1},"row_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether each row passes the specified condition.","description_kind":"plain"},"max_items":1},"set_expectation":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Expected values for the column value.","description_kind":"plain","required":true}},"description":"ColumnMap rule which evaluates whether each column value is contained by a specified set.","description_kind":"plain"},"max_items":1},"statistic_range_expectation":{"nesting_mode":"list","block":{"attributes":{"max_value":{"type":"string","description":"The maximum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"min_value":{"type":"string","description":"The minimum column statistic value allowed for a row to pass this validation.\nAt least one of minValue and maxValue need to be provided.","description_kind":"plain","optional":true},"statistic":{"type":"string","description":"column statistics. Possible values: [\"STATISTIC_UNDEFINED\", \"MEAN\", \"MIN\", \"MAX\"]","description_kind":"plain","required":true},"strict_max_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly lesser than ('\u003c') the maximum, or if equality is allowed.\nOnly relevant if a maxValue has been defined. Default = false.","description_kind":"plain","optional":true},"strict_min_enabled":{"type":"bool","description":"Whether column statistic needs to be strictly greater than ('\u003e') the minimum, or if equality is allowed.\nOnly relevant if a minValue has been defined. Default = false.","description_kind":"plain","optional":true}},"description":"ColumnAggregate rule which evaluates whether the column aggregate statistic lies between a specified range.","description_kind":"plain"},"max_items":1},"table_condition_expectation":{"nesting_mode":"list","block":{"attributes":{"sql_expression":{"type":"string","description":"The SQL expression.","description_kind":"plain","required":true}},"description":"Table rule which evaluates whether the provided expression is true.","description_kind":"plain"},"max_items":1},"uniqueness_expectation":{"nesting_mode":"list","block":{"description":"Row-level rule which evaluates whether each column value is unique.","description_kind":"plain"},"max_items":1}},"description":"The list of rules to evaluate against a data source. At least one rule is required.","description_kind":"plain"}}},"description":"DataQualityScan related setting.","description_kind":"plain"},"max_items":1},"execution_spec":{"nesting_mode":"list","block":{"attributes":{"field":{"type":"string","description":"The unnested field (of type Date or Timestamp) that contains values which monotonically increase over time. If not specified, a data scan will run for all data in the table.","description_kind":"plain","optional":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"block_types":{"on_demand":{"nesting_mode":"list","block":{"description":"The scan runs once via dataScans.run API.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule for running scans periodically. This field is required for Schedule scans.","description_kind":"plain","required":true}},"description":"The scan is scheduled to run periodically.","description_kind":"plain"},"max_items":1}},"description":"Spec related to how often and when a scan should be triggered.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"DataScan execution settings.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_datascan_iam_binding":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_member":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the lake.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the lake was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the lake.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User-defined labels for the lake.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"metastore_status":{"type":["list",["object",{"endpoint":"string","message":"string","state":"string","update_time":"string"}]],"description":"Output only. Metastore status of the lake.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the lake.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Output only. Service account associated with this lake. This service account must be authorized to access or operate on resources managed by the lake.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Current state of the lake. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the lake. This ID will be different if the lake is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the lake was last updated.","description_kind":"plain","computed":true}},"block_types":{"metastore":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"Optional. A relative reference to the Dataproc Metastore (https://cloud.google.com/dataproc-metastore/docs) service associated with the lake: `projects/{project_id}/locations/{location_id}/services/{service_id}`","description_kind":"plain","optional":true}},"description":"Optional. Settings to manage lake and Dataproc Metastore service instance association.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_lake_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the task was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the task.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"execution_status":{"type":["list",["object",{"latest_job":["list",["object",{"end_time":"string","message":"string","name":"string","retry_count":"number","service":"string","service_job":"string","start_time":"string","state":"string","uid":"string"}]],"update_time":"string"}]],"description":"Configuration for the cluster","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the task.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake in which the task will be created in.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the task will be created in.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the task, of the form: projects/{project_number}/locations/{locationId}/lakes/{lakeId}/ tasks/{name}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current state of the task.","description_kind":"plain","computed":true},"task_id":{"type":"string","description":"The task Id of the task.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System generated globally unique ID for the task. This ID will be different if the task is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the task was last updated.","description_kind":"plain","computed":true}},"block_types":{"execution_spec":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["map","string"],"description":"The arguments to pass to the task. The args can use placeholders of the format ${placeholder} as part of key/value string. These will be interpolated before passing the args to the driver. Currently supported placeholders: - ${taskId} - ${job_time} To pass positional args, set the key as TASK_ARGS. The value should be a comma-separated string of all the positional arguments. To use a delimiter other than comma, refer to https://cloud.google.com/sdk/gcloud/reference/topic/escaping. In case of other keys being present in the args, then TASK_ARGS will be passed as the last argument. An object containing a list of 'key': value pairs. Example: { 'name': 'wrench', 'mass': '1.3kg', 'count': '3' }.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The Cloud KMS key to use for encryption, of the form: projects/{project_number}/locations/{locationId}/keyRings/{key-ring-name}/cryptoKeys/{key-name}.","description_kind":"plain","optional":true},"max_job_execution_lifetime":{"type":"string","description":"The maximum duration after which the job execution is expired. A duration in seconds with up to nine fractional digits, ending with 's'. Example: '3.5s'.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which jobs are run. By default, the project containing the Lake is used. If a project is provided, the ExecutionSpec.service_account must belong to this project.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Service account to use to execute a task. If not provided, the default Compute service account for the project is used.","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1},"notebook":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"notebook":{"type":"string","description":"Path to input notebook. This can be the Cloud Storage URI of the notebook file or the path to a Notebook Content. The execution args are accessible as environment variables (TASK_key=value).","description_kind":"plain","required":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"spark":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Cloud Storage URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Cloud Storage URIs of files to be placed in the working directory of each executor.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in jar_file_uris. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The Cloud Storage URI of the jar file that contains the main class. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"python_script_file":{"type":"string","description":"The Gcloud Storage URI of the main Python file to use as the driver. Must be a .py file. The execution args are passed in as a sequence of named process arguments (--key=value).","description_kind":"plain","optional":true},"sql_script":{"type":"string","description":"The query text. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true},"sql_script_file":{"type":"string","description":"A reference to a query file. This can be the Cloud Storage URI of the query file or it can the path to a SqlScript Content. The execution args are used to declare a set of script variables (set key='value';).","description_kind":"plain","optional":true}},"block_types":{"infrastructure_spec":{"nesting_mode":"list","block":{"block_types":{"batch":{"nesting_mode":"list","block":{"attributes":{"executors_count":{"type":"number","description":"Total number of job executors. Executor Count should be between 2 and 100. [Default=2]","description_kind":"plain","optional":true},"max_executors_count":{"type":"number","description":"Max configurable executors. If maxExecutorsCount \u003e executorsCount, then auto-scaling is enabled. Max Executor Count should be between 2 and 1000. [Default=1000]","description_kind":"plain","optional":true}},"description":"Compute resources needed for a Task when using Dataproc Serverless.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Container image to use.","description_kind":"plain","optional":true},"java_jars":{"type":["list","string"],"description":"A list of Java JARS to add to the classpath. Valid input includes Cloud Storage URIs to Jar binaries. For example, gs://bucket-name/my/path/to/file.jar","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Override to common configuration of open source components installed on the Dataproc cluster. The properties to set on daemon config files. Property keys are specified in prefix:property format, for example core:hadoop.tmp.dir. For more information, see Cluster properties.","description_kind":"plain","optional":true},"python_packages":{"type":["list","string"],"description":"A list of python packages to be installed. Valid formats include Cloud Storage URI to a PIP installable library. For example, gs://bucket-name/my/path/to/lib.tar.gz","description_kind":"plain","optional":true}},"description":"Container Image Runtime Configuration.","description_kind":"plain"},"max_items":1},"vpc_network":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"The Cloud VPC network in which the job is run. By default, the Cloud VPC network named Default within the project is used.","description_kind":"plain","optional":true},"network_tags":{"type":["list","string"],"description":"List of network tags to apply to the job.","description_kind":"plain","optional":true},"sub_network":{"type":"string","description":"The Cloud VPC sub-network in which the job is run.","description_kind":"plain","optional":true}},"description":"Vpc network.","description_kind":"plain"},"max_items":1}},"description":"Infrastructure specification for the execution.","description_kind":"plain"},"max_items":1}},"description":"A service with manual scaling runs continuously, allowing you to perform complex initialization and rely on the state of its memory over time.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"trigger_spec":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Prevent the task from executing. This does not cancel already running tasks. It is intended to temporarily disable RECURRING tasks.","description_kind":"plain","optional":true},"max_retries":{"type":"number","description":"Number of retry attempts before aborting. Set to zero to never attempt to retry a failed task.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) for running tasks periodically. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: 'CRON_TZ=${IANA_TIME_ZONE}' or 'TZ=${IANA_TIME_ZONE}'. The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, CRON_TZ=America/New_York 1 * * * *, or TZ=America/New_York 1 * * * *. This field is required for RECURRING tasks.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"The first run of the task will be after this time. If not specified, the task will run shortly after being submitted if ON_DEMAND and based on the schedule if RECURRING.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Trigger type of the user-specified Task Possible values: [\"ON_DEMAND\", \"RECURRING\"]","description_kind":"plain","required":true}},"description":"Configuration for the cluster","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone":{"version":0,"block":{"attributes":{"asset_status":{"type":["list",["object",{"active_assets":"number","security_policy_applying_assets":"number","update_time":"string"}]],"description":"Output only. Aggregated status of the underlying assets of the zone.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The time when the zone was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the zone.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User defined labels for the zone.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"lake":{"type":"string","description":"The lake for the resource","description_kind":"plain","required":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. Current state of the zone. Possible values: STATE_UNSPECIFIED, ACTIVE, CREATING, DELETING, ACTION_REQUIRED","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Required. Immutable. The type of the zone. Possible values: TYPE_UNSPECIFIED, RAW, CURATED","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. System generated globally unique ID for the zone. This ID will be different if the zone is deleted and re-created with the same name.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time when the zone was last updated.","description_kind":"plain","computed":true}},"block_types":{"discovery_spec":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Required. Whether discovery is enabled.","description_kind":"plain","required":true},"exclude_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to exclude during discovery. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"include_patterns":{"type":["list","string"],"description":"Optional. The list of patterns to apply for selecting data to include during discovery if only a subset of the data should considered. For Cloud Storage bucket assets, these are interpreted as glob patterns used to match object names. For BigQuery dataset assets, these are interpreted as patterns to match table names.","description_kind":"plain","optional":true},"schedule":{"type":"string","description":"Optional. Cron schedule (https://en.wikipedia.org/wiki/Cron) for running discovery periodically. Successive discovery runs must be scheduled at least 60 minutes apart. The default value is to run discovery every 60 minutes. To explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or TZ=${IANA_TIME_ZONE}\". The ${IANA_TIME_ZONE} may only be a valid string from IANA time zone database. For example, \"CRON_TZ=America/New_York 1 * * * *\", or \"TZ=America/New_York 1 * * * *\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"Optional. The delimiter being used to separate values. This defaults to ','.","description_kind":"plain","optional":true},"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for CSV data. If true, all columns will be registered as strings.","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true},"header_rows":{"type":"number","description":"Optional. The number of rows to interpret as header rows that should be skipped when reading data rows.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for CSV data.","description_kind":"plain"},"max_items":1},"json_options":{"nesting_mode":"list","block":{"attributes":{"disable_type_inference":{"type":"bool","description":"Optional. Whether to disable the inference of data type for Json data. If true, all columns will be registered as their primitive types (strings, number or boolean).","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Optional. The character encoding of the data. The default is UTF-8.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for Json data.","description_kind":"plain"},"max_items":1}},"description":"Required. Specification of the discovery feature applied to data in this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_spec":{"nesting_mode":"list","block":{"attributes":{"location_type":{"type":"string","description":"Required. Immutable. The location type of the resources that are allowed to be attached to the assets within this zone. Possible values: LOCATION_TYPE_UNSPECIFIED, SINGLE_REGION, MULTI_REGION","description_kind":"plain","required":true}},"description":"Required. Immutable. Specification of the resources that are referenced by the assets within this zone.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataplex_zone_iam_binding":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_member":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the autoscaling policy should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The \"resource name\" of the autoscaling policy.","description_kind":"plain","computed":true},"policy_id":{"type":"string","description":"The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 50 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"basic_algorithm":{"nesting_mode":"list","block":{"attributes":{"cooldown_period":{"type":"string","description":"Duration between scaling events. A scaling period starts after the\nupdate operation from the previous event has completed.\n\nBounds: [2m, 1d]. Default: 2m.","description_kind":"plain","optional":true}},"block_types":{"yarn_config":{"nesting_mode":"list","block":{"attributes":{"graceful_decommission_timeout":{"type":"string","description":"Timeout for YARN graceful decommissioning of Node Managers. Specifies the\nduration to wait for jobs to complete before forcefully removing workers\n(and potentially interrupting jobs). Only applicable to downscaling operations.\n\nBounds: [0s, 1d].","description_kind":"plain","required":true},"scale_down_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nremove workers. A scale-down factor of 1 will result in scaling down so that there\nis no available memory remaining after the update (more aggressive scaling).\nA scale-down factor of 0 disables removing workers, which can be beneficial for\nautoscaling a single job.\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_down_min_worker_fraction":{"type":"number","description":"Minimum scale-down threshold as a fraction of total cluster size before scaling occurs.\nFor example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler must\nrecommend at least a 2 worker scale-down for the cluster to scale. A threshold of 0\nmeans the autoscaler will scale down on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true},"scale_up_factor":{"type":"number","description":"Fraction of average pending memory in the last cooldown period for which to\nadd workers. A scale-up factor of 1.0 will result in scaling up so that there\nis no pending memory remaining after the update (more aggressive scaling).\nA scale-up factor closer to 0 will result in a smaller magnitude of scaling up\n(less aggressive scaling).\n\nBounds: [0.0, 1.0].","description_kind":"plain","required":true},"scale_up_min_worker_fraction":{"type":"number","description":"Minimum scale-up threshold as a fraction of total cluster size before scaling\noccurs. For example, in a 20-worker cluster, a threshold of 0.1 means the autoscaler\nmust recommend at least a 2-worker scale-up for the cluster to scale. A threshold of\n0 means the autoscaler will scale up on any recommended change.\n\nBounds: [0.0, 1.0]. Default: 0.0.","description_kind":"plain","optional":true}},"description":"YARN autoscaling configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Basic algorithm for autoscaling.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group. Note that by default, clusters will not use\nsecondary workers. Required for secondary workers if the minimum secondary instances is set.\nBounds: [minInstances, ). Defaults to 0.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [0, maxInstances]. Defaults to 0.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for secondary workers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"worker_config":{"nesting_mode":"list","block":{"attributes":{"max_instances":{"type":"number","description":"Maximum number of instances for this group.","description_kind":"plain","required":true},"min_instances":{"type":"number","description":"Minimum number of instances for this group. Bounds: [2, maxInstances]. Defaults to 2.","description_kind":"plain","optional":true},"weight":{"type":"number","description":"Weight for the instance group, which is used to determine the fraction of total workers\nin the cluster from this instance group. For example, if primary workers have weight 2,\nand secondary workers have weight 1, the cluster will have approximately 2 primary workers\nfor each secondary worker.\n\nThe cluster may not reach the specified balance if constrained by min/max bounds or other\nautoscaling settings. For example, if maxInstances for secondary workers is 0, then only\nprimary workers will be added. The cluster can also be out of balance when created.\n\nIf weight is not set on any instance group, the cluster will default to equal weight for\nall groups: the cluster will attempt to maintain an equal number of workers in each group\nwithin the configured size bounds for each group. If weight is set for one group only,\nthe cluster will default to zero weight on the unset group. For example if weight is set\nonly on primary workers, the cluster will use primary workers only and no secondary workers.","description_kind":"plain","optional":true}},"description":"Describes how the autoscaler will operate for primary workers.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"graceful_decommission_timeout":{"type":"string","description":"The timeout duration which allows graceful decomissioning when you change the number of worker nodes directly through a terraform apply","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The list of the labels (key/value pairs) configured on the resource and to be applied to instances in the cluster.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and zone.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the cluster will exist. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region in which the cluster and associated nodes will be created in. Defaults to global.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"cluster_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":" The name of the cloud storage bucket ultimately used to house the staging data for the cluster. If staging_bucket is specified, it will contain this value, otherwise it will be the auto generated name.","description_kind":"plain","computed":true},"staging_bucket":{"type":"string","description":"The Cloud Storage staging bucket used to stage files, such as Hadoop jars, between client machines and the cluster. Note: If you don't explicitly specify a staging_bucket then GCP will auto create / assign one for you. However, you are not guaranteed an auto generated bucket which is solely dedicated to your cluster; it may be shared with other clusters in the same region/zone also choosing to use the auto generation option.","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"The Cloud Storage temp bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. Note: If you don't explicitly specify a temp_bucket then GCP will auto create / assign one for you.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy_uri":{"type":"string","description":"The autoscaling policy used by the cluster.","description_kind":"plain","required":true}},"description":"The autoscaling policy config associated with the cluster.","description_kind":"plain"},"max_items":1},"auxiliary_node_groups":{"nesting_mode":"list","block":{"attributes":{"node_group_id":{"type":"string","description":"A node group ID. Generated if not specified. The ID must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of from 3 to 33 characters.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The Node group resource name.","description_kind":"plain","computed":true},"roles":{"type":["list","string"],"description":"Node group roles.","description_kind":"plain","required":true}},"block_types":{"node_group_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of auxiliary node group instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the auxiliary node group. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of auxiliary nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The node group instance group configuration.","description_kind":"plain"},"max_items":1}},"description":"Node group configuration.","description_kind":"plain"},"min_items":1}},"description":"The node group settings.","description_kind":"plain"}},"dataproc_metric_config":{"nesting_mode":"list","block":{"block_types":{"metrics":{"nesting_mode":"list","block":{"attributes":{"metric_overrides":{"type":["set","string"],"description":"Specify one or more [available OSS metrics] (https://cloud.google.com/dataproc/docs/guides/monitoring#available_oss_metrics) to collect.","description_kind":"plain","optional":true},"metric_source":{"type":"string","description":"A source for the collection of Dataproc OSS metrics (see [available OSS metrics] (https://cloud.google.com//dataproc/docs/guides/monitoring#available_oss_metrics)).","description_kind":"plain","required":true}},"description":"Metrics sources to enable.","description_kind":"plain"},"min_items":1}},"description":"The config for Dataproc metrics.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","required":true}},"description":"The Customer managed encryption keys settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"The flag to enable http access to specific ports on the cluster from external sources (aka Component Gateway). Defaults to false.","description_kind":"plain","required":true},"http_ports":{"type":["map","string"],"description":"The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"The config settings for port access on the cluster. Structure defined below.","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. If set to true, all instances in the cluster will only have internal IP addresses. Note: Private Google Access (also known as privateIpGoogleAccess) must be enabled on the subnetwork that the cluster will be launched in.","description_kind":"plain","optional":true},"metadata":{"type":["map","string"],"description":"A map of the Compute Engine metadata entries to add to all instances","description_kind":"plain","optional":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to the cluster will be part of. Conflicts with subnetwork. If neither is specified, this defaults to the \"default\" network.","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account to be used by the Node VMs. If not specified, the \"default\" service account is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["set","string"],"description":"The set of Google API scopes to be made available on all of the node VMs under the service_account specified. These can be either FQDNs, or scope aliases.","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork the cluster will be part of. Conflicts with network.","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The list of instance tags applied to instances in the cluster. Tags are used to identify valid sources or targets for network firewalls.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP zone where your data is stored and used (i.e. where the master and the worker nodes will be created in). If region is set to 'global' (default) then zone is mandatory, otherwise GCP is able to make use of Auto Zone Placement to determine this automatically for you. Note: This setting additionally determines and restricts which computing resources are available for use with other configs such as cluster_config.master_config.machine_type and cluster_config.worker_config.machine_type.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group_uri":{"type":"string","description":"The URI of a sole-tenant that the cluster will be created on.","description_kind":"plain","required":true}},"description":"Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Type of reservation to consume.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether instances have integrity monitoring enabled.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether instances have Secure Boot enabled.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether instances have the vTPM enabled.","description_kind":"plain","optional":true}},"description":"Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Common config settings for resources of Google Compute Engine cluster instances, applicable to all instances in the cluster.","description_kind":"plain"},"max_items":1},"initialization_action":{"nesting_mode":"list","block":{"attributes":{"script":{"type":"string","description":"The script to be executed during initialization of the cluster. The script must be a GCS file with a gs:// prefix.","description_kind":"plain","required":true},"timeout_sec":{"type":"number","description":"The maximum duration (in seconds) which script is allowed to take to execute its action. GCP will default to a predetermined computed value if not set (currently 300).","description_kind":"plain","optional":true}},"description":"Commands to execute on each node after config is completed. You can specify multiple versions of these.","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"The time when cluster will be auto-deleted. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"The duration to keep the cluster alive while idling (no jobs running). After this TTL, the cluster will be deleted. Valid range: [10m, 14d].","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Time when the cluster became idle (most recent job finished) and became eligible for deletion due to idleness.","description_kind":"plain","computed":true}},"description":"The settings for auto deletion cluster schedule.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of master nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's master instance.","description_kind":"plain"},"max_items":1},"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"Resource name of an existing Dataproc Metastore service.","description_kind":"plain","required":true}},"description":"Specifies a Metastore configuration.","description_kind":"plain"},"max_items":1},"preemptible_worker_config":{"nesting_mode":"list","block":{"attributes":{"instance_names":{"type":["list","string"],"description":"List of preemptible instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"num_instances":{"type":"number","description":"Specifies the number of preemptible nodes to create. Defaults to 0.","description_kind":"plain","optional":true,"computed":true},"preemptibility":{"type":"string","description":"Specifies the preemptibility of the secondary nodes. Defaults to PREEMPTIBLE.","description_kind":"plain","optional":true}},"block_types":{"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each preemptible worker node, specified in GB. The smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each preemptible worker node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each preemptible worker node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1},"instance_flexibility_policy":{"nesting_mode":"list","block":{"attributes":{"instance_selection_results":{"type":["list",["object",{"machine_type":"string","vm_count":"number"}]],"description":"A list of instance selection results in the group.","description_kind":"plain","computed":true}},"block_types":{"instance_selection_list":{"nesting_mode":"list","block":{"attributes":{"machine_types":{"type":["list","string"],"description":"Full machine-type names, e.g. \"n1-standard-16\".","description_kind":"plain","optional":true,"computed":true},"rank":{"type":"number","description":"Preference of this instance selection. Lower number means higher preference. Dataproc will first try to create a VM based on the machine-type with priority rank and fallback to next rank based on availability. Machine types and instance selections with the same priority have the same preference.","description_kind":"plain","optional":true,"computed":true}},"description":"List of instance selection options that the group will use when creating new VMs.","description_kind":"plain"}}},"description":"Instance flexibility Policy allowing a mixture of VM shapes and provisioning models.","description_kind":"plain"},"max_items":1}},"description":"The Google Compute Engine config settings for the additional (aka preemptible) instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster\nKerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Flag to indicate whether to Kerberize the cluster.","description_kind":"plain","optional":true},"kdc_db_key_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing\nthe password to the user provided keystore. For the self-signed certificate, this password is generated\nby Dataproc","description_kind":"plain","optional":true},"keystore_uri":{"type":"string","description":"The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"kms_key_uri":{"type":"string","description":"The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","required":true},"realm":{"type":"string","description":"The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password_uri":{"type":"string","description":"The cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","required":true},"tgt_lifetime_hours":{"type":"number","description":"The lifetime of the ticket granting ticket, in hours.","description_kind":"plain","optional":true},"truststore_password_uri":{"type":"string","description":"The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"truststore_uri":{"type":"string","description":"The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true}},"description":"Kerberos related configuration","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Security related configuration.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"The Cloud Dataproc image version to use for the cluster - this controls the sets of software versions installed onto the nodes when you create clusters. If not specified, defaults to the latest version.","description_kind":"plain","optional":true,"computed":true},"optional_components":{"type":["set","string"],"description":"The set of optional components to activate on the cluster.","description_kind":"plain","optional":true},"override_properties":{"type":["map","string"],"description":"A list of override and additional properties (key/value pairs) used to modify various aspects of the common configuration files used when creating a cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A list of the properties used to set the daemon config files. This will include any values supplied by the user via cluster_config.software_config.override_properties","description_kind":"plain","computed":true}},"description":"The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image_uri":{"type":"string","description":"The URI for the image to use for this master/worker","description_kind":"plain","optional":true,"computed":true},"instance_names":{"type":["list","string"],"description":"List of master/worker instance names which have been assigned to the cluster.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The name of a Google Compute Engine machine type to create for the master/worker","description_kind":"plain","optional":true,"computed":true},"min_cpu_platform":{"type":"string","description":"The name of a minimum generation of CPU family for the master/worker. If not specified, GCP will default to a predetermined computed value for each zone.","description_kind":"plain","optional":true,"computed":true},"min_num_instances":{"type":"number","description":"The minimum number of primary worker instances to create.","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Specifies the number of worker nodes to create. If not specified, GCP will default to a predetermined computed value.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerators":{"nesting_mode":"set","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance. Often restricted to one of 1, 2, 4, or 8.","description_kind":"plain","required":true},"accelerator_type":{"type":"string","description":"The short name of the accelerator type to expose to this instance. For example, nvidia-tesla-k80.","description_kind":"plain","required":true}},"description":"The Compute Engine accelerator (GPU) configuration for these instances. Can be specified multiple times.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Size of the primary disk attached to each node, specified in GB. The primary disk contains the boot volume and system libraries, and the smallest allowed disk size is 10GB. GCP will default to a predetermined computed value if not set (currently 500GB). Note: If SSDs are not attached, it also contains the HDFS data blocks and Hadoop working directories.","description_kind":"plain","optional":true,"computed":true},"boot_disk_type":{"type":"string","description":"The disk type of the primary disk attached to each node. Such as \"pd-ssd\" or \"pd-standard\". Defaults to \"pd-standard\".","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"The amount of local SSD disks that will be attached to each master cluster node. Defaults to 0.","description_kind":"plain","optional":true,"computed":true}},"description":"Disk Config","description_kind":"plain"},"max_items":1}},"description":"The Compute Engine config settings for the cluster's worker instances.","description_kind":"plain"},"max_items":1}},"description":"Allows you to configure various aspects of the cluster.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_cluster_config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket.","description_kind":"plain","optional":true}},"block_types":{"auxiliary_services_config":{"nesting_mode":"list","block":{"block_types":{"metastore_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_metastore_service":{"type":"string","description":"The Hive Metastore configuration for this workload.","description_kind":"plain","optional":true}},"description":"The Hive Metastore configuration for this workload.","description_kind":"plain"},"max_items":1},"spark_history_server_config":{"nesting_mode":"list","block":{"attributes":{"dataproc_cluster":{"type":"string","description":"Resource name of an existing Dataproc Cluster to act as a Spark History Server for the workload.","description_kind":"plain","optional":true}},"description":"The Spark History Server configuration for the workload.","description_kind":"plain"},"max_items":1}},"description":"Auxiliary services configuration for a Cluster.","description_kind":"plain"},"max_items":1},"kubernetes_cluster_config":{"nesting_mode":"list","block":{"attributes":{"kubernetes_namespace":{"type":"string","description":"A namespace within the Kubernetes cluster to deploy into. If this namespace does not exist, it is created. If it exists, Dataproc verifies that another Dataproc VirtualCluster is not installed into it. If not specified, the name of the Dataproc Cluster is used.","description_kind":"plain","optional":true}},"block_types":{"gke_cluster_config":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_target":{"type":"string","description":"A target GKE cluster to deploy to. It must be in the same project and region as the Dataproc cluster (the GKE cluster can be zonal or regional). Format: 'projects/{project}/locations/{location}/clusters/{cluster_id}'","description_kind":"plain","optional":true}},"block_types":{"node_pool_target":{"nesting_mode":"list","block":{"attributes":{"node_pool":{"type":"string","description":"The target GKE node pool. Format: 'projects/{project}/locations/{location}/clusters/{cluster}/nodePools/{nodePool}'","description_kind":"plain","required":true},"roles":{"type":["set","string"],"description":"The roles associated with the GKE node pool.","description_kind":"plain","required":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"locations":{"type":["set","string"],"description":"The list of Compute Engine zones where node pool nodes associated with a Dataproc on GKE virtual cluster will be located.","description_kind":"plain","required":true}},"block_types":{"autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes in the node pool. Must be \u003e= minNodeCount, and must be \u003e 0.","description_kind":"plain","optional":true},"min_node_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true}},"description":"The autoscaler configuration for this node pool. The autoscaler is enabled only when a valid configuration is present.","description_kind":"plain"},"max_items":1},"config":{"nesting_mode":"list","block":{"attributes":{"local_ssd_count":{"type":"number","description":"The minimum number of nodes in the node pool. Must be \u003e= 0 and \u003c= maxNodeCount.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The name of a Compute Engine machine type.","description_kind":"plain","optional":true},"min_cpu_platform":{"type":"string","description":"Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or a newer CPU platform. Specify the friendly names of CPU platforms, such as \"Intel Haswell\" or \"Intel Sandy Bridge\".","description_kind":"plain","optional":true},"preemptible":{"type":"bool","description":"Whether the nodes are created as preemptible VM instances. Preemptible nodes cannot be used in a node pool with the CONTROLLER role or in the DEFAULT node pool if the CONTROLLER role is not assigned (the DEFAULT node pool will assume the CONTROLLER role).","description_kind":"plain","optional":true},"spot":{"type":"bool","description":"Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.","description_kind":"plain","optional":true}},"description":"The node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"Input only. The configuration for the GKE node pool.","description_kind":"plain"},"max_items":1}},"description":"GKE node pools where workloads will be scheduled. At least one node pool must be assigned the DEFAULT GkeNodePoolTarget.Role. If a GkeNodePoolTarget is not specified, Dataproc constructs a DEFAULT GkeNodePoolTarget.","description_kind":"plain"}}},"description":"The configuration for running the Dataproc cluster on GKE.","description_kind":"plain"},"min_items":1,"max_items":1},"kubernetes_software_config":{"nesting_mode":"list","block":{"attributes":{"component_version":{"type":["map","string"],"description":"The components that should be installed in this Dataproc cluster. The key must be a string from the KubernetesComponent enumeration. The value is the version of the software to be installed.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"The properties to set on daemon config files. Property keys are specified in prefix:property format, for example spark:spark.kubernetes.container.image.","description_kind":"plain","optional":true,"computed":true}},"description":"The software configuration for this Dataproc cluster running on Kubernetes.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for running the Dataproc cluster on Kubernetes.","description_kind":"plain"},"max_items":1}},"description":"The virtual cluster config is used when creating a Dataproc cluster that does not directly control the underlying compute resources, for example, when creating a Dataproc-on-GKE cluster. Dataproc may set default values, and values may change when clusters are updated. Exactly one of config or virtualClusterConfig must be specified.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_binding":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_member":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job":{"version":0,"block":{"attributes":{"driver_controls_files_uri":{"type":"string","description":"Output-only. If present, the location of miscellaneous control files which may be used as part of job setup and handling. If not present, control files may be placed in the same location as driver_output_uri.","description_kind":"plain","computed":true},"driver_output_resource_uri":{"type":"string","description":"Output-only. A URI pointing to the location of the stdout of the job's driver program","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"By default, you can only delete inactive jobs within Dataproc. Setting this to true, and calling destroy, will ensure that the job is first cancelled before issuing the delete.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project in which the cluster can be found and jobs subsequently run against. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Cloud Dataproc region. This essentially determines which clusters are available for this job to be submitted to. If not specified, defaults to global.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"details":"string","state":"string","state_start_time":"string","substate":"string"}]],"description":"The status of the job.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"hadoop_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of Hadoop job","description_kind":"plain"},"max_items":1},"hive_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Hive command: SET name=\"value\";).","description_kind":"plain","optional":true}},"description":"The config of hive job","description_kind":"plain"},"max_items":1},"pig_config":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. The default value is false. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"HCFS URI of file containing Hive script to execute as the job. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of Hive queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Pig command: name=[value]).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pag job.","description_kind":"plain"},"max_items":1},"placement":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the cluster where the job will be submitted","description_kind":"plain","required":true},"cluster_uuid":{"type":"string","description":"Output-only. A cluster UUID generated by the Cloud Dataproc service when the job is submitted","description_kind":"plain","computed":true}},"description":"The config of job placement.","description_kind":"plain"},"min_items":1,"max_items":1},"presto_config":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Presto client tags to attach to this query.","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Whether to continue executing queries if a query fails. Setting to true can be useful when executing independent parallel queries. Defaults to false.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"The format in which query output will be displayed. See the Presto documentation for supported output formats.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values. Used to set Presto session properties Equivalent to using the --session flag in the Presto CLI.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of presto job","description_kind":"plain"},"max_items":1},"pyspark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as --conf, that can be set as job properties, since a collision may occur that causes an incorrect job submission","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be copied to the working directory of Python drivers and distributed tasks. Useful for naively parallel tasks","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of pySpark job.","description_kind":"plain"},"max_items":1},"reference":{"nesting_mode":"list","block":{"attributes":{"job_id":{"type":"string","description":"The job ID, which must be unique within the project. The job ID is generated by the server upon job submission or provided by the user as a means to perform retries without creating duplicate jobs","description_kind":"plain","optional":true,"computed":true}},"description":"The reference of the job","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true},"max_failures_total":{"type":"number","description":"Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed.","description_kind":"plain","required":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_config":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"HCFS URIs of archives to be extracted in the working directory of .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"The arguments to pass to the driver.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"HCFS URIs of files to be copied to the working directory of Spark drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The class containing the main method of the driver. Must be in a provided jar or jar that is already on the classpath. Conflicts with main_jar_file_uri","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of jar file containing the driver jar. Conflicts with main_class","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Cloud Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of the Spark job.","description_kind":"plain"},"max_items":1},"sparksql_config":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Cloud Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries. Conflicts with query_list","description_kind":"plain","optional":true},"query_list":{"type":["list","string"],"description":"The list of SQL queries or statements to execute as part of the job. Conflicts with query_file_uri","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Mapping of query variable names to values (equivalent to the Spark SQL command: SET name=\"value\";).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"Optional. The per-package log levels for the driver. This may include 'root' package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'.","description_kind":"plain","required":true}},"description":"The runtime logging config of the job","description_kind":"plain"},"max_items":1}},"description":"The config of SparkSql job","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_job_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","optional":true,"computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The fully qualified customer provided Cloud KMS key name to use for customer data encryption.\nUse the following format: 'projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+)'","description_kind":"plain","required":true}},"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain"},"max_items":1},"hive_metastore_config":{"nesting_mode":"list","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the Hive metastore (configured in hive-site.xml).\nThe mappings override system defaults (some keys cannot be overridden)","description_kind":"plain","optional":true,"computed":true},"endpoint_protocol":{"type":"string","description":"The protocol to use for the metastore service endpoint. If unspecified, defaults to 'THRIFT'. Default value: \"THRIFT\" Possible values: [\"THRIFT\", \"GRPC\"]","description_kind":"plain","optional":true},"version":{"type":"string","description":"The Hive metastore schema version.","description_kind":"plain","required":true}},"block_types":{"auxiliary_versions":{"nesting_mode":"set","block":{"attributes":{"config_overrides":{"type":["map","string"],"description":"A mapping of Hive metastore configuration key-value pairs to apply to the auxiliary Hive metastore (configured in hive-site.xml) in addition to the primary version's overrides.\nIf keys are present in both the auxiliary version's overrides and the primary version's overrides, the value from the auxiliary version's overrides takes precedence.","description_kind":"plain","optional":true},"key":{"type":"string","description_kind":"plain","required":true},"version":{"type":"string","description":"The Hive metastore version of the auxiliary service. It must be less than the primary Hive metastore service's version.","description_kind":"plain","required":true}},"description":"A mapping of Hive metastore version to the auxiliary version configuration.\nWhen specified, a secondary Hive metastore service is created along with the primary service.\nAll auxiliary versions must be less than the service's primary version.\nThe key is the auxiliary service name and it must match the regular expression a-z?.\nThis means that the first character must be a lowercase letter, and all the following characters must be hyphens, lowercase letters, or digits, except the last character, which cannot be a hyphen.","description_kind":"plain"}},"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"krb5_config_gcs_uri":{"type":"string","description":"A Cloud Storage URI that specifies the path to a krb5.conf file. It is of the form gs://{bucket_name}/path/to/krb5.conf, although the file does not need to be named krb5.conf explicitly.","description_kind":"plain","required":true},"principal":{"type":"string","description":"A Kerberos principal that exists in the both the keytab the KDC to authenticate as. A typical principal is of the form \"primary/instance@REALM\", but there is no exact format.","description_kind":"plain","required":true}},"block_types":{"keytab":{"nesting_mode":"list","block":{"attributes":{"cloud_secret":{"type":"string","description":"The relative resource name of a Secret Manager secret version, in the following form:\n\n\"projects/{projectNumber}/secrets/{secret_id}/versions/{version_id}\".","description_kind":"plain","required":true}},"description":"A Kerberos keytab file that can be used to authenticate a service principal with a Kerberos Key Distribution Center (KDC).","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Information used to configure the Hive metastore service as a service principal in a Kerberos realm.","description_kind":"plain"},"max_items":1}},"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"The day of week, when the window starts. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"hour_of_day":{"type":"number","description":"The hour of day (0-23) when the window starts.","description_kind":"plain","required":true}},"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain"},"max_items":1},"metadata_integration":{"nesting_mode":"list","block":{"block_types":{"data_catalog_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Defines whether the metastore metadata should be synced to Data Catalog. The default value is to disable syncing metastore metadata to Data Catalog.","description_kind":"plain","required":true}},"description":"The integration config for the Data Catalog service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"consumers":{"nesting_mode":"list","block":{"attributes":{"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The subnetwork of the customer project from which an IP address is reserved and used as the Dataproc Metastore service's endpoint.\nIt is accessible to hosts in the subnet and to all hosts in a subnet in the same region and same network.\nThere must be at least one IP address available in the subnet's primary range. The subnet is specified in the following form:\n'projects/{projectNumber}/regions/{region_id}/subnetworks/{subnetwork_id}","description_kind":"plain","required":true}},"description":"The consumer-side network configuration for the Dataproc Metastore instance.","description_kind":"plain"},"min_items":1}},"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain"},"max_items":1},"scaling_config":{"nesting_mode":"list","block":{"attributes":{"instance_size":{"type":"string","description":"Metastore instance sizes. Possible values: [\"EXTRA_SMALL\", \"SMALL\", \"MEDIUM\", \"LARGE\", \"EXTRA_LARGE\"]","description_kind":"plain","optional":true},"scaling_factor":{"type":"number","description":"Scaling factor, in increments of 0.1 for values less than 1.0, and increments of 1.0 for values greater than 1.0.","description_kind":"plain","optional":true}},"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain"},"max_items":1},"scheduled_backup":{"nesting_mode":"list","block":{"attributes":{"backup_location":{"type":"string","description":"A Cloud Storage URI of a folder, in the format gs://\u003cbucket_name\u003e/\u003cpath_inside_bucket\u003e. A sub-folder \u003cbackup_folder\u003e containing backup files will be stored below it.","description_kind":"plain","required":true},"cron_schedule":{"type":"string","description":"The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron The default is empty: scheduled backup is not enabled. Must be specified to enable scheduled backups.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Defines whether the scheduled backup is enabled. The default value is false.","description_kind":"plain","optional":true,"computed":true},"time_zone":{"type":"string","description":"Specifies the time zone to be used when interpreting cronSchedule. Must be a time zone name from the time zone database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, the default is UTC.","description_kind":"plain","optional":true,"computed":true}},"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain"},"max_items":1},"telemetry_config":{"nesting_mode":"list","block":{"attributes":{"log_format":{"type":"string","description":"The output format of the Dataproc Metastore service's logs. Default value: \"JSON\" Possible values: [\"LEGACY\", \"JSON\"]","description_kind":"plain","optional":true}},"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataproc_workflow_template":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time template was created.","description_kind":"plain","computed":true},"dag_timeout":{"type":"string","description":"Optional. Timeout duration for the DAG of jobs, expressed in seconds (see [JSON representation of duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). The timeout duration must be from 10 minutes (\"600s\") to 24 hours (\"86400s\"). The timer begins when the first job is submitted. If the workflow is running at the end of the timeout period, any remaining jobs are cancelled, the workflow is ended, and if the workflow was running on a [managed cluster](/dataproc/docs/concepts/workflows/using-workflows#configuring_or_selecting_a_cluster), the cluster is deleted.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this template. These labels will be propagated to all jobs and clusters created by the workflow instance. Label **keys** must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be empty, but, if present, must contain 1 to 63 characters, and must conform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No more than 32 labels can be associated with a template.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the workflow template, as described in https://cloud.google.com/apis/design/resource_names. * For `projects.regions.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/regions/{region}/workflowTemplates/{template_id}` * For `projects.locations.workflowTemplates`, the resource name of the template has the following format: `projects/{project_id}/locations/{location}/workflowTemplates/{template_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time template was last updated.","description_kind":"plain","computed":true},"version":{"type":"number","description":"Output only. The current version of this workflow template.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"jobs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this job. Label keys must be between 1 and 63 characters long, and must conform to the following regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given job.","description_kind":"plain","optional":true},"prerequisite_step_ids":{"type":["list","string"],"description":"Optional. The optional list of prerequisite job step_ids. If not specified, the job will start at the beginning of workflow.","description_kind":"plain","optional":true},"step_id":{"type":"string","description":"Required. The step id. The id must be unique among all jobs within the template. The step id is used as prefix for job id, as job `goog-dataproc-workflow-step-id` label, and in prerequisiteStepIds field from other steps. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters.","description_kind":"plain","required":true}},"block_types":{"hadoop_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted in the working directory of Hadoop drivers and tasks. Supported file types: .jar, .tar, .tar.gz, .tgz, or .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `-libjars` or `-Dfoo=bar`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS (Hadoop Compatible Filesystem) URIs of files to be copied to the working directory of Hadoop drivers and distributed tasks. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. Jar file URIs to add to the CLASSPATHs of the Hadoop driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file containing the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file containing the main class. Examples: 'gs://foo-bucket/analytics-binaries/extract-useful-metrics-mr.jar' 'hdfs:/tmp/test-samples/custom-wordcount.jar' 'file:///home/usr/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar'","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Hadoop. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hadoop job.","description_kind":"plain"},"max_items":1},"hive_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Hive server and Hadoop MapReduce (MR) tasks. Can contain Hive SerDes and UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names and values, used to configure Hive. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/hive/conf/hive-site.xml, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains Hive queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Hive command: `SET name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Hive job.","description_kind":"plain"},"max_items":1},"pig_job":{"nesting_mode":"list","block":{"attributes":{"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATH of the Pig Client and Hadoop MapReduce (MR) tasks. Can contain Pig UDFs.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Pig. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/hadoop/conf/*-site.xml, /etc/pig/conf/pig.properties, and classes in user code.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains the Pig queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Pig command: `name=[value]`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Pig job.","description_kind":"plain"},"max_items":1},"presto_job":{"nesting_mode":"list","block":{"attributes":{"client_tags":{"type":["list","string"],"description":"Optional. Presto client tags to attach to this query","description_kind":"plain","optional":true},"continue_on_failure":{"type":"bool","description":"Optional. Whether to continue executing queries if a query fails. The default value is `false`. Setting to `true` can be useful when executing independent parallel queries.","description_kind":"plain","optional":true},"output_format":{"type":"string","description":"Optional. The format in which query output will be displayed. See the Presto documentation for supported output formats","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values. Used to set Presto [session properties](https://prestodb.io/docs/current/sql/set-session.html) Equivalent to using the --session flag in the Presto CLI","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Presto job.","description_kind":"plain"},"max_items":1},"pyspark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Python driver and tasks.","description_kind":"plain","optional":true},"main_python_file_uri":{"type":"string","description":"Required. The HCFS URI of the main Python file to use as the driver. Must be a .py file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure PySpark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true},"python_file_uris":{"type":["list","string"],"description":"Optional. HCFS file URIs of Python files to pass to the PySpark framework. Supported file types: .py, .egg, and .zip.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a PySpark job.","description_kind":"plain"},"max_items":1},"scheduling":{"nesting_mode":"list","block":{"attributes":{"max_failures_per_hour":{"type":"number","description":"Optional. Maximum number of times per hour a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. A job may be reported as thrashing if driver exits with non-zero code 4 times within 10 minute window. Maximum value is 10.","description_kind":"plain","optional":true},"max_failures_total":{"type":"number","description":"Optional. Maximum number of times in total a driver may be restarted as a result of driver exiting with non-zero code before job is reported failed. Maximum value is 240.","description_kind":"plain","optional":true}},"description":"Optional. Job scheduling configuration.","description_kind":"plain"},"max_items":1},"spark_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to add to the CLASSPATHs of the Spark driver and tasks.","description_kind":"plain","optional":true},"main_class":{"type":"string","description":"The name of the driver's main class. The jar file that contains the class must be in the default CLASSPATH or specified in `jar_file_uris`.","description_kind":"plain","optional":true},"main_jar_file_uri":{"type":"string","description":"The HCFS URI of the jar file that contains the main class.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a Spark job.","description_kind":"plain"},"max_items":1},"spark_r_job":{"nesting_mode":"list","block":{"attributes":{"archive_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of archives to be extracted into the working directory of each executor. Supported file types: .jar, .tar, .tar.gz, .tgz, and .zip.","description_kind":"plain","optional":true},"args":{"type":["list","string"],"description":"Optional. The arguments to pass to the driver. Do not include arguments, such as `--conf`, that can be set as job properties, since a collision may occur that causes an incorrect job submission.","description_kind":"plain","optional":true},"file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of files to be placed in the working directory of each executor. Useful for naively parallel tasks.","description_kind":"plain","optional":true},"main_r_file_uri":{"type":"string","description":"Required. The HCFS URI of the main R file to use as the driver. Must be a .R file.","description_kind":"plain","required":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure SparkR. Properties that conflict with values set by the Dataproc API may be overwritten. Can include properties set in /etc/spark/conf/spark-defaults.conf and classes in user code.","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkR job.","description_kind":"plain"},"max_items":1},"spark_sql_job":{"nesting_mode":"list","block":{"attributes":{"jar_file_uris":{"type":["list","string"],"description":"Optional. HCFS URIs of jar files to be added to the Spark CLASSPATH.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. A mapping of property names to values, used to configure Spark SQL's SparkConf. Properties that conflict with values set by the Dataproc API may be overwritten.","description_kind":"plain","optional":true},"query_file_uri":{"type":"string","description":"The HCFS URI of the script that contains SQL queries.","description_kind":"plain","optional":true},"script_variables":{"type":["map","string"],"description":"Optional. Mapping of query variable names to values (equivalent to the Spark SQL command: SET `name=\"value\";`).","description_kind":"plain","optional":true}},"block_types":{"logging_config":{"nesting_mode":"list","block":{"attributes":{"driver_log_levels":{"type":["map","string"],"description":"The per-package log levels for the driver. This may include \"root\" package name to configure rootLogger. Examples: 'com.google = FATAL', 'root = INFO', 'org.apache = DEBUG'","description_kind":"plain","optional":true}},"description":"Optional. The runtime log config for job execution.","description_kind":"plain"},"max_items":1},"query_list":{"nesting_mode":"list","block":{"attributes":{"queries":{"type":["list","string"],"description":"Required. The queries to execute. You do not need to end a query expression with a semicolon. Multiple queries can be specified in one string by separating each with a semicolon. Here is an example of a Dataproc API snippet that uses a QueryList to specify a HiveJob: \"hiveJob\": { \"queryList\": { \"queries\": [ \"query1\", \"query2\", \"query3;query4\", ] } }","description_kind":"plain","required":true}},"description":"A list of queries.","description_kind":"plain"},"max_items":1}},"description":"Optional. Job is a SparkSql job.","description_kind":"plain"},"max_items":1}},"description":"Required. The Directed Acyclic Graph of Jobs to submit.","description_kind":"plain"},"min_items":1},"parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Brief description of the parameter. Must not exceed 1024 characters.","description_kind":"plain","optional":true},"fields":{"type":["list","string"],"description":"Required. Paths to all fields that the parameter replaces. A field is allowed to appear in at most one parameter's list of field paths. A field path is similar in syntax to a google.protobuf.FieldMask. For example, a field path that references the zone field of a workflow template's cluster selector would be specified as `placement.clusterSelector.zone`. Also, field paths can reference fields using the following syntax: * Values in maps can be referenced by key: * labels['key'] * placement.clusterSelector.clusterLabels['key'] * placement.managedCluster.labels['key'] * placement.clusterSelector.clusterLabels['key'] * jobs['step-id'].labels['key'] * Jobs in the jobs list can be referenced by step-id: * jobs['step-id'].hadoopJob.mainJarFileUri * jobs['step-id'].hiveJob.queryFileUri * jobs['step-id'].pySparkJob.mainPythonFileUri * jobs['step-id'].hadoopJob.jarFileUris[0] * jobs['step-id'].hadoopJob.archiveUris[0] * jobs['step-id'].hadoopJob.fileUris[0] * jobs['step-id'].pySparkJob.pythonFileUris[0] * Items in repeated fields can be referenced by a zero-based index: * jobs['step-id'].sparkJob.args[0] * Other examples: * jobs['step-id'].hadoopJob.properties['key'] * jobs['step-id'].hadoopJob.args[0] * jobs['step-id'].hiveJob.scriptVariables['key'] * jobs['step-id'].hadoopJob.mainJarFileUri * placement.clusterSelector.zone It may not be possible to parameterize maps and repeated fields in their entirety since only individual map values and individual items in repeated fields can be referenced. For example, the following field paths are invalid: - placement.clusterSelector.clusterLabels - jobs['step-id'].sparkJob.args","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. Parameter name. The parameter name is used as the key, and paired with the parameter value, which are passed to the template when the template is instantiated. The name must contain only capital letters (A-Z), numbers (0-9), and underscores (_), and must not start with a number. The maximum length is 40 characters.","description_kind":"plain","required":true}},"block_types":{"validation":{"nesting_mode":"list","block":{"block_types":{"regex":{"nesting_mode":"list","block":{"attributes":{"regexes":{"type":["list","string"],"description":"Required. RE2 regular expressions used to validate the parameter's value. The value must match the regex in its entirety (substring matches are not sufficient).","description_kind":"plain","required":true}},"description":"Validation based on regular expressions.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"values":{"type":["list","string"],"description":"Required. List of allowed values for the parameter.","description_kind":"plain","required":true}},"description":"Validation based on a list of allowed values.","description_kind":"plain"},"max_items":1}},"description":"Optional. Validation rules to be applied to this parameter's value.","description_kind":"plain"},"max_items":1}},"description":"Optional. Template parameters whose values are substituted into the template. Values for parameters must be provided when the template is instantiated.","description_kind":"plain"}},"placement":{"nesting_mode":"list","block":{"block_types":{"cluster_selector":{"nesting_mode":"list","block":{"attributes":{"cluster_labels":{"type":["map","string"],"description":"Required. The cluster labels. Cluster must have all labels to match.","description_kind":"plain","required":true},"zone":{"type":"string","description":"Optional. The zone where workflow process executes. This parameter does not affect the selection of the cluster. If unspecified, the zone of the first cluster matching the selector is used.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. A selector that chooses target cluster for jobs based on metadata. The selector is evaluated at the time each job is submitted.","description_kind":"plain"},"max_items":1},"managed_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_name":{"type":"string","description":"Required. The cluster name prefix. A unique cluster name will be formed by appending a random suffix. The name must contain only lower-case letters (a-z), numbers (0-9), and hyphens (-). Must begin with a letter. Cannot begin or end with hyphen. Must consist of between 2 and 35 characters.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Optional. The labels to associate with this cluster. Label keys must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: p{Ll}p{Lo}{0,62} Label values must be between 1 and 63 characters long, and must conform to the following PCRE regular expression: [p{Ll}p{Lo}p{N}_-]{0,63} No more than 32 labels can be associated with a given cluster.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"staging_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to stage job dependencies, config files, and job driver console output. If you do not specify a staging bucket, Cloud Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's staging bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket (see [Dataproc staging bucket](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/staging-bucket)). **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true},"temp_bucket":{"type":"string","description":"Optional. A Cloud Storage bucket used to store ephemeral cluster and jobs data, such as Spark and MapReduce history files. If you do not specify a temp bucket, Dataproc will determine a Cloud Storage location (US, ASIA, or EU) for your cluster's temp bucket according to the Compute Engine zone where your cluster is deployed, and then create and manage this project-level, per-location bucket. The default bucket has a TTL of 90 days, but you can use any TTL (or none) if you specify a bucket. **This field requires a Cloud Storage bucket name, not a URI to a Cloud Storage bucket.**","description_kind":"plain","optional":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Optional. The autoscaling policy used by the cluster. Only resource names including projectid and location (region) are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` * `projects/[project_id]/locations/[dataproc_region]/autoscalingPolicies/[policy_id]` Note that the policy must be in the same project and Dataproc region.","description_kind":"plain","optional":true}},"description":"Optional. Autoscaling config for the policy associated with the cluster. Cluster does not autoscale if this field is unset.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"gce_pd_kms_key_name":{"type":"string","description":"Optional. The Cloud KMS key name to use for PD disk encryption for all instances in the cluster.","description_kind":"plain","optional":true}},"description":"Optional. Encryption settings for the cluster.","description_kind":"plain"},"max_items":1},"endpoint_config":{"nesting_mode":"list","block":{"attributes":{"enable_http_port_access":{"type":"bool","description":"Optional. If true, enable http access to specific ports on the cluster from external sources. Defaults to false.","description_kind":"plain","optional":true},"http_ports":{"type":["map","string"],"description":"Output only. The map of port descriptions to URLs. Will only be populated if enable_http_port_access is true.","description_kind":"plain","computed":true}},"description":"Optional. Port/endpoint configuration for this cluster","description_kind":"plain"},"max_items":1},"gce_cluster_config":{"nesting_mode":"list","block":{"attributes":{"internal_ip_only":{"type":"bool","description":"Optional. If true, all instances in the cluster will only have internal IP addresses. By default, clusters are not restricted to internal IP addresses, and will have ephemeral external IP addresses assigned to each instance. This `internal_ip_only` restriction can only be enabled for subnetwork enabled networks, and all off-cluster dependencies must be configured to be accessible without external IP addresses.","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to all instances (see [Project and instance metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata#project_and_instance_metadata)).","description_kind":"plain","optional":true},"network":{"type":"string","description":"Optional. The Compute Engine network to be used for machine communications. Cannot be specified with subnetwork_uri. If neither `network_uri` nor `subnetwork_uri` is specified, the \"default\" network of the project is used, if it exists. Cannot be a \"Custom Subnet Network\" (see [Using Subnetworks](https://cloud.google.com/compute/docs/subnetworks) for more information). A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/global/default` * `projects/[project_id]/regions/global/default` * `default`","description_kind":"plain","optional":true},"private_ipv6_google_access":{"type":"string","description":"Optional. The type of IPv6 access for a cluster. Possible values: PRIVATE_IPV6_GOOGLE_ACCESS_UNSPECIFIED, INHERIT_FROM_SUBNETWORK, OUTBOUND, BIDIRECTIONAL","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Optional. The [Dataproc service account](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/service-accounts#service_accounts_in_dataproc) (also see [VM Data Plane identity](https://cloud.google.com/dataproc/docs/concepts/iam/dataproc-principals#vm_service_account_data_plane_identity)) used by Dataproc cluster VM instances to access Google Cloud Platform services. If not specified, the [Compute Engine default service account](https://cloud.google.com/compute/docs/access/service-accounts#default_service_account) is used.","description_kind":"plain","optional":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances. The following base set of scopes is always included: * https://www.googleapis.com/auth/cloud.useraccounts.readonly * https://www.googleapis.com/auth/devstorage.read_write * https://www.googleapis.com/auth/logging.write If no scopes are specified, the following defaults are also provided: * https://www.googleapis.com/auth/bigquery * https://www.googleapis.com/auth/bigtable.admin.table * https://www.googleapis.com/auth/bigtable.data * https://www.googleapis.com/auth/devstorage.full_control","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"Optional. The Compute Engine subnetwork to be used for machine communications. Cannot be specified with network_uri. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/regions/us-east1/subnetworks/sub0` * `projects/[project_id]/regions/us-east1/subnetworks/sub0` * `sub0`","description_kind":"plain","optional":true},"tags":{"type":["set","string"],"description":"The Compute Engine tags to add to all instances (see [Tagging instances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true},"zone":{"type":"string","description":"Optional. The zone where the Compute Engine cluster will be located. On a create request, it is required in the \"global\" region. If omitted in a non-global Dataproc region, the service will pick a zone in the corresponding Compute Engine region. On a get request, zone will always be present. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/[zone]` * `projects/[project_id]/zones/[zone]` * `us-central1-f`","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_group_affinity":{"nesting_mode":"list","block":{"attributes":{"node_group":{"type":"string","description":"Required. The URI of a sole-tenant [node group resource](https://cloud.google.com/compute/docs/reference/rest/v1/nodeGroups) that the cluster will be created on. A full URL, partial URI, or node group name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `projects/[project_id]/zones/us-central1-a/nodeGroups/node-group-1` * `node-group-1`","description_kind":"plain","required":true}},"description":"Optional. Node Group Affinity for sole-tenant clusters.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"Optional. Type of reservation to consume Possible values: TYPE_UNSPECIFIED, NO_RESERVATION, ANY_RESERVATION, SPECIFIC_RESERVATION","description_kind":"plain","optional":true},"key":{"type":"string","description":"Optional. Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Optional. Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Optional. Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether instances have integrity monitoring enabled. Integrity monitoring compares the most recent boot measurements to the integrity policy baseline and returns a pair of pass/fail results depending on whether they match or not.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the instances have Secure Boot enabled. Secure Boot helps ensure that the system only runs authentic software by verifying the digital signature of all boot components, and halting the boot process if signature verification fails.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the instance have the vTPM enabled. Virtual Trusted Platform Module protects objects like keys, certificates and enables Measured Boot by performing the measurements needed to create a known good boot baseline, called the integrity policy baseline.","description_kind":"plain","optional":true}},"description":"Optional. Shielded Instance Config for clusters using Compute Engine Shielded VMs.","description_kind":"plain"},"max_items":1}},"description":"Optional. The shared Compute Engine config settings for all instances in a cluster.","description_kind":"plain"},"max_items":1},"initialization_actions":{"nesting_mode":"list","block":{"attributes":{"executable_file":{"type":"string","description":"Required. Cloud Storage URI of executable file.","description_kind":"plain","optional":true},"execution_timeout":{"type":"string","description":"Optional. Amount of time executable has to complete. Default is 10 minutes (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)). Cluster creation fails with an explanatory error message (the name of the executable that caused the error and the exceeded timeout period) if the executable is not completed at end of the timeout period.","description_kind":"plain","optional":true}},"description":"Optional. Commands to execute on each node after config is completed. By default, executables are run on master and all worker nodes. You can test a node's `role` metadata to run an executable on a master or worker node, as shown below using `curl` (you can also use `wget`): ROLE=$(curl -H Metadata-Flavor:Google http://metadata/computeMetadata/v1/instance/attributes/dataproc-role) if [[ \"${ROLE}\" == 'Master' ]]; then ... master specific actions ... else ... worker specific actions ... fi","description_kind":"plain"}},"lifecycle_config":{"nesting_mode":"list","block":{"attributes":{"auto_delete_time":{"type":"string","description":"Optional. The time when cluster will be auto-deleted (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"auto_delete_ttl":{"type":"string","description":"Optional. The lifetime duration of cluster. The cluster will be auto-deleted at the end of this period. Minimum value is 10 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_delete_ttl":{"type":"string","description":"Optional. The duration to keep the cluster alive while idling (when no jobs are running). Passing this threshold will cause the cluster to be deleted. Minimum value is 5 minutes; maximum value is 14 days (see JSON representation of [Duration](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","optional":true},"idle_start_time":{"type":"string","description":"Output only. The time when cluster became idle (most recent job finished) and became eligible for deletion due to idleness (see JSON representation of [Timestamp](https://developers.google.com/protocol-buffers/docs/proto3#json)).","description_kind":"plain","computed":true}},"description":"Optional. Lifecycle setting for the cluster.","description_kind":"plain"},"max_items":1},"master_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for the master instance in a cluster.","description_kind":"plain"},"max_items":1},"secondary_worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for additional worker instances in a cluster.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"kerberos_config":{"nesting_mode":"list","block":{"attributes":{"cross_realm_trust_admin_server":{"type":"string","description":"Optional. The admin server (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_kdc":{"type":"string","description":"Optional. The KDC (IP or hostname) for the remote trusted realm in a cross realm trust relationship.","description_kind":"plain","optional":true},"cross_realm_trust_realm":{"type":"string","description":"Optional. The remote realm the Dataproc on-cluster KDC will trust, should the user enable cross realm trust.","description_kind":"plain","optional":true},"cross_realm_trust_shared_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the shared password between the on-cluster Kerberos realm and the remote trusted realm, in a cross realm trust relationship.","description_kind":"plain","optional":true},"enable_kerberos":{"type":"bool","description":"Optional. Flag to indicate whether to Kerberize the cluster (default: false). Set this field to true to enable Kerberos on a cluster.","description_kind":"plain","optional":true},"kdc_db_key":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the master key of the KDC database.","description_kind":"plain","optional":true},"key_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided key. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"keystore":{"type":"string","description":"Optional. The Cloud Storage URI of the keystore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"keystore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided keystore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"Optional. The uri of the KMS key used to encrypt various sensitive files.","description_kind":"plain","optional":true},"realm":{"type":"string","description":"Optional. The name of the on-cluster Kerberos realm. If not specified, the uppercased domain of hostnames will be the realm.","description_kind":"plain","optional":true},"root_principal_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the root principal password.","description_kind":"plain","optional":true},"tgt_lifetime_hours":{"type":"number","description":"Optional. The lifetime of the ticket granting ticket, in hours. If not specified, or user specifies 0, then default value 10 will be used.","description_kind":"plain","optional":true},"truststore":{"type":"string","description":"Optional. The Cloud Storage URI of the truststore file used for SSL encryption. If not provided, Dataproc will provide a self-signed certificate.","description_kind":"plain","optional":true},"truststore_password":{"type":"string","description":"Optional. The Cloud Storage URI of a KMS encrypted file containing the password to the user provided truststore. For the self-signed certificate, this password is generated by Dataproc.","description_kind":"plain","optional":true}},"description":"Optional. Kerberos related configuration.","description_kind":"plain"},"max_items":1}},"description":"Optional. Security settings for the cluster.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"image_version":{"type":"string","description":"Optional. The version of software inside the cluster. It must be one of the supported [Dataproc Versions](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#supported_dataproc_versions), such as \"1.2\" (including a subminor version, such as \"1.2.29\"), or the [\"preview\" version](https://cloud.google.com/dataproc/docs/concepts/versioning/dataproc-versions#other_versions). If unspecified, it defaults to the latest Debian version.","description_kind":"plain","optional":true},"optional_components":{"type":["list","string"],"description":"Optional. The set of components to activate on the cluster.","description_kind":"plain","optional":true},"properties":{"type":["map","string"],"description":"Optional. The properties to set on daemon config files. Property keys are specified in `prefix:property` format, for example `core:hadoop.tmp.dir`. The following are supported prefixes and their mappings: * capacity-scheduler: `capacity-scheduler.xml` * core: `core-site.xml` * distcp: `distcp-default.xml` * hdfs: `hdfs-site.xml` * hive: `hive-site.xml` * mapred: `mapred-site.xml` * pig: `pig.properties` * spark: `spark-defaults.conf` * yarn: `yarn-site.xml` For more information, see [Cluster properties](https://cloud.google.com/dataproc/docs/concepts/cluster-properties).","description_kind":"plain","optional":true}},"description":"Optional. The config settings for software inside the cluster.","description_kind":"plain"},"max_items":1},"worker_config":{"nesting_mode":"list","block":{"attributes":{"image":{"type":"string","description":"Optional. The Compute Engine image resource used for cluster instances. The URI can represent an image or image family. Image examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/[image-id]` * `projects/[project_id]/global/images/[image-id]` * `image-id` Image family examples. Dataproc will use the most recent image from the family: * `https://www.googleapis.com/compute/beta/projects/[project_id]/global/images/family/[custom-image-family-name]` * `projects/[project_id]/global/images/family/[custom-image-family-name]` If the URI is unspecified, it will be inferred from `SoftwareConfig.image_version` or the system default.","description_kind":"plain","optional":true},"instance_names":{"type":["list","string"],"description":"Output only. The list of instance names. Dataproc derives the names from `cluster_name`, `num_instances`, and the instance group.","description_kind":"plain","computed":true},"is_preemptible":{"type":"bool","description":"Output only. Specifies that this instance group contains preemptible instances.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Optional. The Compute Engine machine type used for cluster instances. A full URL, partial URI, or short name are valid. Examples: * `https://www.googleapis.com/compute/v1/projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `projects/[project_id]/zones/us-east1-a/machineTypes/n1-standard-2` * `n1-standard-2` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the machine type resource, for example, `n1-standard-2`.","description_kind":"plain","optional":true},"managed_group_config":{"type":["list",["object",{"instance_group_manager_name":"string","instance_template_name":"string"}]],"description":"Output only. The config for Compute Engine Instance Group Manager that manages this group. This is only used for preemptible instance groups.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Optional. Specifies the minimum cpu platform for the Instance Group. See [Dataproc -\u003e Minimum CPU Platform](https://cloud.google.com/dataproc/docs/concepts/compute/dataproc-min-cpu).","description_kind":"plain","optional":true,"computed":true},"num_instances":{"type":"number","description":"Optional. The number of VM instances in the instance group. For [HA cluster](/dataproc/docs/concepts/configuring-clusters/high-availability) [master_config](#FIELDS.master_config) groups, **must be set to 3**. For standard cluster [master_config](#FIELDS.master_config) groups, **must be set to 1**.","description_kind":"plain","optional":true},"preemptibility":{"type":"string","description":"Optional. Specifies the preemptibility of the instance group. The default value for master and worker groups is `NON_PREEMPTIBLE`. This default cannot be changed. The default value for secondary instances is `PREEMPTIBLE`. Possible values: PREEMPTIBILITY_UNSPECIFIED, NON_PREEMPTIBLE, PREEMPTIBLE","description_kind":"plain","optional":true}},"block_types":{"accelerators":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of the accelerator cards of this type exposed to this instance.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"Full URL, partial URI, or short name of the accelerator type resource to expose to this instance. See [Compute Engine AcceleratorTypes](https://cloud.google.com/compute/docs/reference/beta/acceleratorTypes). Examples: * `https://www.googleapis.com/compute/beta/projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `projects/[project_id]/zones/us-east1-a/acceleratorTypes/nvidia-tesla-k80` * `nvidia-tesla-k80` **Auto Zone Exception**: If you are using the Dataproc [Auto Zone Placement](https://cloud.google.com/dataproc/docs/concepts/configuring-clusters/auto-zone#using_auto_zone_placement) feature, you must use the short name of the accelerator type resource, for example, `nvidia-tesla-k80`.","description_kind":"plain","optional":true}},"description":"Optional. The Compute Engine accelerator configuration for these instances.","description_kind":"plain"}},"disk_config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"Optional. Size in GB of the boot disk (default is 500GB).","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Optional. Type of the boot disk (default is \"pd-standard\"). Valid values: \"pd-balanced\" (Persistent Disk Balanced Solid State Drive), \"pd-ssd\" (Persistent Disk Solid State Drive), or \"pd-standard\" (Persistent Disk Hard Disk Drive). See [Disk types](https://cloud.google.com/compute/docs/disks#disk-types).","description_kind":"plain","optional":true},"num_local_ssds":{"type":"number","description":"Optional. Number of attached SSDs, from 0 to 4 (default is 0). If SSDs are not attached, the boot disk is used to store runtime logs and [HDFS](https://hadoop.apache.org/docs/r1.2.1/hdfs_user_guide.html) data. If one or more SSDs are attached, this runtime bulk data is spread across them, and the boot disk contains only basic config and installed binaries.","description_kind":"plain","optional":true,"computed":true}},"description":"Optional. Disk option config settings.","description_kind":"plain"},"max_items":1}},"description":"Optional. The Compute Engine config settings for worker instances in a cluster.","description_kind":"plain"},"max_items":1}},"description":"Required. The cluster configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A cluster that is managed by the workflow.","description_kind":"plain"},"max_items":1}},"description":"Required. WorkflowTemplate scheduling information.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastore_index":{"version":0,"block":{"attributes":{"ancestor":{"type":"string","description":"Policy for including ancestors in the index. Default value: \"NONE\" Possible values: [\"NONE\", \"ALL_ANCESTORS\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_id":{"type":"string","description":"The index id.","description_kind":"plain","computed":true},"kind":{"type":"string","description":"The entity kind which the index applies to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"direction":{"type":"string","description":"The direction the index should optimize for sorting. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The property name to index.","description_kind":"plain","required":true}},"description":"An ordered list of properties to index on.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_connection_profile":{"version":0,"block":{"attributes":{"connection_profile_id":{"type":"string","description":"The connection profile identifier.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this connection profile is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"bigquery_profile":{"nesting_mode":"list","block":{"description":"BigQuery warehouse profile.","description_kind":"plain"},"max_items":1},"forward_ssh_connectivity":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the SSH tunnel.","description_kind":"plain","required":true},"password":{"type":"string","description":"SSH password.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"Port for the SSH tunnel.","description_kind":"plain","optional":true},"private_key":{"type":"string","description":"SSH private key.","description_kind":"plain","optional":true,"sensitive":true},"username":{"type":"string","description":"Username for the SSH tunnel.","description_kind":"plain","required":true}},"description":"Forward SSH tunnel connectivity.","description_kind":"plain"},"max_items":1},"gcs_profile":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The Cloud Storage bucket name.","description_kind":"plain","required":true},"root_path":{"type":"string","description":"The root path inside the Cloud Storage bucket.","description_kind":"plain","optional":true}},"description":"Cloud Storage bucket profile.","description_kind":"plain"},"max_items":1},"mysql_profile":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname for the MySQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the MySQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the MySQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the MySQL connection.","description_kind":"plain","required":true}},"block_types":{"ssl_config":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM-encoded certificate of the CA that signed the source database\nserver's certificate.","description_kind":"plain","optional":true,"sensitive":true},"ca_certificate_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true},"client_certificate":{"type":"string","description":"PEM-encoded certificate that will be used by the replica to\nauthenticate against the source database server. If this field\nis used then the 'clientKey' and the 'caCertificate' fields are\nmandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_certificate_set":{"type":"bool","description":"Indicates whether the clientCertificate field is set.","description_kind":"plain","computed":true},"client_key":{"type":"string","description":"PEM-encoded private key associated with the Client Certificate.\nIf this field is used then the 'client_certificate' and the\n'ca_certificate' fields are mandatory.","description_kind":"plain","optional":true,"sensitive":true},"client_key_set":{"type":"bool","description":"Indicates whether the clientKey field is set.","description_kind":"plain","computed":true}},"description":"SSL configuration for the MySQL connection.","description_kind":"plain"},"max_items":1}},"description":"MySQL database profile.","description_kind":"plain"},"max_items":1},"oracle_profile":{"nesting_mode":"list","block":{"attributes":{"connection_attributes":{"type":["map","string"],"description":"Connection string attributes","description_kind":"plain","optional":true},"database_service":{"type":"string","description":"Database for the Oracle connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the Oracle connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the Oracle connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the Oracle connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the Oracle connection.","description_kind":"plain","required":true}},"description":"Oracle database profile.","description_kind":"plain"},"max_items":1},"postgresql_profile":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database for the PostgreSQL connection.","description_kind":"plain","required":true},"hostname":{"type":"string","description":"Hostname for the PostgreSQL connection.","description_kind":"plain","required":true},"password":{"type":"string","description":"Password for the PostgreSQL connection.","description_kind":"plain","required":true,"sensitive":true},"port":{"type":"number","description":"Port for the PostgreSQL connection.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for the PostgreSQL connection.","description_kind":"plain","required":true}},"description":"PostgreSQL database profile.","description_kind":"plain"},"max_items":1},"private_connectivity":{"nesting_mode":"list","block":{"attributes":{"private_connection":{"type":"string","description":"A reference to a private connection resource. Format: 'projects/{project}/locations/{location}/privateConnections/{name}'","description_kind":"plain","required":true}},"description":"Private connectivity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_datastream_private_connection":{"version":1,"block":{"attributes":{"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"error":{"type":["list",["object",{"details":["map","string"],"message":"string"}]],"description":"The PrivateConnection error in case of failure.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this private connection is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource's name.","description_kind":"plain","computed":true},"private_connection_id":{"type":"string","description":"The private connectivity identifier.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the PrivateConnection.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_peering_config":{"nesting_mode":"list","block":{"attributes":{"subnet":{"type":"string","description":"A free subnet for peering. (CIDR of /29)","description_kind":"plain","required":true},"vpc":{"type":"string","description":"Fully qualified name of the VPC that Datastream will peer to.\nFormat: projects/{project}/global/{networks}/{name}","description_kind":"plain","required":true}},"description":"The VPC Peering configuration is used to create VPC peering\nbetween Datastream and the consumer's VPC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_datastream_stream":{"version":0,"block":{"attributes":{"customer_managed_encryption_key":{"type":"string","description":"A reference to a KMS encryption key. If provided, it will be used to encrypt the data. If left blank, data\nwill be encrypted using an internal Stream-specific encryption key provisioned through KMS.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Stream. Set this field to 'RUNNING' to start the stream, and 'PAUSED' to pause the stream.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location this stream is located in.","description_kind":"plain","required":true},"name":{"type":"string","description":"The stream's name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the stream.","description_kind":"plain","computed":true},"stream_id":{"type":"string","description":"The stream identifier.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"backfill_all":{"nesting_mode":"list","block":{"block_types":{"mysql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"oracle_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1},"postgresql_excluded_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL data source objects to avoid backfilling.","description_kind":"plain"},"max_items":1}},"description":"Backfill strategy to automatically backfill the Stream's objects. Specific objects can be excluded.","description_kind":"plain"},"max_items":1},"backfill_none":{"nesting_mode":"list","block":{"description":"Backfill strategy to disable automatic backfill for the Stream's objects.","description_kind":"plain"},"max_items":1},"destination_config":{"nesting_mode":"list","block":{"attributes":{"destination_connection_profile":{"type":"string","description":"Destination connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"bigquery_destination_config":{"nesting_mode":"list","block":{"attributes":{"data_freshness":{"type":"string","description":"The guaranteed data freshness (in seconds) when querying tables created by the stream.\nEditing this field will only affect new tables created in the future, but existing tables\nwill not be impacted. Lower values mean that queries will return fresher data, but may result in higher cost.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true}},"block_types":{"single_target_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Dataset ID in the format projects/{project}/datasets/{dataset_id} or\n{project}:{dataset_id}","description_kind":"plain","required":true}},"description":"A single target dataset to which all data will be streamed.","description_kind":"plain"},"max_items":1},"source_hierarchy_datasets":{"nesting_mode":"list","block":{"block_types":{"dataset_template":{"nesting_mode":"list","block":{"attributes":{"dataset_id_prefix":{"type":"string","description":"If supplied, every created dataset will have its name prefixed by the provided value.\nThe prefix and name will be separated by an underscore. i.e. _.","description_kind":"plain","optional":true},"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination BigQuery\ntable. The BigQuery Service Account associated with your project requires access to this\nencryption key. i.e. projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{cryptoKey}.\nSee https://cloud.google.com/bigquery/docs/customer-managed-encryption for more information.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee https://cloud.google.com/bigquery/docs/locations for supported locations.","description_kind":"plain","required":true}},"description":"Dataset template used for dynamic dataset creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Destination datasets are created so that hierarchy of the destination data objects matches the source hierarchy.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1},"gcs_destination_config":{"nesting_mode":"list","block":{"attributes":{"file_rotation_interval":{"type":"string","description":"The maximum duration for which new events are added before a file is closed and a new file is created.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\". Defaults to 900s.","description_kind":"plain","optional":true,"computed":true},"file_rotation_mb":{"type":"number","description":"The maximum file size to be saved in the bucket.","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description":"Path inside the Cloud Storage bucket to write data to.","description_kind":"plain","optional":true}},"block_types":{"avro_file_format":{"nesting_mode":"list","block":{"description":"AVRO file format configuration.","description_kind":"plain"},"max_items":1},"json_file_format":{"nesting_mode":"list","block":{"attributes":{"compression":{"type":"string","description":"Compression of the loaded JSON file. Possible values: [\"NO_COMPRESSION\", \"GZIP\"]","description_kind":"plain","optional":true},"schema_file_format":{"type":"string","description":"The schema file format along JSON data files. Possible values: [\"NO_SCHEMA_FILE\", \"AVRO_SCHEMA_FILE\"]","description_kind":"plain","optional":true}},"description":"JSON file format configuration.","description_kind":"plain"},"max_items":1}},"description":"A configuration for how data should be loaded to Cloud Storage.","description_kind":"plain"},"max_items":1}},"description":"Destination connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"source_config":{"nesting_mode":"list","block":{"attributes":{"source_connection_profile":{"type":"string","description":"Source connection profile resource. Format: projects/{project}/locations/{location}/connectionProfiles/{name}","description_kind":"plain","required":true}},"block_types":{"mysql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"mysql_databases":{"nesting_mode":"list","block":{"attributes":{"database":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"mysql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"mysql_columns":{"nesting_mode":"list","block":{"attributes":{"collation":{"type":"string","description":"Column collation.","description_kind":"plain","optional":true},"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The MySQL data type. Full data types list can be found here:\nhttps://dev.mysql.com/doc/refman/8.0/en/data-types.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true}},"description":"MySQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"MySQL databases on the server","description_kind":"plain"},"min_items":1}},"description":"MySQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"oracle_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"max_concurrent_cdc_tasks":{"type":"number","description":"Maximum number of concurrent CDC tasks. The number should be non negative.\nIf not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"drop_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1},"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"oracle_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Schema name.","description_kind":"plain","required":true}},"block_types":{"oracle_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"oracle_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The Oracle data type. Full data types list can be found here:\nhttps://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/Data-Types.html","description_kind":"plain","optional":true},"encoding":{"type":"string","description":"Column encoding.","description_kind":"plain","computed":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","computed":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","computed":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","computed":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"Oracle columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the database.","description_kind":"plain"}}},"description":"Oracle schemas/databases in the database server","description_kind":"plain"},"min_items":1}},"description":"Oracle objects to retrieve from the source.","description_kind":"plain"},"max_items":1},"stream_large_objects":{"nesting_mode":"list","block":{"description":"Configuration to drop large object values.","description_kind":"plain"},"max_items":1}},"description":"MySQL data source configuration.","description_kind":"plain"},"max_items":1},"postgresql_source_config":{"nesting_mode":"list","block":{"attributes":{"max_concurrent_backfill_tasks":{"type":"number","description":"Maximum number of concurrent backfill tasks. The number should be non\nnegative. If not set (or set to 0), the system's default value will be used.","description_kind":"plain","optional":true,"computed":true},"publication":{"type":"string","description":"The name of the publication that includes the set of all tables\nthat are defined in the stream's include_objects.","description_kind":"plain","required":true},"replication_slot":{"type":"string","description":"The name of the logical replication slot that's configured with\nthe pgoutput plugin.","description_kind":"plain","required":true}},"block_types":{"exclude_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to exclude from the stream.","description_kind":"plain"},"max_items":1},"include_objects":{"nesting_mode":"list","block":{"block_types":{"postgresql_schemas":{"nesting_mode":"list","block":{"attributes":{"schema":{"type":"string","description":"Database name.","description_kind":"plain","required":true}},"block_types":{"postgresql_tables":{"nesting_mode":"list","block":{"attributes":{"table":{"type":"string","description":"Table name.","description_kind":"plain","required":true}},"block_types":{"postgresql_columns":{"nesting_mode":"list","block":{"attributes":{"column":{"type":"string","description":"Column name.","description_kind":"plain","optional":true},"data_type":{"type":"string","description":"The PostgreSQL data type. Full data types list can be found here:\nhttps://www.postgresql.org/docs/current/datatype.html","description_kind":"plain","optional":true},"length":{"type":"number","description":"Column length.","description_kind":"plain","computed":true},"nullable":{"type":"bool","description":"Whether or not the column can accept a null value.","description_kind":"plain","optional":true},"ordinal_position":{"type":"number","description":"The ordinal position of the column in the table.","description_kind":"plain","optional":true},"precision":{"type":"number","description":"Column precision.","description_kind":"plain","computed":true},"primary_key":{"type":"bool","description":"Whether or not the column represents a primary key.","description_kind":"plain","optional":true},"scale":{"type":"number","description":"Column scale.","description_kind":"plain","computed":true}},"description":"PostgreSQL columns in the schema. When unspecified as part of include/exclude objects, includes/excludes everything.","description_kind":"plain"}}},"description":"Tables in the schema.","description_kind":"plain"}}},"description":"PostgreSQL schemas on the server","description_kind":"plain"},"min_items":1}},"description":"PostgreSQL objects to retrieve from the source.","description_kind":"plain"},"max_items":1}},"description":"PostgreSQL data source configuration.","description_kind":"plain"},"max_items":1}},"description":"Source connection profile configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_deployment_manager_deployment":{"version":0,"block":{"attributes":{"create_policy":{"type":"string","description":"Set the policy to use for creating new resources. Only used on\ncreate and update. Valid values are 'CREATE_OR_ACQUIRE' (default) or\n'ACQUIRE'. If set to 'ACQUIRE' and resources do not already exist,\nthe deployment will fail. Note that updating this field does not\nactually affect the deployment, just how it is updated. Default value: \"CREATE_OR_ACQUIRE\" Possible values: [\"ACQUIRE\", \"CREATE_OR_ACQUIRE\"]","description_kind":"plain","optional":true},"delete_policy":{"type":"string","description":"Set the policy to use for deleting new resources on update/delete.\nValid values are 'DELETE' (default) or 'ABANDON'. If 'DELETE',\nresource is deleted after removal from Deployment Manager. If\n'ABANDON', the resource is only removed from Deployment Manager\nand is not actually deleted. Note that updating this field does not\nactually change the deployment, just how it is updated. Default value: \"DELETE\" Possible values: [\"ABANDON\", \"DELETE\"]","description_kind":"plain","optional":true},"deployment_id":{"type":"string","description":"Unique identifier for deployment. Output only.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional user-provided description of deployment.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"manifest":{"type":"string","description":"Output only. URL of the manifest representing the last manifest that\nwas successfully deployed.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the deployment","description_kind":"plain","required":true},"preview":{"type":"bool","description":"If set to true, a deployment is created with \"shell\" resources\nthat are not actually instantiated. This allows you to preview a\ndeployment. It can be updated to false to actually deploy\nwith real resources.\n ~\u003e**NOTE:** Deployment Manager does not allow update\nof a deployment in preview (unless updating to preview=false). Thus,\nTerraform will force-recreate deployments if either preview is updated\nto true or if other fields are updated while preview is true.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Output only. Server defined URL for the resource.","description_kind":"plain","computed":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"key":{"type":"string","description":"Key for label.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value of label.","description_kind":"plain","optional":true}},"description":"Key-value pairs to apply to this labels.","description_kind":"plain"}},"target":{"nesting_mode":"list","block":{"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full YAML contents of your configuration file.","description_kind":"plain","required":true}},"description":"The root configuration file to use for this deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"imports":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The full contents of the template that you want to import.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the template to import, as declared in the YAML\nconfiguration.","description_kind":"plain","optional":true}},"description":"Specifies import files for this configuration. This can be\nused to import templates or other files. For example, you might\nimport a text file in order to use the file in a template.","description_kind":"plain"}}},"description":"Parameters that define your deployment, including the deployment\nconfiguration and relevant templates.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_agent":{"version":0,"block":{"attributes":{"api_version":{"type":"string","description":"API version displayed in Dialogflow console. If not specified, V2 API is assumed. Clients are free to query\ndifferent service endpoints for different API versions. However, bots connectors and webhook calls will follow\nthe specified API version.\n* API_VERSION_V1: Legacy V1 API.\n* API_VERSION_V2: V2 API.\n* API_VERSION_V2_BETA_1: V2beta1 API. Possible values: [\"API_VERSION_V1\", \"API_VERSION_V2\", \"API_VERSION_V2_BETA_1\"]","description_kind":"plain","optional":true,"computed":true},"avatar_uri":{"type":"string","description":"The URI of the agent's avatar, which are used throughout the Dialogflow console. When an image URL is entered\ninto this field, the Dialogflow will save the image in the backend. The address of the backend image returned\nfrom the API will be shown in the [avatarUriBackend] field.","description_kind":"plain","optional":true},"avatar_uri_backend":{"type":"string","description":"The URI of the agent's avatar as returned from the API. Output only. To provide an image URL for the agent avatar,\nthe [avatarUri] field can be used.","description_kind":"plain","computed":true},"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent,\nyou can tune the machine learning classification threshold. If the returned score value is less than the threshold\nvalue, then a fallback intent will be triggered or, if there are no fallback intents defined, no intent will be\ntriggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the\ndefault of 0.3 is used.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this agent.","description_kind":"plain","required":true},"enable_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_mode":{"type":"string","description":"Determines how intents are detected from user queries.\n* MATCH_MODE_HYBRID: Best for agents with a small number of examples in intents and/or wide use of templates\nsyntax and composite entities.\n* MATCH_MODE_ML_ONLY: Can be used for agents with a large number of examples in intents, especially the ones\nusing @sys.any or very large developer entities. Possible values: [\"MATCH_MODE_HYBRID\", \"MATCH_MODE_ML_ONLY\"]","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the defaultLanguageCode).","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The agent tier. If not specified, TIER_STANDARD is assumed.\n* TIER_STANDARD: Standard tier.\n* TIER_ENTERPRISE: Enterprise tier (Essentials).\n* TIER_ENTERPRISE_PLUS: Enterprise tier (Plus).\nNOTE: Due to consistency issues, the provider will not read this field from the API. Drift is possible between\nthe Terraform state and Dialogflow if the agent tier is changed outside of Terraform. Possible values: [\"TIER_STANDARD\", \"TIER_ENTERPRISE\", \"TIER_ENTERPRISE_PLUS\"]","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_agent":{"version":0,"block":{"attributes":{"avatar_uri":{"type":"string","description":"The URI of the agent's avatar. Avatars are used throughout the Dialogflow console and in the self-hosted Web Demo integration.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. [See Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language)\nfor a list of the currently supported language codes. This field cannot be updated after creation.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of this agent. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the agent, unique within the location.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The name of the location this agent is located in.\n\n~\u003e **Note:** The first time you are deploying an Agent in your project you must configure location settings.\n This is a one time step but at the moment you can only [configure location settings](https://cloud.google.com/dialogflow/cx/docs/concept/region#location-settings) via the Dialogflow CX console.\n Another options is to use global location so you don't need to manually configure location settings.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the agent.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"supported_language_codes":{"type":["list","string"],"description":"The list of all languages supported by this agent (except for the default_language_code).","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of this agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York,\nEurope/Paris.","description_kind":"plain","required":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this agent. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"git_integration_settings":{"nesting_mode":"list","block":{"block_types":{"github_settings":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"string","description":"The access token used to authenticate the access to the GitHub repository.","description_kind":"plain","optional":true,"sensitive":true},"branches":{"type":["list","string"],"description":"A list of branches configured to be used from Dialogflow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The unique repository display name for the GitHub repository.","description_kind":"plain","optional":true},"repository_uri":{"type":"string","description":"The GitHub repository URI related to the agent.","description_kind":"plain","optional":true},"tracking_branch":{"type":"string","description":"The branch of the GitHub repository tracked for this agent.","description_kind":"plain","optional":true}},"description":"Settings of integration with GitHub.","description_kind":"plain"},"max_items":1}},"description":"Git integration settings for this agent.","description_kind":"plain"},"max_items":1},"speech_to_text_settings":{"nesting_mode":"list","block":{"attributes":{"enable_speech_adaptation":{"type":"bool","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","optional":true}},"description":"Settings related to speech recognition.","description_kind":"plain"},"max_items":1},"text_to_speech_settings":{"nesting_mode":"list","block":{"attributes":{"synthesize_speech_configs":{"type":"string","description":"Configuration of how speech should be synthesized, mapping from [language](https://cloud.google.com/dialogflow/cx/docs/reference/language) to [SynthesizeSpeechConfig](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents#synthesizespeechconfig).\nThese settings affect:\n* The phone gateway synthesize configuration set via Agent.text_to_speech_settings.\n* How speech is synthesized when invoking session APIs. 'Agent.text_to_speech_settings' only applies if 'OutputAudioConfig.synthesize_speech_config' is not specified.","description_kind":"plain","optional":true}},"description":"Settings related to speech synthesizing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_entity_type":{"version":0,"block":{"attributes":{"auto_expansion_mode":{"type":"string","description":"Represents kinds of entities.\n* AUTO_EXPANSION_MODE_UNSPECIFIED: Auto expansion disabled for the entity.\n* AUTO_EXPANSION_MODE_DEFAULT: Allows an agent to recognize values that have not been explicitly listed in the entity. Possible values: [\"AUTO_EXPANSION_MODE_DEFAULT\", \"AUTO_EXPANSION_MODE_UNSPECIFIED\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the entity type, unique within the agent.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates whether the entity type can be automatically expanded.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a canonical value.\n* KIND_LIST: List entity types contain a set of entries that do not map to canonical values. However, list entity types can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"language_code":{"type":"string","description":"The language of the following fields in entityType:\nEntityType.entities.value\nEntityType.entities.synonyms\nEntityType.excluded_phrases.value\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a entity type for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether parameters of the entity type should be redacted in log. If redaction is enabled, page parameters and intent parameters referring to the entity type will be replaced by parameter name when logging.","description_kind":"plain","optional":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym could be green onions.\nFor KIND_LIST entity types: This collection must contain exactly one synonym equal to value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value could be scallions.\nFor KIND_MAP entity types: A canonical value to be used in place of synonyms.\nFor KIND_LIST entity types: A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","optional":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"},"min_items":1},"excluded_phrases":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"string","description":"The word or phrase to be excluded.","description_kind":"plain","optional":true}},"description":"Collection of exceptional words and phrases that shouldn't be matched. For example, if you have a size entity type with entry giant(an adjective), you might consider adding giants(a noun) as an exclusion.\nIf the kind of entity type is KIND_MAP, then the phrases specified by entities and excluded phrases should be mutually exclusive.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_environment":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The human-readable description of the environment. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the environment (unique in an agent). Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the environment.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Agent to create an Environment for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Update time of this environment. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_configs":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Format: projects/{{project}}/locations/{{location}}/agents/{{agent}}/flows/{{flow}}/versions/{{version}}.","description_kind":"plain","required":true}},"description":"A list of configurations for flow versions. You should include version configs for all flows that are reachable from [Start Flow][Agent.start_flow] in the agent. Otherwise, an error will be returned.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_dialogflow_cx_flow":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the flow. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the flow.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_start_flow":{"type":"bool","description":"Marks this as the [Default Start Flow](https://cloud.google.com/dialogflow/cx/docs/concept/flow#start) for an agent. When you create an agent, the Default Start Flow is created automatically.\nThe Default Start Flow cannot be deleted; deleting the 'google_dialogflow_cx_flow' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_flow' resources linked to the same agent with 'is_default_start_flow = true' because they will compete to control a single Default Start Flow resource in GCP.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in flow:\nFlow.event_handlers.trigger_fulfillment.messages\nFlow.event_handlers.trigger_fulfillment.conditional_cases\nFlow.transition_routes.trigger_fulfillment.messages\nFlow.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the flow.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a flow for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"A flow's transition route group serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition route groups][Page.transition_route_groups]. Transition route groups defined in the page have higher priority than those defined in the flow.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"audio_export_gcs_destination":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"The Google Cloud Storage URI for the exported objects. Whether a full object name, or just a prefix, its usage depends on the Dialogflow operation.\nFormat: gs://bucket/object-name-or-prefix","description_kind":"plain","optional":true}},"description":"If present, incoming audio is exported by Dialogflow to the configured Google Cloud Storage destination. Exposed at the following levels:\n* Agent level\n* Flow level","description_kind":"plain"},"max_items":1},"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this flow. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"A flow's event handlers serve two purposes:\nThey are responsible for handling events (e.g. no match, webhook errors) in the flow.\nThey are inherited by every page's [event handlers][Page.event_handlers], which can be used to handle common events regardless of the current page. Event handlers defined in the page have higher priority than those defined in the flow.\nUnlike transitionRoutes, these handlers are evaluated on a first-match basis. The first one that matches the event get executed, with the rest being ignored.","description_kind":"plain"}},"nlu_settings":{"nesting_mode":"list","block":{"attributes":{"classification_threshold":{"type":"number","description":"To filter out false positive results and still get variety in matched natural language inputs for your agent, you can tune the machine learning classification threshold.\nIf the returned score value is less than the threshold value, then a no-match event will be triggered. The score values range from 0.0 (completely uncertain) to 1.0 (completely certain). If set to 0.0, the default of 0.3 is used.","description_kind":"plain","optional":true},"model_training_mode":{"type":"string","description":"Indicates NLU model training mode.\n* MODEL_TRAINING_MODE_AUTOMATIC: NLU model training is automatically triggered when a flow gets modified. User can also manually trigger model training in this mode.\n* MODEL_TRAINING_MODE_MANUAL: User needs to manually trigger NLU model training. Best for large flows whose models take long time to train. Possible values: [\"MODEL_TRAINING_MODE_AUTOMATIC\", \"MODEL_TRAINING_MODE_MANUAL\"]","description_kind":"plain","optional":true},"model_type":{"type":"string","description":"Indicates the type of NLU model.\n* MODEL_TYPE_STANDARD: Use standard NLU model.\n* MODEL_TYPE_ADVANCED: Use advanced NLU model. Possible values: [\"MODEL_TYPE_STANDARD\", \"MODEL_TYPE_ADVANCED\"]","description_kind":"plain","optional":true}},"description":"NLU related settings of the flow.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A flow's transition routes serve two purposes:\nThey are responsible for matching the user's first utterances in the flow.\nThey are inherited by every page's [transition routes][Page.transition_routes] and can support use cases such as the user saying \"help\" or \"can I talk to a human?\", which can be handled in a common way regardless of the current page. Transition routes defined in the page have higher priority than those defined in the flow.\n\nTransitionRoutes are evalauted in the following order:\n TransitionRoutes with intent specified.\n TransitionRoutes with only condition specified.\n TransitionRoutes with intent specified are inherited by pages in the flow.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_intent":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Human readable description for better understanding an intent like its scope, content, result etc. Maximum character limit: 140 characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_default_negative_intent":{"type":"bool","description":"Marks this as the [Default Negative Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#negative) for an agent. When you create an agent, a Default Negative Intent is created automatically.\nThe Default Negative Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_negative_intent = true' because they will compete to control a single Default Negative Intent resource in GCP.","description_kind":"plain","optional":true},"is_default_welcome_intent":{"type":"bool","description":"Marks this as the [Default Welcome Intent](https://cloud.google.com/dialogflow/cx/docs/concept/intent#welcome) for an agent. When you create an agent, a Default Welcome Intent is created automatically.\nThe Default Welcome Intent cannot be deleted; deleting the 'google_dialogflow_cx_intent' resource does nothing to the underlying GCP resources.\n\n~\u003e Avoid having multiple 'google_dialogflow_cx_intent' resources linked to the same agent with 'is_default_welcome_intent = true' because they will compete to control a single Default Welcome Intent resource in GCP.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent. Currently only default fallback intent is allowed in the agent, which is added upon agent creation.\nAdding training phrases to fallback intent is useful in the case of requests that are mistakenly matched, since training phrases assigned to fallback intents act as negative examples that triggers no-match event.\nTo manage the fallback intent, set 'is_default_negative_intent = true'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The key/value metadata to label an intent. Labels can contain lowercase letters, digits and the symbols '-' and '_'. International characters are allowed, including letters from unicase alphabets. Keys must start with a letter. Keys and values can be no longer than 63 characters and no more than 128 bytes.\nPrefix \"sys-\" is reserved for Dialogflow defined labels. Currently allowed Dialogflow defined labels include: * sys-head * sys-contextual The above labels do not require value. \"sys-head\" means the intent is a head intent. \"sys.contextual\" means the intent is a contextual intent.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"language_code":{"type":"string","description":"The language of the following fields in intent:\nIntent.training_phrases.parts.text\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create an intent for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\nIf the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds to the Normal priority in the console.\nIf the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","required":true},"id":{"type":"string","description":"The unique identifier of the parameter. This field is used by training phrases to annotate their parts.","description_kind":"plain","required":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log. If redaction is enabled, the parameter content will be replaced by parameter name during logging.\nNote: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true}},"description":"The collection of parameters associated with the intent.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"training_phrases":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The unique identifier of the training phrase.","description_kind":"plain","computed":true},"repeat_count":{"type":"number","description":"Indicates how many times this example was added to the intent.","description_kind":"plain","optional":true}},"block_types":{"parts":{"nesting_mode":"list","block":{"attributes":{"parameter_id":{"type":"string","description":"The parameter used to annotate this part of the training phrase. This field is required for annotated parts of the training phrase.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The text for this part.","description_kind":"plain","required":true}},"description":"The ordered list of training phrase parts. The parts are concatenated in order to form the training phrase.\nNote: The API does not automatically annotate training phrases like the Dialogflow Console does.\nNote: Do not forget to include whitespace at part boundaries, so the training phrase is well formatted when the parts are concatenated.\nIf the training phrase does not need to be annotated with parameters, you just need a single part with only the Part.text field set.\nIf you want to annotate the training phrase, you must create multiple parts, where the fields of each part are populated in one of two ways:\nPart.text is set to a part of the phrase that has no parameters.\nPart.text is set to a part of the phrase that you want to annotate, and the parameterId field is set.","description_kind":"plain"},"min_items":1}},"description":"The collection of training phrases the agent is trained on to identify the intent.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_page":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the agent.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_code":{"type":"string","description":"The language of the following fields in page:\n\nPage.entry_fulfillment.messages\nPage.entry_fulfillment.conditional_cases\nPage.event_handlers.trigger_fulfillment.messages\nPage.event_handlers.trigger_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.messages\nPage.form.parameters.fill_behavior.initial_prompt_fulfillment.conditional_cases\nPage.form.parameters.fill_behavior.reprompt_event_handlers.messages\nPage.form.parameters.fill_behavior.reprompt_event_handlers.conditional_cases\nPage.transition_routes.trigger_fulfillment.messages\nPage.transition_routes.trigger_fulfillment.conditional_cases\nIf not specified, the agent's default language is used. Many languages are supported. Note: languages must be enabled in the agent before they can be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The flow to create a page for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"transition_route_groups":{"type":["list","string"],"description":"Ordered list of TransitionRouteGroups associated with the page. Transition route groups must be unique within a page.\nIf multiple transition routes within a page scope refer to the same intent, then the precedence order is: page's transition route -\u003e page's transition route group -\u003e flow's transition routes.\nIf multiple transition route groups within a page contain the same intent, then the first group in the ordered list takes precedence.\nFormat:projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/transitionRouteGroups/\u003cTransitionRouteGroup ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this page. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"entry_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the session is entering the page.","description_kind":"plain"},"max_items":1},"event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"Handlers associated with the page to handle events such as webhook errors, no match or no input.","description_kind":"plain"}},"form":{"nesting_mode":"list","block":{"block_types":{"parameters":{"nesting_mode":"list","block":{"attributes":{"default_value":{"type":"string","description":"The default value of an optional parameter. If the parameter is required, the default value will be ignored.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the parameter, unique within the form.","description_kind":"plain","optional":true},"entity_type":{"type":"string","description":"The entity type of the parameter.\nFormat: projects/-/locations/-/agents/-/entityTypes/\u003cSystem Entity Type ID\u003e for system entity types (for example, projects/-/locations/-/agents/-/entityTypes/sys.date), or projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/entityTypes/\u003cEntity Type ID\u003e for developer entity types.","description_kind":"plain","optional":true},"is_list":{"type":"bool","description":"Indicates whether the parameter represents a list of values.","description_kind":"plain","optional":true},"redact":{"type":"bool","description":"Indicates whether the parameter content should be redacted in log.\nIf redaction is enabled, the parameter content will be replaced by parameter name during logging. Note: the parameter content is subject to redaction if either parameter level redaction or entity type level redaction is enabled.","description_kind":"plain","optional":true},"required":{"type":"bool","description":"Indicates whether the parameter is required. Optional parameters will not trigger prompts; however, they are filled if the user specifies them.\nRequired parameters must be filled before form filling concludes.","description_kind":"plain","optional":true}},"block_types":{"advanced_settings":{"nesting_mode":"list","block":{"block_types":{"dtmf_settings":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"If true, incoming audio is processed for DTMF (dual tone multi frequency) events. For example, if the caller presses a button on their telephone keypad and DTMF processing is enabled, Dialogflow will detect the event (e.g. a \"3\" was pressed) in the incoming audio and pass the event to the bot to drive business logic (e.g. when 3 is pressed, return the account balance).","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The digit that terminates a DTMF digit sequence.","description_kind":"plain","optional":true},"max_digits":{"type":"number","description":"Max length of DTMF digits.","description_kind":"plain","optional":true}},"description":"Define behaviors for DTMF (dual tone multi frequency). DTMF settings does not override each other. DTMF settings set at different levels define DTMF detections running in parallel. Exposed at the following levels:\n* Agent level\n* Flow level\n* Page level\n* Parameter level","description_kind":"plain"},"max_items":1}},"description":"Hierarchical advanced settings for this parameter. The settings exposed at the lower level overrides the settings exposed at the higher level.\nHierarchy: Agent-\u003eFlow-\u003ePage-\u003eFulfillment/Parameter.","description_kind":"plain"},"max_items":1},"fill_behavior":{"nesting_mode":"list","block":{"block_types":{"initial_prompt_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to provide the initial prompt that the agent can present to the user in order to fill the parameter.","description_kind":"plain"},"max_items":1},"reprompt_event_handlers":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"The name of the event to handle.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this event handler.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the event occurs. Handling webhook errors with a fulfillment enabled with webhook could cause infinite loop. It is invalid to specify such fulfillment for a handler handling webhooks.","description_kind":"plain"},"max_items":1}},"description":"The handlers for parameter-level events, used to provide reprompt for the parameter or transition to a different page/flow. The supported events are:\n* sys.no-match-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-match-default\n* sys.no-input-\u003cN\u003e, where N can be from 1 to 6\n* sys.no-input-default\n* sys.invalid-parameter\n[initialPromptFulfillment][initialPromptFulfillment] provides the first prompt for the parameter.\nIf the user's response does not fill the parameter, a no-match/no-input event will be triggered, and the fulfillment associated with the sys.no-match-1/sys.no-input-1 handler (if defined) will be called to provide a prompt. The sys.no-match-2/sys.no-input-2 handler (if defined) will respond to the next no-match/no-input event, and so on.\nA sys.no-match-default or sys.no-input-default handler will be used to handle all following no-match/no-input events after all numbered no-match/no-input handlers for the parameter are consumed.\nA sys.invalid-parameter handler can be defined to handle the case where the parameter values have been invalidated by webhook. For example, if the user's response fill the parameter, however the parameter was invalidated by webhook, the fulfillment associated with the sys.invalid-parameter handler (if defined) will be called to provide a prompt.\nIf the event handler for the corresponding event can't be found on the parameter, initialPromptFulfillment will be re-prompted.","description_kind":"plain"}}},"description":"Defines fill behavior for the parameter.","description_kind":"plain"},"max_items":1}},"description":"Parameters to collect from the user.","description_kind":"plain"}}},"description":"The form associated with the page, used for collecting parameters relevant to the page.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transition_routes":{"nesting_mode":"list","block":{"attributes":{"condition":{"type":"string","description":"The condition to evaluate against form parameters or session parameters.\nAt least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"intent":{"type":"string","description":"The unique identifier of an Intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e. Indicates that the transition can only happen when the given intent is matched. At least one of intent or condition must be specified. When both intent and condition are specified, the transition can only happen when both are fulfilled.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of this transition route.","description_kind":"plain","computed":true},"target_flow":{"type":"string","description":"The target flow to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"target_page":{"type":"string","description":"The target page to transition to.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"trigger_fulfillment":{"nesting_mode":"list","block":{"attributes":{"return_partial_responses":{"type":"bool","description":"Whether Dialogflow should return currently queued fulfillment response messages in streaming APIs. If a webhook is specified, it happens before Dialogflow invokes webhook. Warning: 1) This flag only affects streaming API. Responses are still queued and returned once in non-streaming API. 2) The flag can be enabled in any fulfillment but only the first 3 partial responses will be returned. You may only want to apply it to fulfillments that have slow webhooks.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The tag used by the webhook to identify which fulfillment is being called. This field is required if webhook is specified.","description_kind":"plain","optional":true},"webhook":{"type":"string","description":"The webhook to call. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","optional":true}},"block_types":{"conditional_cases":{"nesting_mode":"list","block":{"attributes":{"cases":{"type":"string","description":"A JSON encoded list of cascading if-else conditions. Cases are mutually exclusive. The first one with a matching condition is selected, all the rest ignored.\nSee [Case](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/Fulfillment#case) for the schema.","description_kind":"plain","optional":true}},"description":"Conditional cases for this fulfillment.","description_kind":"plain"}},"messages":{"nesting_mode":"list","block":{"attributes":{"channel":{"type":"string","description":"The channel which the response is associated with. Clients can specify the channel via QueryParameters.channel, and only associated channel response will be returned.","description_kind":"plain","optional":true},"payload":{"type":"string","description":"A custom, platform-specific payload.","description_kind":"plain","optional":true}},"block_types":{"conversation_success":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation succeeded, i.e., the bot handled the issue that the customer talked to it about.\nDialogflow only uses this to determine which conversations should be counted as successful and doesn't process the metadata in this message in any way. Note that Dialogflow also considers conversations that get to the conversation end page as successful even if they don't return ConversationSuccess.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates that the conversation succeeded.\n* In a webhook response when you determine that you handled the customer issue.","description_kind":"plain"},"max_items":1},"live_agent_handoff":{"nesting_mode":"list","block":{"attributes":{"metadata":{"type":"string","description":"Custom metadata. Dialogflow doesn't impose any structure on this.","description_kind":"plain","optional":true}},"description":"Indicates that the conversation should be handed off to a live agent.\nDialogflow only uses this to determine which conversations were handed off to a human agent for measurement purposes. What else to do with this signal is up to you and your handoff procedures.\nYou may set this, for example:\n* In the entryFulfillment of a Page if entering the page indicates something went extremely wrong in the conversation.\n* In a webhook response when you determine that the customer issue can only be handled by a human.","description_kind":"plain"},"max_items":1},"output_audio_text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"ssml":{"type":"string","description":"The SSML text to be synthesized. For more information, see SSML.","description_kind":"plain","optional":true},"text":{"type":"string","description":"The raw text to be synthesized.","description_kind":"plain","optional":true}},"description":"A text or ssml response that is preferentially used for TTS output audio synthesis, as described in the comment on the ResponseMessage message.","description_kind":"plain"},"max_items":1},"play_audio":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"audio_uri":{"type":"string","description":"URI of the audio clip. Dialogflow does not impose any validation on this value. It is specific to the client that reads it.","description_kind":"plain","required":true}},"description":"Specifies an audio clip to be played by the client as part of the response.","description_kind":"plain"},"max_items":1},"telephony_transfer_call":{"nesting_mode":"list","block":{"attributes":{"phone_number":{"type":"string","description":"Transfer the call to a phone number in E.164 format.","description_kind":"plain","required":true}},"description":"Represents the signal that telles the client to transfer the phone call connected to the agent to a third-party endpoint.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"allow_playback_interruption":{"type":"bool","description":"Whether the playback of this message can be interrupted by the end user's speech and the client can then starts the next Dialogflow request.","description_kind":"plain","computed":true},"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text response message.","description_kind":"plain"},"max_items":1}},"description":"The list of rich message responses to present to the user.","description_kind":"plain"}},"set_parameter_actions":{"nesting_mode":"list","block":{"attributes":{"parameter":{"type":"string","description":"Display name of the parameter.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The new JSON-encoded value of the parameter. A null value clears the parameter.","description_kind":"plain","optional":true}},"description":"Set parameter values before executing the webhook.","description_kind":"plain"}}},"description":"The fulfillment to call when the condition is satisfied. At least one of triggerFulfillment and target must be specified. When both are defined, triggerFulfillment is executed first.","description_kind":"plain"},"max_items":1}},"description":"A list of transitions for the transition rules of this page. They route the conversation to another page in the same flow, or another flow.\nWhen we are in a certain page, the TransitionRoutes are evalauted in the following order:\nTransitionRoutes defined in the page with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in flow with intent specified.\nTransitionRoutes defined in the transition route groups with intent specified.\nTransitionRoutes defined in the page with only condition specified.\nTransitionRoutes defined in the transition route groups with only condition specified.","description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_security_settings":{"version":0,"block":{"attributes":{"deidentify_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) deidentify template name. Use this template to define de-identification configuration for the content. If empty, Dialogflow replaces sensitive info with [redacted] text.\nNote: deidentifyTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/deidentifyTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the security settings, unique within the location.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"inspect_template":{"type":"string","description":"[DLP](https://cloud.google.com/dlp/docs) inspect template name. Use this template to define inspect base settings. If empty, we use the default DLP inspect config.\nNote: inspectTemplate must be located in the same region as the SecuritySettings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e OR organizations/\u003cOrganization ID\u003e/locations/\u003cLocation ID\u003e/inspectTemplates/\u003cTemplate ID\u003e","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location these settings are located in. Settings can only be applied to an agent in the same location.\nSee [Available Regions](https://cloud.google.com/dialogflow/cx/docs/concept/region#avail) for a list of supported locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the settings.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purge_data_types":{"type":["list","string"],"description":"List of types of data to remove when retention settings triggers purge. Possible values: [\"DIALOGFLOW_HISTORY\"]","description_kind":"plain","optional":true},"redaction_scope":{"type":"string","description":"Defines what types of data to redact. If not set, defaults to not redacting any kind of data.\n* REDACT_DISK_STORAGE: On data to be written to disk or similar devices that are capable of holding data even if power is disconnected. This includes data that are temporarily saved on disk. Possible values: [\"REDACT_DISK_STORAGE\"]","description_kind":"plain","optional":true},"redaction_strategy":{"type":"string","description":"Defines how we redact data. If not set, defaults to not redacting.\n* REDACT_WITH_SERVICE: Call redaction service to clean up the data to be persisted. Possible values: [\"REDACT_WITH_SERVICE\"]","description_kind":"plain","optional":true},"retention_strategy":{"type":"string","description":"Defines how long we retain persisted data that contains sensitive info. Only one of 'retention_window_days' and 'retention_strategy' may be set.\n* REMOVE_AFTER_CONVERSATION: Removes data when the conversation ends. If there is no conversation explicitly established, a default conversation ends when the corresponding Dialogflow session ends. Possible values: [\"REMOVE_AFTER_CONVERSATION\"]","description_kind":"plain","optional":true},"retention_window_days":{"type":"number","description":"Retains the data for the specified number of days. User must set a value lower than Dialogflow's default 365d TTL (30 days for Agent Assist traffic), higher value will be ignored and use default. Setting a value higher than that has no effect. A missing value or setting to 0 also means we use default TTL.\nOnly one of 'retention_window_days' and 'retention_strategy' may be set.","description_kind":"plain","optional":true}},"block_types":{"audio_export_settings":{"nesting_mode":"list","block":{"attributes":{"audio_export_pattern":{"type":"string","description":"Filename pattern for exported audio.","description_kind":"plain","optional":true},"audio_format":{"type":"string","description":"File format for exported audio file. Currently only in telephony recordings.\n* MULAW: G.711 mu-law PCM with 8kHz sample rate.\n* MP3: MP3 file format.\n* OGG: OGG Vorbis. Possible values: [\"MULAW\", \"MP3\", \"OGG\"]","description_kind":"plain","optional":true},"enable_audio_redaction":{"type":"bool","description":"Enable audio redaction if it is true.","description_kind":"plain","optional":true},"gcs_bucket":{"type":"string","description":"Cloud Storage bucket to export audio record to. Setting this field would grant the Storage Object Creator role to the Dialogflow Service Agent. API caller that tries to modify this field should have the permission of storage.buckets.setIamPolicy.","description_kind":"plain","optional":true}},"description":"Controls audio export settings for post-conversation analytics when ingesting audio to conversations.\nIf retention_strategy is set to REMOVE_AFTER_CONVERSATION or gcs_bucket is empty, audio export is disabled.\nIf audio export is enabled, audio is recorded and saved to gcs_bucket, subject to retention policy of gcs_bucket.\nThis setting won't effect audio input for implicit sessions via [Sessions.DetectIntent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.sessions/detectIntent#google.cloud.dialogflow.cx.v3.Sessions.DetectIntent).","description_kind":"plain"},"max_items":1},"insights_export_settings":{"nesting_mode":"list","block":{"attributes":{"enable_insights_export":{"type":"bool","description":"If enabled, we will automatically exports conversations to Insights and Insights runs its analyzers.","description_kind":"plain","required":true}},"description":"Controls conversation exporting settings to Insights after conversation is completed.\nIf retentionStrategy is set to REMOVE_AFTER_CONVERSATION, Insights export is disabled no matter what you configure here.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_test_case":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the test was created. A timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The human-readable name of the test case, unique within the agent. Limit of 200 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_test_result":{"type":["list",["object",{"conversation_turns":["list",["object",{"user_input":["list",["object",{"enable_sentiment_analysis":"bool","injected_parameters":"string","input":["list",["object",{"dtmf":["list",["object",{"digits":"string","finish_digit":"string"}]],"event":["list",["object",{"event":"string"}]],"language_code":"string","text":["list",["object",{"text":"string"}]]}]],"is_webhook_enabled":"bool"}]],"virtual_agent_output":["list",["object",{"current_page":["list",["object",{"display_name":"string","name":"string"}]],"differences":["list",["object",{"description":"string","type":"string"}]],"session_parameters":"string","status":["list",["object",{"code":"number","details":"string","message":"string"}]],"text_responses":["list",["object",{"text":["list","string"]}]],"triggered_intent":["list",["object",{"display_name":"string","name":"string"}]]}]]}]],"environment":"string","name":"string","test_result":"string","test_time":"string"}]],"description":"The latest test result.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the test case.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/testCases/\u003cTestCase ID\u003e.","description_kind":"plain","computed":true},"notes":{"type":"string","description":"Additional freeform notes about the test case. Limit of 400 characters.","description_kind":"plain","optional":true},"parent":{"type":"string","description":"The agent to create the test case for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"Tags are short descriptions that users may apply to test cases for organizational and filtering purposes.\nEach tag should start with \"#\" and has a limit of 30 characters","description_kind":"plain","optional":true}},"block_types":{"test_case_conversation_turns":{"nesting_mode":"list","block":{"block_types":{"user_input":{"nesting_mode":"list","block":{"attributes":{"enable_sentiment_analysis":{"type":"bool","description":"Whether sentiment analysis is enabled.","description_kind":"plain","optional":true},"injected_parameters":{"type":"string","description":"Parameters that need to be injected into the conversation during intent detection.","description_kind":"plain","optional":true},"is_webhook_enabled":{"type":"bool","description":"If webhooks should be allowed to trigger in response to the user utterance. Often if parameters are injected, webhooks should not be enabled.","description_kind":"plain","optional":true}},"block_types":{"input":{"nesting_mode":"list","block":{"attributes":{"language_code":{"type":"string","description":"The language of the input. See [Language Support](https://cloud.google.com/dialogflow/cx/docs/reference/language) for a list of the currently supported language codes.\nNote that queries in the same session do not necessarily need to specify the same language.","description_kind":"plain","optional":true}},"block_types":{"dtmf":{"nesting_mode":"list","block":{"attributes":{"digits":{"type":"string","description":"The dtmf digits.","description_kind":"plain","optional":true},"finish_digit":{"type":"string","description":"The finish digit (if any).","description_kind":"plain","optional":true}},"description":"The DTMF event to be handled.","description_kind":"plain"},"max_items":1},"event":{"nesting_mode":"list","block":{"attributes":{"event":{"type":"string","description":"Name of the event.","description_kind":"plain","required":true}},"description":"The event to be triggered.","description_kind":"plain"},"max_items":1},"text":{"nesting_mode":"list","block":{"attributes":{"text":{"type":"string","description":"The natural language text to be processed. Text length must not exceed 256 characters.","description_kind":"plain","required":true}},"description":"The natural language text to be processed.","description_kind":"plain"},"max_items":1}},"description":"User input. Supports text input, event input, dtmf input in the test case.","description_kind":"plain"},"max_items":1}},"description":"The user input.","description_kind":"plain"},"max_items":1},"virtual_agent_output":{"nesting_mode":"list","block":{"attributes":{"session_parameters":{"type":"string","description":"The session parameters available to the bot at this point.","description_kind":"plain","optional":true}},"block_types":{"current_page":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the page, unique within the flow.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the page.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Page](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.flows.pages#Page) on which the utterance was spoken.","description_kind":"plain"},"max_items":1},"text_responses":{"nesting_mode":"list","block":{"attributes":{"text":{"type":["list","string"],"description":"A collection of text responses.","description_kind":"plain","optional":true}},"description":"The text responses from the agent for the turn.","description_kind":"plain"}},"triggered_intent":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the intent, unique within the agent.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The unique identifier of the intent.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true}},"description":"The [Intent](https://cloud.google.com/dialogflow/cx/docs/reference/rest/v3/projects.locations.agents.intents#Intent) that triggered the response.","description_kind":"plain"},"max_items":1}},"description":"The virtual agent output.","description_kind":"plain"},"max_items":1}},"description":"The conversation turns uttered when the test case was created, in chronological order. These include the canonical set of agent utterances that should occur when the agent is working properly.","description_kind":"plain"}},"test_config":{"nesting_mode":"list","block":{"attributes":{"flow":{"type":"string","description":"Flow name to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"page":{"type":"string","description":"The page to start the test case with.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e/pages/\u003cPage ID\u003e.\nOnly one of flow and page should be set to indicate the starting point of the test case. If neither is set, the test case will start with start page on the default start flow.","description_kind":"plain","optional":true},"tracking_parameters":{"type":["list","string"],"description":"Session parameters to be compared when calculating differences.","description_kind":"plain","optional":true}},"description":"Config for the test case.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the version. The maximum length is 500 characters. If exceeded, the request is rejected.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the version. Limit of 64 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: projects//locations//agents//flows//versions/. Version ID is a self-increasing number generated by Dialogflow upon version creation.","description_kind":"plain","computed":true},"nlu_settings":{"type":["list",["object",{"classification_threshold":"number","model_training_mode":"string","model_type":"string"}]],"description":"The NLU settings of the flow at version creation.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The Flow to create an Version for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of this version.\n* RUNNING: Version is not ready to serve (e.g. training is running).\n* SUCCEEDED: Training has succeeded and this version is ready to serve.\n* FAILED: Version training failed.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_cx_webhook":{"version":0,"block":{"attributes":{"disabled":{"type":"bool","description":"Indicates whether the webhook is disabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The human-readable name of the webhook, unique within the agent.","description_kind":"plain","required":true},"enable_spell_correction":{"type":"bool","description":"Indicates if automatic spell correction is enabled in detect intent requests.","description_kind":"plain","optional":true},"enable_stackdriver_logging":{"type":"bool","description":"Determines whether this agent should log conversation queries.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the webhook.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/webhooks/\u003cWebhook ID\u003e.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The agent to create a webhook for.\nFormat: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e.","description_kind":"plain","optional":true},"security_settings":{"type":"string","description":"Name of the SecuritySettings reference for the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/securitySettings/\u003cSecurity Settings ID\u003e.","description_kind":"plain","optional":true},"start_flow":{"type":"string","description":"Name of the start flow in this agent. A start flow will be automatically created when the agent is created, and can only be deleted by deleting the agent. Format: projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agents/\u003cAgent ID\u003e/flows/\u003cFlow ID\u003e.","description_kind":"plain","computed":true},"timeout":{"type":"string","description":"Webhook execution timeout.","description_kind":"plain","optional":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"Configuration for a generic web service.","description_kind":"plain"},"max_items":1},"service_directory":{"nesting_mode":"list","block":{"attributes":{"service":{"type":"string","description":"The name of Service Directory service.","description_kind":"plain","required":true}},"block_types":{"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"allowed_ca_certs":{"type":["list","string"],"description":"Specifies a list of allowed custom CA certificates (in DER format) for HTTPS verification.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with webhook requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Whether to use speech adaptation for speech recognition.","description_kind":"plain","required":true}},"description":"The name of Service Directory service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration for a Service Directory service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_entity_type":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The name of this entity type to be displayed on the console.","description_kind":"plain","required":true},"enable_fuzzy_extraction":{"type":"bool","description":"Enables fuzzy entity extraction during classification.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Indicates the kind of entity type.\n* KIND_MAP: Map entity types allow mapping of a group of synonyms to a reference value.\n* KIND_LIST: List entity types contain a set of entries that do not map to reference values. However, list entity\ntypes can contain references to other entity types (with or without aliases).\n* KIND_REGEXP: Regexp entity types allow to specify regular expressions in entries values. Possible values: [\"KIND_MAP\", \"KIND_LIST\", \"KIND_REGEXP\"]","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the entity type.\nFormat: projects/\u003cProject ID\u003e/agent/entityTypes/\u003cEntity type ID\u003e.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"entities":{"nesting_mode":"list","block":{"attributes":{"synonyms":{"type":["list","string"],"description":"A collection of value synonyms. For example, if the entity type is vegetable, and value is scallions, a synonym\ncould be green onions.\nFor KIND_LIST entity types:\n* This collection must contain exactly one synonym equal to value.","description_kind":"plain","required":true},"value":{"type":"string","description":"The primary value associated with this entity entry. For example, if the entity type is vegetable, the value\ncould be scallions.\nFor KIND_MAP entity types:\n* A reference value to be used in place of synonyms.\nFor KIND_LIST entity types:\n* A string that can contain references to other entity types (with or without aliases).","description_kind":"plain","required":true}},"description":"The collection of entity entries associated with the entity type.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_fulfillment":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The human-readable name of the fulfillment, unique within the agent.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether fulfillment is enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of the fulfillment.\nFormat: projects/\u003cProject ID\u003e/agent/fulfillment - projects/\u003cProject ID\u003e/locations/\u003cLocation ID\u003e/agent/fulfillment","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"features":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of the feature that enabled for fulfillment.\n* SMALLTALK: Fulfillment is enabled for SmallTalk. Possible values: [\"SMALLTALK\"]","description_kind":"plain","required":true}},"description":"The field defines whether the fulfillment is enabled for certain features.","description_kind":"plain"}},"generic_web_service":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password for HTTP Basic authentication.","description_kind":"plain","optional":true},"request_headers":{"type":["map","string"],"description":"The HTTP request headers to send together with fulfillment requests.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The fulfillment URI for receiving POST requests. It must use https protocol.","description_kind":"plain","required":true},"username":{"type":"string","description":"The user name for HTTP Basic authentication.","description_kind":"plain","optional":true}},"description":"Represents configuration for a generic web service. Dialogflow supports two mechanisms for authentications: - Basic authentication with username and password. - Authentication with additional authentication headers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dialogflow_intent":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The name of the action associated with the intent.\nNote: The action name must not contain whitespaces.","description_kind":"plain","optional":true,"computed":true},"default_response_platforms":{"type":["list","string"],"description":"The list of platforms for which the first responses will be copied from the messages in PLATFORM_UNSPECIFIED\n(i.e. default platform). Possible values: [\"FACEBOOK\", \"SLACK\", \"TELEGRAM\", \"KIK\", \"SKYPE\", \"LINE\", \"VIBER\", \"ACTIONS_ON_GOOGLE\", \"GOOGLE_HANGOUTS\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of this intent to be displayed on the console.","description_kind":"plain","required":true},"events":{"type":["list","string"],"description":"The collection of event names that trigger the intent. If the collection of input contexts is not empty, all of\nthe contexts must be present in the active user session for an event to trigger this intent. See the\n[events reference](https://cloud.google.com/dialogflow/docs/events-overview) for more details.","description_kind":"plain","optional":true},"followup_intent_info":{"type":["list",["object",{"followup_intent_name":"string","parent_followup_intent_name":"string"}]],"description":"Information about all followup intents that have this intent as a direct or indirect parent. We populate this field\nonly in the output.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"input_context_names":{"type":["list","string"],"description":"The list of context names required for this intent to be triggered.\nFormat: projects/\u003cProject ID\u003e/agent/sessions/-/contexts/\u003cContext ID\u003e.","description_kind":"plain","optional":true},"is_fallback":{"type":"bool","description":"Indicates whether this is a fallback intent.","description_kind":"plain","optional":true,"computed":true},"ml_disabled":{"type":"bool","description":"Indicates whether Machine Learning is disabled for the intent.\nNote: If mlDisabled setting is set to true, then this intent is not taken into account during inference in ML\nONLY match mode. Also, auto-markup in the UI is turned off.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique identifier of this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"parent_followup_intent_name":{"type":"string","description":"The unique identifier of the parent intent in the chain of followup intents.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","optional":true,"computed":true},"priority":{"type":"number","description":"The priority of this intent. Higher numbers represent higher priorities.\n - If the supplied value is unspecified or 0, the service translates the value to 500,000, which corresponds\n to the Normal priority in the console.\n - If the supplied value is negative, the intent is ignored in runtime detect intent requests.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reset_contexts":{"type":"bool","description":"Indicates whether to delete all contexts in the current session when this intent is matched.","description_kind":"plain","optional":true,"computed":true},"root_followup_intent_name":{"type":"string","description":"The unique identifier of the root intent in the chain of followup intents. It identifies the correct followup\nintents chain for this intent.\nFormat: projects/\u003cProject ID\u003e/agent/intents/\u003cIntent ID\u003e.","description_kind":"plain","computed":true},"webhook_state":{"type":"string","description":"Indicates whether webhooks are enabled for the intent.\n* WEBHOOK_STATE_ENABLED: Webhook is enabled in the agent and in the intent.\n* WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING: Webhook is enabled in the agent and in the intent. Also, each slot\nfilling prompt is forwarded to the webhook. Possible values: [\"WEBHOOK_STATE_ENABLED\", \"WEBHOOK_STATE_ENABLED_FOR_SLOT_FILLING\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_chat_engine":{"version":0,"block":{"attributes":{"chat_engine_metadata":{"type":["list",["object",{"dialogflow_agent":"string"}]],"description":"Additional information of the Chat Engine.","description_kind":"plain","computed":true},"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. Multiple DataStores in the same Collection can be associated here. All listed DataStores must be 'SOLUTION_TYPE_CHAT'. Adding or removing data stores will force recreation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"The ID to use for chat engine.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the chat engine registers. Vertical on Engine has to match vertical of the DataStore linked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the chat engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"chat_engine_config":{"nesting_mode":"list","block":{"block_types":{"agent_creation_config":{"nesting_mode":"list","block":{"attributes":{"business":{"type":"string","description":"Name of the company, organization or other entity that the agent represents. Used for knowledge connector LLM prompt and for knowledge search.","description_kind":"plain","optional":true},"default_language_code":{"type":"string","description":"The default language of the agent as a language tag. See [Language Support](https://cloud.google.com/dialogflow/docs/reference/language) for a list of the currently supported language codes.","description_kind":"plain","required":true},"location":{"type":"string","description":"Agent location for Agent creation, currently supported values: global/us/eu, it needs to be the same region as the Chat Engine.","description_kind":"plain","optional":true},"time_zone":{"type":"string","description":"The time zone of the agent from the [time zone database](https://www.iana.org/time-zones), e.g., America/New_York, Europe/Paris.","description_kind":"plain","required":true}},"description":"The configuration to generate the Dialogflow agent that is associated to this Engine.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configurations for a chat Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_data_store":{"version":0,"block":{"attributes":{"content_config":{"type":"string","description":"The content config of the data store. Possible values: [\"NO_CONTENT\", \"CONTENT_REQUIRED\", \"PUBLIC_WEBSITE\"]","description_kind":"plain","required":true},"create_advanced_site_search":{"type":"bool","description":"If true, an advanced data store for site search will be created. If the\ndata store is not configured as site search (GENERIC vertical and\nPUBLIC_WEBSITE contentConfig), this flag will be ignored.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Timestamp when the DataStore was created.","description_kind":"plain","computed":true},"data_store_id":{"type":"string","description":"The unique id of the data store.","description_kind":"plain","required":true},"default_schema_id":{"type":"string","description":"The id of the default Schema associated with this data store.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the data store. This field must be a UTF-8 encoded\nstring with a length limit of 128 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the data store registers. Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","required":true},"location":{"type":"string","description":"The geographic location where the data store should reside. The value can\nonly be one of \"global\", \"us\" and \"eu\".","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the data store. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"solution_types":{"type":["list","string"],"description":"The solutions that the data store enrolls. Possible values: [\"SOLUTION_TYPE_RECOMMENDATION\", \"SOLUTION_TYPE_SEARCH\", \"SOLUTION_TYPE_CHAT\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_discovery_engine_search_engine":{"version":0,"block":{"attributes":{"collection_id":{"type":"string","description":"The collection ID.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Timestamp the Engine was created at.","description_kind":"plain","computed":true},"data_store_ids":{"type":["list","string"],"description":"The data stores associated with this engine. For SOLUTION_TYPE_SEARCH type of engines, they can only associate with at most one data store.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Required. The display name of the engine. Should be human readable. UTF-8 encoded string with limit of 1024 characters.","description_kind":"plain","required":true},"engine_id":{"type":"string","description":"Unique ID to use for Search Engine App.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"industry_vertical":{"type":"string","description":"The industry vertical that the engine registers. The restriction of the Engine industry vertical is based on DataStore: If unspecified, default to GENERIC. Vertical on Engine has to match vertical of the DataStore liniked to the engine. Default value: \"GENERIC\" Possible values: [\"GENERIC\", \"MEDIA\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique full resource name of the search engine. Values are of the format\n'projects/{project}/locations/{location}/collections/{collection_id}/engines/{engine_id}'.\nThis field must be a UTF-8 encoded string with a length limit of 1024\ncharacters.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Timestamp the Engine was last updated.","description_kind":"plain","computed":true}},"block_types":{"common_config":{"nesting_mode":"list","block":{"attributes":{"company_name":{"type":"string","description":"The name of the company, business or entity that is associated with the engine. Setting this may help improve LLM related features.cd","description_kind":"plain","optional":true}},"description":"Common config spec that specifies the metadata of the engine.","description_kind":"plain"},"max_items":1},"search_engine_config":{"nesting_mode":"list","block":{"attributes":{"search_add_ons":{"type":["list","string"],"description":"The add-on that this search engine enables. Possible values: [\"SEARCH_ADD_ON_LLM\"]","description_kind":"plain","optional":true},"search_tier":{"type":"string","description":"The search feature tier of this engine. Defaults to SearchTier.SEARCH_TIER_STANDARD if not specified. Default value: \"SEARCH_TIER_STANDARD\" Possible values: [\"SEARCH_TIER_STANDARD\", \"SEARCH_TIER_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Configurations for a Search Engine.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The DNS name of this managed zone, for instance \"example.com.\".","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"Set this true to delete all records in the zone.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this ManagedZone.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"managed_zone_id":{"type":"number","description":"Unique identifier for the resource; defined by the server.","description_kind":"plain","computed":true},"name":{"type":"string","description":"User assigned name for this resource.\nMust be unique within the project.","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description":"Delegate your managed_zone to these virtual name servers;\ndefined by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The zone's visibility: public zones are exposed to the Internet,\nwhile private zones are visible only to Virtual Private Cloud resources. Default value: \"public\" Possible values: [\"private\", \"public\"]","description_kind":"plain","optional":true}},"block_types":{"cloud_logging_config":{"nesting_mode":"list","block":{"attributes":{"enable_logging":{"type":"bool","description":"If set, enable query logging for this ManagedZone. False by default, making logging opt-in.","description_kind":"plain","required":true}},"description":"Cloud logging configuration","description_kind":"plain"},"max_items":1},"dnssec_config":{"nesting_mode":"list","block":{"attributes":{"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true},"non_existence":{"type":"string","description":"Specifies the mechanism used to provide authenticated denial-of-existence responses.\nnon_existence can only be updated when the state is 'off'. Possible values: [\"nsec\", \"nsec3\"]","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies whether DNSSEC is enabled, and what mode it is in Possible values: [\"off\", \"on\", \"transfer\"]","description_kind":"plain","optional":true}},"block_types":{"default_key_specs":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"String mnemonic specifying the DNSSEC algorithm of this key Possible values: [\"ecdsap256sha256\", \"ecdsap384sha384\", \"rsasha1\", \"rsasha256\", \"rsasha512\"]","description_kind":"plain","optional":true},"key_length":{"type":"number","description":"Length of the keys in bits","description_kind":"plain","optional":true},"key_type":{"type":"string","description":"Specifies whether this is a key signing key (KSK) or a zone\nsigning key (ZSK). Key signing keys have the Secure Entry\nPoint flag set and, when active, will only be used to sign\nresource record sets of type DNSKEY. Zone signing keys do\nnot have the Secure Entry Point flag set and will be used\nto sign all other types of resource record sets. Possible values: [\"keySigning\", \"zoneSigning\"]","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Identifies what kind of resource this is","description_kind":"plain","optional":true}},"description":"Specifies parameters that will be used for generating initial DnsKeys\nfor this ManagedZone. If you provide a spec for keySigning or zoneSigning,\nyou must also provide one for the other.\ndefault_key_specs can only be updated when the state is 'off'.","description_kind":"plain"}}},"description":"DNSSEC configuration","description_kind":"plain"},"max_items":1},"forwarding_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address of a target name server.","description_kind":"plain","required":true}},"description":"List of target name servers to forward to. Cloud DNS will\nselect the best available name server if more than\none target is given.","description_kind":"plain"},"min_items":1}},"description":"The presence for this field indicates that outbound forwarding is enabled\nfor this zone. The value of this field contains the set of destinations\nto forward to.","description_kind":"plain"},"max_items":1},"peering_config":{"nesting_mode":"list","block":{"block_types":{"target_network":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The network with which to peer.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The presence of this field indicates that DNS Peering is enabled for this\nzone. The value of this field contains the network to peer with.","description_kind":"plain"},"max_items":1},"private_visibility_config":{"nesting_mode":"list","block":{"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to bind to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you\nmay experience issues with this resource while updating. If you've defined a 'networks' block and\nadd another 'networks' block while keeping the old block, Terraform will see an incorrect diff\nand apply an incorrect update to the resource. If you encounter this issue, remove all 'networks'\nblocks in an update and then apply another update adding all of them back simultaneously.","description_kind":"plain"}}},"description":"For privately visible zones, the set of Virtual Private Cloud\nresources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_managed_zone_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A textual description field. Defaults to 'Managed by Terraform'.","description_kind":"plain","optional":true},"enable_inbound_forwarding":{"type":"bool","description":"Allows networks bound to this policy to receive DNS queries sent\nby VMs or applications over VPN connections. When enabled, a\nvirtual IP address will be allocated from each of the sub-networks\nthat are bound to this policy.","description_kind":"plain","optional":true},"enable_logging":{"type":"bool","description":"Controls whether logging is enabled for the networks bound to this policy.\nDefaults to no logging if not set.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"User assigned name for this policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"alternative_name_server_config":{"nesting_mode":"list","block":{"block_types":{"target_name_servers":{"nesting_mode":"set","block":{"attributes":{"forwarding_path":{"type":"string","description":"Forwarding path for this TargetNameServer. If unset or 'default' Cloud DNS will make forwarding\ndecision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go\nto the Internet. When set to 'private', Cloud DNS will always send queries through VPC for this target Possible values: [\"default\", \"private\"]","description_kind":"plain","optional":true},"ipv4_address":{"type":"string","description":"IPv4 address to forward to.","description_kind":"plain","required":true}},"description":"Sets an alternative name server for the associated networks. When specified,\nall DNS queries are forwarded to a name server that you choose. Names such as .internal\nare not available when an alternative name server is specified.","description_kind":"plain"},"min_items":1}},"description":"Sets an alternative name server for the associated networks.\nWhen specified, all DNS queries are forwarded to a name server that you choose.\nNames such as .internal are not available when an alternative name server is specified.","description_kind":"plain"},"max_items":1},"networks":{"nesting_mode":"set","block":{"attributes":{"network_url":{"type":"string","description":"The id or fully qualified URL of the VPC network to forward queries to.\nThis should be formatted like 'projects/{project}/global/networks/{network}' or\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"List of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description":"The name of the zone in which this record set will reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The DNS name this record set will apply to.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"rrdatas":{"type":["list","string"],"description":"The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding \\\" if you don't want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add \\\"\\\" inside the Terraform configuration string (e.g. \"first255characters\\\"\\\"morecharacters\").","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"The time-to-live of this record set (seconds).","description_kind":"plain","optional":true},"type":{"type":"string","description":"The DNS record set type.","description_kind":"plain","required":true}},"block_types":{"routing_policy":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing":{"type":"bool","description":"Specifies whether to enable fencing for geo queries.","description_kind":"plain","optional":true}},"block_types":{"geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Geo location based routing policy.","description_kind":"plain"}},"primary_backup":{"nesting_mode":"list","block":{"attributes":{"enable_geo_fencing_for_backups":{"type":"bool","description":"Specifies whether to enable fencing for backup geo queries.","description_kind":"plain","optional":true},"trickle_ratio":{"type":"number","description":"Specifies the percentage of traffic to send to the backup targets even when the primary targets are healthy.","description_kind":"plain","optional":true}},"block_types":{"backup_geo":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The location name defined in Google Cloud.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"For A and AAAA types only. The list of targets to be health checked. These can be specified along with `rrdatas` within this item.","description_kind":"plain"},"max_items":1}},"description":"The backup geo targets, which provide a regional failover policy for the otherwise global primary targets.","description_kind":"plain"},"min_items":1},"primary":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of global primary targets to be health checked.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.","description_kind":"plain"},"max_items":1},"wrr":{"nesting_mode":"list","block":{"attributes":{"rrdatas":{"type":["list","string"],"description_kind":"plain","optional":true},"weight":{"type":"number","description":"The ratio of traffic routed to the target.","description_kind":"plain","required":true}},"block_types":{"health_checked_targets":{"nesting_mode":"list","block":{"block_types":{"internal_load_balancers":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The frontend IP address of the load balancer.","description_kind":"plain","required":true},"ip_protocol":{"type":"string","description":"The configured IP protocol of the load balancer. This value is case-sensitive. Possible values: [\"tcp\", \"udp\"]","description_kind":"plain","required":true},"load_balancer_type":{"type":"string","description":"The type of load balancer. This value is case-sensitive. Possible values: [\"regionalL4ilb\", \"regionalL7ilb\", \"globalL7ilb\"]","description_kind":"plain","required":true},"network_url":{"type":"string","description":"The fully qualified url of the network in which the load balancer belongs. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`.","description_kind":"plain","required":true},"port":{"type":"string","description":"The configured port of the load balancer.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the load balancer belongs.","description_kind":"plain","required":true},"region":{"type":"string","description":"The region of the load balancer. Only needed for regional load balancers.","description_kind":"plain","optional":true}},"description":"The list of internal load balancers to health check.","description_kind":"plain"},"min_items":1}},"description":"The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of `rrdatas` or `health_checked_targets` can be set.","description_kind":"plain"},"max_items":1}},"description":"The configuration for Weighted Round Robin based routing policy.","description_kind":"plain"}}},"description":"The configuration for steering traffic based on query. You can specify either Weighted Round Robin(WRR) type or Geolocation(GEO) type.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_dns_response_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the response policy, such as 'My new response policy'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy_name":{"type":"string","description":"The user assigned name for this Response Policy, such as 'myresponsepolicy'.","description_kind":"plain","required":true}},"block_types":{"gke_clusters":{"nesting_mode":"list","block":{"attributes":{"gke_cluster_name":{"type":"string","description":"The resource name of the cluster to bind this ManagedZone to.\nThis should be specified in the format like\n'projects/*/locations/*/clusters/*'","description_kind":"plain","required":true}},"description":"The list of Google Kubernetes Engine clusters that can see this zone.","description_kind":"plain"}},"networks":{"nesting_mode":"list","block":{"attributes":{"network_url":{"type":"string","description":"The fully qualified URL of the VPC network to bind to.\nThis should be formatted like\n'https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}'","description_kind":"plain","required":true}},"description":"The list of network names specifying networks to which this policy is applied.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_dns_response_policy_rule":{"version":0,"block":{"attributes":{"dns_name":{"type":"string","description":"The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"response_policy":{"type":"string","description":"Identifies the response policy addressed by this request.","description_kind":"plain","required":true},"rule_name":{"type":"string","description":"An identifier for this rule. Must be unique with the ResponsePolicy.","description_kind":"plain","required":true}},"block_types":{"local_data":{"nesting_mode":"list","block":{"block_types":{"local_datas":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"For example, www.example.com.","description_kind":"plain","required":true},"rrdatas":{"type":["list","string"],"description":"As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1)","description_kind":"plain","optional":true},"ttl":{"type":"number","description":"Number of seconds that this ResourceRecordSet can be cached by\nresolvers.","description_kind":"plain","optional":true},"type":{"type":"string","description":"One of valid DNS resource types. Possible values: [\"A\", \"AAAA\", \"CAA\", \"CNAME\", \"DNSKEY\", \"DS\", \"HTTPS\", \"IPSECVPNKEY\", \"MX\", \"NAPTR\", \"NS\", \"PTR\", \"SOA\", \"SPF\", \"SRV\", \"SSHFP\", \"SVCB\", \"TLSA\", \"TXT\"]","description_kind":"plain","required":true}},"description":"All resource record sets for this selector, one per resource record type. The name must match the dns_name.","description_kind":"plain"},"min_items":1}},"description":"Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name;\nin particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name. Must be unique.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The KMS key used for encryption/decryption in CMEK scenarios. See https://cloud.google.com/security-key-management.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the processor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of processor. For possible types see the [official list](https://cloud.google.com/document-ai/docs/reference/rest/v1/projects.locations/fetchProcessorTypes#google.cloud.documentai.v1.DocumentProcessorService.FetchProcessorTypes)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_processor_default_version":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"processor":{"type":"string","description":"The processor to set the version on.","description_kind":"plain","required":true},"version":{"type":"string","description":"The version to set. Using 'stable' or 'rc' will cause the API to return the latest version in that release channel.\nApply 'lifecycle.ignore_changes' to the 'version' field to suppress this diff.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_document_schema":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name of the schema given by the user.","description_kind":"plain","required":true},"document_is_folder":{"type":"bool","description":"Tells whether the document is a folder or a typical document.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the document schema.","description_kind":"plain","computed":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"property_type_options":{"nesting_mode":"list","block":{"block_types":{"property_definitions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display-name for the property, used for front-end.","description_kind":"plain","optional":true},"is_filterable":{"type":"bool","description":"Whether the property can be filtered. If this is a sub-property, all the parent properties must be marked filterable.","description_kind":"plain","optional":true},"is_metadata":{"type":"bool","description":"Whether the property is user supplied metadata.","description_kind":"plain","optional":true},"is_repeatable":{"type":"bool","description":"Whether the property can have multiple values.","description_kind":"plain","optional":true},"is_required":{"type":"bool","description":"Whether the property is mandatory.","description_kind":"plain","optional":true},"is_searchable":{"type":"bool","description":"Indicates that the property should be included in a global search.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the metadata property.","description_kind":"plain","required":true},"retrieval_importance":{"type":"string","description":"Stores the retrieval importance. Possible values: [\"HIGHEST\", \"HIGHER\", \"HIGH\", \"MEDIUM\", \"LOW\", \"LOWEST\"]","description_kind":"plain","optional":true}},"block_types":{"date_time_type_options":{"nesting_mode":"list","block":{"description":"Date time property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1},"enum_type_options":{"nesting_mode":"list","block":{"attributes":{"possible_values":{"type":["list","string"],"description":"List of possible enum values.","description_kind":"plain","required":true},"validation_check_disabled":{"type":"bool","description":"Make sure the enum property value provided in the document is in the possile value list during document creation. The validation check runs by default.","description_kind":"plain","optional":true}},"description":"Enum/categorical property.","description_kind":"plain"},"max_items":1},"float_type_options":{"nesting_mode":"list","block":{"description":"Float property.","description_kind":"plain"},"max_items":1},"integer_type_options":{"nesting_mode":"list","block":{"description":"Integer property.","description_kind":"plain"},"max_items":1},"map_type_options":{"nesting_mode":"list","block":{"description":"Map property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1}},"description":"Nested structured data property.","description_kind":"plain"},"max_items":1},"schema_sources":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The schema name in the source.","description_kind":"plain","optional":true},"processor_type":{"type":"string","description":"The Doc AI processor type name.","description_kind":"plain","optional":true}},"description":"The schema source information.","description_kind":"plain"}},"text_type_options":{"nesting_mode":"list","block":{"description":"Text/string property.","description_kind":"plain"},"max_items":1},"timestamp_type_options":{"nesting_mode":"list","block":{"description":"Timestamp property. Not supported by CMEK compliant deployment.","description_kind":"plain"},"max_items":1}},"description":"Defines the metadata for a schema property.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_document_ai_warehouse_location":{"version":0,"block":{"attributes":{"access_control_mode":{"type":"string","description":"The access control mode for accessing the customer data. Possible values: [\"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_GCI\", \"ACL_MODE_DOCUMENT_LEVEL_ACCESS_CONTROL_BYOID\", \"ACL_MODE_UNIVERSAL_ACCESS\"]","description_kind":"plain","required":true},"database_type":{"type":"string","description":"The type of database used to store customer data. Possible values: [\"DB_INFRA_SPANNER\", \"DB_CLOUD_SQL_POSTGRES\"]","description_kind":"plain","required":true},"document_creator_default_role":{"type":"string","description":"The default role for the person who create a document. Possible values: [\"DOCUMENT_ADMIN\", \"DOCUMENT_EDITOR\", \"DOCUMENT_VIEWER\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"The KMS key used for CMEK encryption. It is required that\nthe kms key is in the same region as the endpoint. The\nsame key will be used for all provisioned resources, if\nencryption is available. If the kmsKey is left empty, no\nencryption will be enforced.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location in which the instance is to be provisioned. It takes the form projects/{projectNumber}/locations/{location}.","description_kind":"plain","required":true},"project_number":{"type":"string","description":"The unique identifier of the project.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_cluster":{"version":0,"block":{"attributes":{"cluster_ca_certificate":{"type":"string","description":"The PEM-encoded public certificate of the cluster's CA.","description_kind":"plain","computed":true,"sensitive":true},"control_plane_version":{"type":"string","description":"The control plane release version.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node used if a maximum value is not\nspecified explicitly for a node pool in this cluster. If unspecified, the\nKubernetes default value will be used.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of the Kubernetes API server.","description_kind":"plain","computed":true},"external_load_balancer_ipv4_address_pools":{"type":["list","string"],"description":"Address pools for cluster data plane external load balancing.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the edgecloud cluster.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"maintenance_events":{"type":["list",["object",{"create_time":"string","end_time":"string","operation":"string","schedule":"string","start_time":"string","state":"string","target_version":"string","type":"string","update_time":"string","uuid":"string"}]],"description":"All the maintenance events scheduled for the cluster, including the ones\nongoing, planned for the future and done in the past (up to 90 days).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The GDCE cluster name.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes. This field can be empty\nif the cluster does not have any worker nodes.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the Kubernetes API server.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"release_channel":{"type":"string","description":"The release channel a cluster is subscribed to. Possible values: [\"RELEASE_CHANNEL_UNSPECIFIED\", \"NONE\", \"REGULAR\"]","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Indicates the status of the cluster.","description_kind":"plain","computed":true},"target_version":{"type":"string","description":"The target cluster version. For example: \"1.5.0\".","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"An active Google username.","description_kind":"plain","required":true}},"description":"User that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster. Currently, this is a singular field, but will\nbe expanded to allow multiple admins in the future.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"RBAC policy that will be applied and managed by GEC.","description_kind":"plain"},"min_items":1,"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"local":{"nesting_mode":"list","block":{"attributes":{"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to host control\nplane nodes. The filtering language accepts strings like \"name=\u003cname\u003e\",\nand is documented here: [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes to serve as replicas of the Control Plane.\nOnly 1 and 3 are supported.","description_kind":"plain","optional":true,"computed":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true},"shared_deployment_policy":{"type":"string","description":"Policy configuration about how user applications are deployed. Possible values: [\"SHARED_DEPLOYMENT_POLICY_UNSPECIFIED\", \"ALLOWED\", \"DISALLOWED\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Local control plane configuration.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zones where this node pool\nwill be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","optional":true,"computed":true}},"description":"Remote control plane configuration.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the cluster control plane.","description_kind":"plain"},"max_items":1},"control_plane_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g.\nprojects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}\nto use for protecting control plane disks. If not specified, a\nGoogle-managed key will be used instead.","description_kind":"plain","optional":true,"computed":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting control\nplane disks. Only applicable if kms_key is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not 'KEY_AVAILABLE', then\nnodes may go offline as they cannot access their local data. This can be\ncaused by a lack of permissions to use the key, or if the key is disabled\nor deleted.","description_kind":"plain","computed":true},"kms_status":{"type":["list",["object",{"code":"number","message":"string"}]],"description":"Error status returned by Cloud KMS when using this key. This field may be\npopulated only if 'kms_key_state' is not 'KMS_KEY_STATE_KEY_AVAILABLE'.\nIf populated, this field contains the error status reported by Cloud KMS.","description_kind":"plain","computed":true}},"description":"Remote control plane disk encryption options. This field is only used when\nenabling CMEK support.","description_kind":"plain"},"max_items":1},"fleet":{"nesting_mode":"list","block":{"attributes":{"membership":{"type":"string","description":"The name of the managed Hub Membership resource associated to this cluster.\nMembership names are formatted as\n'projects/\u003cproject-number\u003e/locations/global/membership/\u003ccluster-id\u003e'.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The name of the Fleet host project where this cluster will be registered.\nProject names are formatted as\n'projects/\u003cproject-number\u003e'.","description_kind":"plain","required":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_policy":{"nesting_mode":"list","block":{"block_types":{"window":{"nesting_mode":"list","block":{"block_types":{"recurring_window":{"nesting_mode":"list","block":{"attributes":{"recurrence":{"type":"string","description":"An RRULE (https://tools.ietf.org/html/rfc5545#section-3.8.5.3) for how\nthis window recurs. They go on for the span of time between the start and\nend time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"window":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The time that the window ends. The end time must take place after the\nstart time.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time that the window first starts.","description_kind":"plain","optional":true,"computed":true}},"description":"Represents an arbitrary window of time.","description_kind":"plain"},"max_items":1}},"description":"Represents an arbitrary window of time that recurs.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the maintenance window in which maintenance may be performed.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Cluster-wide maintenance policy configuration.","description_kind":"plain"},"max_items":1},"networking":{"nesting_mode":"list","block":{"attributes":{"cluster_ipv4_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"cluster_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all pods in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"IP addressing type of this cluster i.e. SINGLESTACK_V4 vs DUALSTACK_V4_V6.","description_kind":"plain","computed":true},"services_ipv4_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these\nblocks. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","required":true},"services_ipv6_cidr_blocks":{"type":["list","string"],"description":"If specified, dual stack mode is enabled and all services in the cluster are\nassigned an IPv6 address from these blocks alongside from an IPv4\naddress. Only a single block is supported. This field cannot be changed\nafter creation.","description_kind":"plain","optional":true}},"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.","description_kind":"plain"},"min_items":1,"max_items":1},"system_addons_config":{"nesting_mode":"list","block":{"block_types":{"ingress":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"Whether Ingress is disabled.","description_kind":"plain","optional":true,"computed":true},"ipv4_vip":{"type":"string","description":"Ingress VIP.","description_kind":"plain","optional":true,"computed":true}},"description":"Config for the Ingress add-on which allows customers to create an Ingress\nobject to manage external access to the servers in a cluster. The add-on\nconsists of istiod and istio-ingress.","description_kind":"plain"},"max_items":1}},"description":"Config that customers are allowed to define for GDCE system add-ons.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_node_pool":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The name of the target Distributed Cloud Edge Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the node pool was created.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"machine_filter":{"type":"string","description":"Only machines matching this filter will be allowed to join the node pool.\nThe filtering language accepts strings like \"name=\u003cname\u003e\", and is\ndocumented in more detail in [AIP-160](https://google.aip.dev/160).","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the node pool.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"The number of nodes in the pool.","description_kind":"plain","required":true},"node_location":{"type":"string","description":"Name of the Google Distributed Cloud Edge zone where this node pool will be created. For example: 'us-central1-edge-customer-a'.","description_kind":"plain","required":true},"node_version":{"type":"string","description":"The lowest release version among all worker nodes.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the node pool was last updated.","description_kind":"plain","computed":true}},"block_types":{"local_disk_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS CryptoKey e.g. projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey} to use for protecting node local disks.\nIf not specified, a Google-managed key will be used instead.","description_kind":"plain","optional":true},"kms_key_active_version":{"type":"string","description":"The Cloud KMS CryptoKeyVersion currently in use for protecting node local disks. Only applicable if kmsKey is set.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Availability of the Cloud KMS CryptoKey. If not KEY_AVAILABLE, then nodes may go offline as they cannot access their local data.\nThis can be caused by a lack of permissions to use the key, or if the key is disabled or deleted.","description_kind":"plain","computed":true}},"description":"Local disk encryption options. This field is only used when enabling CMEK support.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"\"The Kubernetes node labels\"","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for each node in the NodePool","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgecontainer_vpn_connection":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The canonical Cluster name to connect to. It is in the form of projects/{project}/locations/{location}/clusters/{cluster}.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the VPN connection was created.","description_kind":"plain","computed":true},"details":{"type":["list",["object",{"cloud_router":["list",["object",{"name":"string"}]],"cloud_vpns":["list",["object",{"gateway":"string"}]],"error":"string","state":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_high_availability":{"type":"bool","description":"Whether this VPN connection has HA enabled on cluster side. If enabled, when creating VPN connection we will attempt to use 2 ANG floating IPs.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Google Cloud Platform location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of VPN connection","description_kind":"plain","required":true},"nat_gateway_ip":{"type":"string","description":"NAT gateway IP, or WAN IP address. If a customer has multiple NAT IPs, the customer needs to configure NAT such that only one external IP maps to the GMEC Anthos cluster.\nThis is empty if NAT is not used.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"router":{"type":"string","description":"The VPN connection Cloud Router name.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the VPN connection was last updated.","description_kind":"plain","computed":true},"vpc":{"type":"string","description":"The network ID of VPC to connect to.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vpc_project":{"nesting_mode":"list","block":{"attributes":{"project_id":{"type":"string","description":"The project of the VPC to connect to. If not specified, it is the same as the cluster project.","description_kind":"plain","optional":true}},"description":"Project detail of the VPC network. Required if VPC is in a different project than the cluster project.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_edgenetwork_network":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"mtu":{"type":"number","description":"IP (L3) MTU value of the network. Default value is '1500'. Possible values are: '1500', '9000'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","computed":true},"network_id":{"type":"string","description":"A unique ID that identifies this network.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_edgenetwork_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the subnet was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_cidr":{"type":["list","string"],"description":"The ranges of ipv4 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"ipv6_cidr":{"type":["list","string"],"description":"The ranges of ipv6 addresses that are owned by this subnetwork, in CIDR format.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels associated with this resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud region to which the target Distributed Cloud Edge zone belongs.","description_kind":"plain","required":true},"name":{"type":"string","description":"The canonical name of this resource, with format\n'projects/{{project}}/locations/{{location}}/zones/{{zone}}/subnets/{{subnet_id}}'","description_kind":"plain","computed":true},"network":{"type":"string","description":"The ID of the network to which this router belongs.\nMust be of the form: 'projects/{{project}}/locations/{{location}}/zones/{{zone}}/networks/{{network_id}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Current stage of the resource to the device by config push.","description_kind":"plain","computed":true},"subnet_id":{"type":"string","description":"A unique ID that identifies this subnet.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time when the subnet was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID for this subnetwork. If not specified, one is assigned automatically.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the target Distributed Cloud Edge zone.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service":{"version":1,"block":{"attributes":{"apis":{"type":["list",["object",{"methods":["list",["object",{"name":"string","request_type":"string","response_type":"string","syntax":"string"}]],"name":"string","syntax":"string","version":"string"}]],"description":"A list of API objects.","description_kind":"plain","computed":true},"config_id":{"type":"string","description":"The autogenerated ID for the configuration that is rolled out as part of the creation of this resource. Must be provided to compute engine instances as a tag.","description_kind":"plain","computed":true},"dns_address":{"type":"string","description":"The address at which the service can be found - usually the same as the service name.","description_kind":"plain","computed":true},"endpoints":{"type":["list",["object",{"address":"string","name":"string"}]],"description":"A list of Endpoint objects.","description_kind":"plain","computed":true},"grpc_config":{"type":"string","description":"The full text of the Service Config YAML file (Example located here). If provided, must also provide protoc_output_base64. open_api config must not be provided.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"openapi_config":{"type":"string","description":"The full text of the OpenAPI YAML configuration as described here. Either this, or both of grpc_config and protoc_output_base64 must be specified.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project ID that the service belongs to. If not provided, provider project is used.","description_kind":"plain","optional":true,"computed":true},"protoc_output_base64":{"type":"string","description":"The full contents of the Service Descriptor File generated by protoc. This should be a compiled .pb file, base64-encoded.","description_kind":"plain","optional":true},"service_name":{"type":"string","description":"The name of the service. Usually of the form $apiname.endpoints.$projectid.cloud.goog.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_binding":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_member":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_essential_contacts_contact":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email address to send notifications to. This does not need to be a Google account.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"language_tag":{"type":"string","description":"The preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.","description_kind":"plain","required":true},"name":{"type":"string","description":"The identifier for the contact. Format: {resourceType}/{resource_id}/contacts/{contact_id}","description_kind":"plain","computed":true},"notification_category_subscriptions":{"type":["list","string"],"description":"The categories of notifications that the contact will receive communications for.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource to save this contact for. Format: organizations/{organization_id}, folders/{folder_id} or projects/{project_id}","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_channel":{"version":0,"block":{"attributes":{"activation_token":{"type":"string","description":"Output only. The activation token for the channel. The token must be used by the provider to register the channel for publishing.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the channel. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"pubsub_topic":{"type":"string","description":"Output only. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{project}/topics/{topic_id}`.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of a Channel. Possible values: STATE_UNSPECIFIED, PENDING, ACTIVE, INACTIVE","description_kind":"plain","computed":true},"third_party_provider":{"type":"string","description":"The name of the event provider (e.g. Eventarc SaaS partner) associated with the channel. This provider will be granted permissions to publish events to the channel. Format: `projects/{project}/locations/{location}/providers/{provider_id}`.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the channel. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_google_channel_config":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Optional. Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt their event data. It must match the pattern `projects/*/locations/*/keyRings/*/cryptoKeys/*`.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the config. Must be in the format of, `projects/{project}/locations/{location}/googleChannelConfig`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_eventarc_trigger":{"version":0,"block":{"attributes":{"channel":{"type":"string","description":"Optional. The name of the channel associated with the trigger in `projects/{project}/locations/{location}/channels/{channel}` format. You must provide a channel to receive events from Eventarc SaaS partners.","description_kind":"plain","optional":true},"conditions":{"type":["map","string"],"description":"Output only. The reason(s) why a trigger is in FAILED state.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. The creation time.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields, and may be sent only on create requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"event_data_content_type":{"type":"string","description":"Optional. EventDataContentType specifies the type of payload in MIME format that is expected from the CloudEvent data field. This is set to `application/json` if the value is not defined.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. User labels attached to the triggers that can be used to group resources.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Required. The resource name of the trigger. Must be unique within the location on the project.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Optional. The IAM service account email associated with the trigger. The service account represents the identity of the trigger. The principal who calls this API must have `iam.serviceAccounts.actAs` permission in the service account. See https://cloud.google.com/iam/docs/understanding-service-accounts#sa_common for more information. For Cloud Run destinations, this service account is used to generate identity tokens when invoking the service. See https://cloud.google.com/run/docs/triggering/pubsub-push#create-service-account for information on how to invoke authenticated Cloud Run services. In order to create Audit Log triggers, the service account should also have `roles/eventarc.eventReceiver` IAM role.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The last-modified time.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"cloud_function":{"type":"string","description":"The Cloud Function resource name. Only Cloud Functions V2 is supported. Format projects/{project}/locations/{location}/functions/{function} This is a read-only field. [WARNING] Creating Cloud Functions V2 triggers is only supported via the Cloud Functions product. An error will be returned if the user sets this value.","description_kind":"plain","computed":true},"workflow":{"type":"string","description":"The resource name of the Workflow whose Executions are triggered by the events. The Workflow resource should be deployed in the same project as the trigger. Format: `projects/{project}/locations/{location}/workflows/{workflow}`","description_kind":"plain","optional":true}},"block_types":{"cloud_run_service":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"Optional. The relative path on the Cloud Run service the events should be sent to. The value must conform to the definition of URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"region":{"type":"string","description":"Required. The region the Cloud Run service is deployed in.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Required. The name of the Cloud Run service being addressed. See https://cloud.google.com/run/docs/reference/rest/v1/namespaces.services. Only services located in the same project of the trigger object can be addressed.","description_kind":"plain","required":true}},"description":"Cloud Run fully-managed service that receives the events. The service should be running in the same project of the trigger.","description_kind":"plain"},"max_items":1},"gke":{"nesting_mode":"list","block":{"attributes":{"cluster":{"type":"string","description":"Required. The name of the cluster the GKE service is running in. The cluster must be running in the same project as the trigger being created.","description_kind":"plain","required":true},"location":{"type":"string","description":"Required. The name of the Google Compute Engine in which the cluster resides, which can either be compute zone (for example, us-central1-a) for the zonal clusters or region (for example, us-central1) for regional clusters.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"Required. The namespace the GKE service is running in.","description_kind":"plain","required":true},"path":{"type":"string","description":"Optional. The relative path on the GKE service the events should be sent to. The value must conform to the definition of a URI path segment (section 3.3 of RFC2396). Examples: \"/route\", \"route\", \"route/subroute\".","description_kind":"plain","optional":true},"service":{"type":"string","description":"Required. Name of the GKE service.","description_kind":"plain","required":true}},"description":"A GKE service capable of receiving events. The service should be running in the same project as the trigger.","description_kind":"plain"},"max_items":1},"http_endpoint":{"nesting_mode":"list","block":{"attributes":{"uri":{"type":"string","description":"Required. The URI of the HTTP enpdoint. The value must be a RFC2396 URI string. Examples: `http://10.10.10.8:80/route`, `http://svc.us-central1.p.local:8080/`. Only HTTP and HTTPS protocols are supported. The host can be either a static IP addressable from the VPC specified by the network config, or an internal DNS hostname of the service resolvable via Cloud DNS.","description_kind":"plain","required":true}},"description":"An HTTP endpoint destination described by an URI.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"network_attachment":{"type":"string","description":"Required. Name of the NetworkAttachment that allows access to the destination VPC. Format: `projects/{PROJECT_ID}/regions/{REGION}/networkAttachments/{NETWORK_ATTACHMENT_NAME}`","description_kind":"plain","required":true}},"description":"Optional. Network config is used to configure how Eventarc resolves and connect to a destination. This should only be used with HttpEndpoint destination type.","description_kind":"plain"},"max_items":1}},"description":"Required. Destination specifies where the events should be sent to.","description_kind":"plain"},"min_items":1,"max_items":1},"matching_criteria":{"nesting_mode":"set","block":{"attributes":{"attribute":{"type":"string","description":"Required. The name of a CloudEvents attribute. Currently, only a subset of attributes are supported for filtering. All triggers MUST provide a filter for the 'type' attribute.","description_kind":"plain","required":true},"operator":{"type":"string","description":"Optional. The operator used for matching the events with the value of the filter. If not specified, only events that have an exact key-value pair specified in the filter are matched. The only allowed value is `match-path-pattern`.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.","description_kind":"plain","required":true}},"description":"Required. null The list of filters that applies to event attributes. Only events that match all the provided filters will be sent to the destination.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"transport":{"nesting_mode":"list","block":{"block_types":{"pubsub":{"nesting_mode":"list","block":{"attributes":{"subscription":{"type":"string","description":"Output only. The name of the Pub/Sub subscription created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/subscriptions/{SUBSCRIPTION_NAME}`.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"Optional. The name of the Pub/Sub topic created and managed by Eventarc system as a transport for the event delivery. Format: `projects/{PROJECT_ID}/topics/{TOPIC_NAME}. You may set an existing topic for triggers of the type google.cloud.pubsub.topic.v1.messagePublished` only. The topic you provide here will not be deleted by Eventarc at trigger deletion.","description_kind":"plain","optional":true}},"description":"The Pub/Sub topic and subscription used by Eventarc as delivery intermediary.","description_kind":"plain"},"max_items":1}},"description":"Optional. In order to deliver messages, Eventarc may use other GCP products as transport intermediary. This field contains a reference to that transport intermediary. This information can be used for debugging purposes.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_filestore_backup":{"version":0,"block":{"attributes":{"capacity_gb":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the backup with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"download_bytes":{"type":"string","description":"Amount of bytes that will be downloaded if the backup is restored.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"source_file_share":{"type":"string","description":"Name of the file share in the source Cloud Filestore instance that the backup is created from.","description_kind":"plain","required":true},"source_instance":{"type":"string","description":"The resource name of the source Cloud Filestore instance, in the format projects/{projectId}/locations/{locationId}/instances/{instanceId}, used to create this backup.","description_kind":"plain","required":true},"source_instance_tier":{"type":"string","description":"The service tier of the source Cloud Filestore instance that this backup is created from.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The backup state.","description_kind":"plain","computed":true},"storage_bytes":{"type":"string","description":"The size of the storage used by the backup. As backups share storage, this number is expected to change with backup creation/deletion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","required":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","deprecated":true,"optional":true,"computed":true}},"block_types":{"file_shares":{"nesting_mode":"list","block":{"attributes":{"capacity_gb":{"type":"number","description":"File share capacity in GiB. This must be at least 1024 GiB\nfor the standard tier, or 2560 GiB for the premium tier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the fileshare (16 characters or less)","description_kind":"plain","required":true},"source_backup":{"type":"string","description":"The resource name of the backup, in the format\nprojects/{projectId}/locations/{locationId}/backups/{backupId},\nthat this file share has been restored from.","description_kind":"plain","optional":true}},"block_types":{"nfs_export_options":{"nesting_mode":"list","block":{"attributes":{"access_mode":{"type":"string","description":"Either READ_ONLY, for allowing only read requests on the exported directory,\nor READ_WRITE, for allowing both read and write requests. The default is READ_WRITE. Default value: \"READ_WRITE\" Possible values: [\"READ_ONLY\", \"READ_WRITE\"]","description_kind":"plain","optional":true},"anon_gid":{"type":"number","description":"An integer representing the anonymous group id with a default value of 65534.\nAnon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"anon_uid":{"type":"number","description":"An integer representing the anonymous user id with a default value of 65534.\nAnon_uid may only be set with squashMode of ROOT_SQUASH. An error will be returned\nif this field is specified for other squashMode settings.","description_kind":"plain","optional":true},"ip_ranges":{"type":["list","string"],"description":"List of either IPv4 addresses, or ranges in CIDR notation which may mount the file share.\nOverlapping IP ranges are not allowed, both within and across NfsExportOptions. An error will be returned.\nThe limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExportOptions.","description_kind":"plain","optional":true},"squash_mode":{"type":"string","description":"Either NO_ROOT_SQUASH, for allowing root access on the exported directory, or ROOT_SQUASH,\nfor not allowing root access. The default is NO_ROOT_SQUASH. Default value: \"NO_ROOT_SQUASH\" Possible values: [\"NO_ROOT_SQUASH\", \"ROOT_SQUASH\"]","description_kind":"plain","optional":true}},"description":"Nfs Export Options. There is a limit of 10 export options per file share.","description_kind":"plain"},"max_items":10}},"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"networks":{"nesting_mode":"list","block":{"attributes":{"connect_mode":{"type":"string","description":"The network connect mode of the Filestore instance.\nIf not provided, the connect mode defaults to\nDIRECT_PEERING. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"A list of IPv4 or IPv6 addresses.","description_kind":"plain","computed":true},"modes":{"type":["list","string"],"description":"IP versions for which the instance has\nIP addresses assigned. Possible values: [\"ADDRESS_MODE_UNSPECIFIED\", \"MODE_IPV4\", \"MODE_IPV6\"]","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the GCE VPC network to which the\ninstance is connected.","description_kind":"plain","required":true},"reserved_ip_range":{"type":"string","description":"A /29 CIDR block that identifies the range of IP\naddresses reserved for this instance.","description_kind":"plain","optional":true,"computed":true}},"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_filestore_snapshot":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time when the snapshot was created in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the snapshot with 2048 characters or less. Requests with longer descriptions will be rejected.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filesystem_used_bytes":{"type":"string","description":"The amount of bytes needed to allocate a full copy of the snapshot content.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The resource name of the filestore instance.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the snapshot. The name must be unique within the specified instance.\n\nThe name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The snapshot state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_app_attest_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the App Attest configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from App Attest artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_debug_token":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of a\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id),\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id),\nor [Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id)","description_kind":"plain","required":true},"debug_token_id":{"type":"string","description":"The last segment of the resource name of the debug token.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A human readable display name used to identify this debug token.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token":{"type":"string","description":"The secret token itself. Must be provided during creation, and must be a UUID4,\ncase insensitive. You may use a method of your choice such as random/random_uuid\nto generate the token.\n\nThis field is immutable once set, and cannot be updated. You can, however, delete\nthis debug token to revoke it.\n\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_device_check_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Apple App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.iosApps#IosApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"The key identifier of a private key enabled with DeviceCheck, created in your Apple Developer account.","description_kind":"plain","required":true},"name":{"type":"string","description":"The relative resource name of the DeviceCheck configuration object","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The contents of the private key (.p8) file associated with the key specified by keyId.","description_kind":"plain","required":true,"sensitive":true},"private_key_set":{"type":"bool","description":"Whether the privateKey field was previously set. Since App Check will never return the\nprivateKey field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from DeviceCheck artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_play_integrity_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Android App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.androidApps#AndroidApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the Play Integrity configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from Play Integrity artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_enterprise_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA Enterprise configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_key":{"type":"string","description":"The score-based site key created in reCAPTCHA Enterprise used to invoke reCAPTCHA and generate the reCAPTCHA tokens for your application.\n\n**Important**: This is not the siteSecret (as it is in reCAPTCHA v3), but rather your score-based reCAPTCHA Enterprise site key.","description_kind":"plain","required":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA Enterprise artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_recaptcha_v3_config":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description":"The ID of an\n[Web App](https://firebase.google.com/docs/reference/firebase-management/rest/v1beta1/projects.webApps#WebApp.FIELDS.app_id).","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The relative resource name of the reCAPTCHA V3 configuration object","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"site_secret":{"type":"string","description":"The site secret used to identify your service for reCAPTCHA v3 verification.\nFor security reasons, this field will never be populated in any response.","description_kind":"plain","required":true,"sensitive":true},"site_secret_set":{"type":"bool","description":"Whether the siteSecret was previously set. Since we will never return the siteSecret field, this field is the only way to find out whether it was previously set.","description_kind":"plain","computed":true},"token_ttl":{"type":"string","description":"Specifies the duration for which App Check tokens exchanged from reCAPTCHA V3 artifacts will be valid.\nIf unset, a default value of 1 hour is assumed. Must be between 30 minutes and 7 days, inclusive.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebase_app_check_service_config":{"version":0,"block":{"attributes":{"enforcement_mode":{"type":"string","description":"The App Check enforcement mode for a service supported by App Check. Valid values are\n\n(Unset)\nFirebase App Check is not enforced for the service, nor are App Check metrics collected.\nThough the service is not protected by App Check in this mode, other applicable protections,\nsuch as user authorization, are still enforced. An unconfigured service is in this mode by default.\nThis is equivalent to OFF in the REST API. Deleting the Terraform resource will also switch the\nenforcement to OFF for this service.\n\nUNENFORCED\nFirebase App Check is not enforced for the service. App Check metrics are collected to help you\ndecide when to turn on enforcement for the service. Though the service is not protected by App Check\nin this mode, other applicable protections, such as user authorization, are still enforced.\n\nENFORCED\nFirebase App Check is enforced for the service. The service will reject any request that attempts to\naccess your project's resources if it does not have valid App Check token attached, with some exceptions\ndepending on the service; for example, some services will still allow requests bearing the developer's\nprivileged service account credentials without an App Check token. App Check metrics continue to be\ncollected to help you detect issues with your App Check integration and monitor the composition of your\ncallers. While the service is protected by App Check, other applicable protections, such as user\nauthorization, continue to be enforced at the same time.\n\nUse caution when choosing to enforce App Check on a Firebase service. If your users have not updated\nto an App Check capable version of your app, their apps will no longer be able to use your Firebase\nservices that are enforcing App Check. App Check metrics can help you decide whether to enforce App\nCheck on your Firebase services.\n\nIf your app has not launched yet, you should enable enforcement immediately, since there are no outdated\nclients in use. Possible values: [\"UNENFORCED\", \"ENFORCED\"]","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The fully-qualified resource name of the service enforcement configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"The identifier of the service to configure enforcement. Currently, the following service IDs are supported:\n firebasestorage.googleapis.com (Cloud Storage for Firebase)\n firebasedatabase.googleapis.com (Firebase Realtime Database)\n firestore.googleapis.com (Cloud Firestore)\n identitytoolkit.googleapis.com (Authentication)","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_release":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the release was created.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Disable the release to keep it from being served. The response code of NOT_FOUND will be given for executables generated from this Release.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Format: `projects/{project_id}/releases/{release_id}`\\Firestore Rules Releases will **always** have the name 'cloud.firestore'","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"ruleset_name":{"type":"string","description":"Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Time the release was updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firebaserules_ruleset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time the `Ruleset` was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["list",["object",{"services":["list","string"]}]],"description":"Output only. The metadata for this ruleset.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Output only. Name of the `Ruleset`. The ruleset_id is auto generated by the service. Format: `projects/{project_id}/rulesets/{ruleset_id}`","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"language":{"type":"string","description":"`Language` of the `Source` bundle. If unspecified, the language will default to `FIREBASE_RULES`. Possible values: LANGUAGE_UNSPECIFIED, FIREBASE_RULES, EVENT_FLOW_TRIGGERS","description_kind":"plain","optional":true}},"block_types":{"files":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"Textual Content.","description_kind":"plain","required":true},"fingerprint":{"type":"string","description":"Fingerprint (e.g. github sha) associated with the `File`.","description_kind":"plain","optional":true},"name":{"type":"string","description":"File name.","description_kind":"plain","required":true}},"description":"`File` set constituting the `Source` bundle.","description_kind":"plain"},"min_items":1}},"description":"`Source` for the `Ruleset`.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_backup_schedule":{"version":0,"block":{"attributes":{"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique backup schedule identifier across all locations and databases for the given project. Format:\n'projects/{{project}}/databases/{{database}}/backupSchedules/{{backupSchedule}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retention":{"type":"string","description":"At what relative time in the future, compared to its creation time, the backup should be deleted, e.g. keep backups for 7 days.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".\n\nYou can set this to a value up to 14 weeks.","description_kind":"plain","required":true}},"block_types":{"daily_recurrence":{"nesting_mode":"list","block":{"description":"For a schedule that runs daily.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"weekly_recurrence":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"The day of week to run. Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"For a schedule that runs weekly on a specific day.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_database":{"version":0,"block":{"attributes":{"app_engine_integration_mode":{"type":"string","description":"The App Engine integration mode to use for this database. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"concurrency_mode":{"type":"string","description":"The concurrency control mode to use for this database. Possible values: [\"OPTIMISTIC\", \"PESSIMISTIC\", \"OPTIMISTIC_WITH_ENTITY_GROUPS\"]","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Output only. The timestamp at which this database was created.","description_kind":"plain","computed":true},"delete_protection_state":{"type":"string","description":"State of delete protection for the database.\nWhen delete protection is enabled, this database cannot be deleted.\nThe default value is 'DELETE_PROTECTION_STATE_UNSPECIFIED', which is currently equivalent to 'DELETE_PROTECTION_DISABLED'.\n**Note:** Additionally, to delete this database using 'terraform destroy', 'deletion_policy' must be set to 'DELETE'. Possible values: [\"DELETE_PROTECTION_STATE_UNSPECIFIED\", \"DELETE_PROTECTION_ENABLED\", \"DELETE_PROTECTION_DISABLED\"]","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"Deletion behavior for this database.\nIf the deletion policy is 'ABANDON', the database will be removed from Terraform state but not deleted from Google Cloud upon destruction.\nIf the deletion policy is 'DELETE', the database will both be removed from Terraform state and deleted from Google Cloud upon destruction.\nThe default value is 'ABANDON'.\nSee also 'delete_protection'.","description_kind":"plain","optional":true},"earliest_version_time":{"type":"string","description":"Output only. The earliest timestamp at which older versions of the data can be read from the database. See versionRetentionPeriod above; this field is populated with now - versionRetentionPeriod.\nThis value is continuously updated, and becomes stale the moment it is queried. If you are using this value to recover data, make sure to account for the time from the moment when the value is queried to the moment when you initiate the recovery.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Output only. This checksum is computed by the server based on the value of other fields,\nand may be sent on update and delete requests to ensure the client has an\nup-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_prefix":{"type":"string","description":"Output only. The keyPrefix for this database.\nThis keyPrefix is used, in combination with the project id (\"~\") to construct the application id\nthat is returned from the Cloud Datastore APIs in Google App Engine first generation runtimes.\nThis value may be empty in which case the appid to use for URL-encoded keys is the project_id (eg: foo instead of v~foo).","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The location of the database. Available locations are listed at\nhttps://cloud.google.com/firestore/docs/locations.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID to use for the database, which will become the final\ncomponent of the database's resource name. This value should be 4-63\ncharacters. Valid characters are /[a-z][0-9]-/ with first character\na letter and the last a letter or a number. Must not be\nUUID-like /[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}/.\n\"(default)\" database id is also valid.","description_kind":"plain","required":true},"point_in_time_recovery_enablement":{"type":"string","description":"Whether to enable the PITR feature on this database.\nIf 'POINT_IN_TIME_RECOVERY_ENABLED' is selected, reads are supported on selected versions of the data from within the past 7 days.\nversionRetentionPeriod and earliestVersionTime can be used to determine the supported versions. These include reads against any timestamp within the past hour\nand reads against 1-minute snapshots beyond 1 hour and within 7 days.\nIf 'POINT_IN_TIME_RECOVERY_DISABLED' is selected, reads are supported on any version of the data from within the past 1 hour. Default value: \"POINT_IN_TIME_RECOVERY_DISABLED\" Possible values: [\"POINT_IN_TIME_RECOVERY_ENABLED\", \"POINT_IN_TIME_RECOVERY_DISABLED\"]","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the database.\nSee https://cloud.google.com/datastore/docs/firestore-or-datastore\nfor information about how to choose. Possible values: [\"FIRESTORE_NATIVE\", \"DATASTORE_MODE\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"Output only. The system-generated UUID4 for this Database.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp at which this database was most recently updated.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"Output only. The period during which past versions of data are retained in the database.\nAny read or query can specify a readTime within this window, and will read the state of the database at that time.\nIf the PITR feature is enabled, the retention period is 7 days. Otherwise, the retention period is 1 hour.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_document":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The collection ID, relative to database. For example: chatrooms or chatrooms/my-document/private-messages.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 format.","description_kind":"plain","computed":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"document_id":{"type":"string","description":"The client-assigned document ID to use for this document during creation.","description_kind":"plain","required":true},"fields":{"type":"string","description":"The document's [fields](https://cloud.google.com/firestore/docs/reference/rest/v1/projects.databases.documents) formated as a json string.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this document. Format:\n'projects/{{project_id}}/databases/{{database_id}}/documents/{{path}}/{{document_id}}'","description_kind":"plain","computed":true},"path":{"type":"string","description":"A relative path to the collection this document exists within","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Last update timestamp in RFC3339 format.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_firestore_field":{"version":0,"block":{"attributes":{"collection":{"type":"string","description":"The id of the collection group to configure.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"field":{"type":"string","description":"The id of the field to configure.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of this field. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/fields/{{field}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"index_config":{"nesting_mode":"list","block":{"block_types":{"indexes":{"nesting_mode":"set","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order' and 'arrayConfig' can\nbe specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=, !=.\nOnly one of 'order' and 'arrayConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Collection scoped queries require you specify\nthe collection at query time. Collection group scope allows queries across all\ncollections with the same id. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\"]","description_kind":"plain","optional":true}},"description":"The indexes to configure on the field. Order or array contains must be specified.","description_kind":"plain"}}},"description":"The single field index configuration for this field.\nCreating an index configuration for this field will override any inherited configuration with the\nindexes specified. Configuring the index configuration with an empty block disables all indexes on\nthe field.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"ttl_config":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"The state of TTL (time-to-live) configuration for documents that have this Field set.","description_kind":"plain","computed":true}},"description":"The TTL configuration for this Field. If set to an empty block (i.e. 'ttl_config {}'), a TTL policy is configured based on the field. If unset, a TTL policy is not configured (or will be disabled upon updating the resource).","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_firestore_index":{"version":0,"block":{"attributes":{"api_scope":{"type":"string","description":"The API scope at which a query is run. Default value: \"ANY_API\" Possible values: [\"ANY_API\", \"DATASTORE_MODE_API\"]","description_kind":"plain","optional":true},"collection":{"type":"string","description":"The collection being indexed.","description_kind":"plain","required":true},"database":{"type":"string","description":"The Firestore database id. Defaults to '\"(default)\"'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A server defined name for this index. Format:\n'projects/{{project}}/databases/{{database}}/collectionGroups/{{collection}}/indexes/{{server_generated_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"query_scope":{"type":"string","description":"The scope at which a query is run. Default value: \"COLLECTION\" Possible values: [\"COLLECTION\", \"COLLECTION_GROUP\", \"COLLECTION_RECURSIVE\"]","description_kind":"plain","optional":true}},"block_types":{"fields":{"nesting_mode":"list","block":{"attributes":{"array_config":{"type":"string","description":"Indicates that this field supports operations on arrayValues. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Possible values: [\"CONTAINS\"]","description_kind":"plain","optional":true},"field_path":{"type":"string","description":"Name of the field.","description_kind":"plain","optional":true},"order":{"type":"string","description":"Indicates that this field supports ordering by the specified order or comparing using =, \u003c, \u003c=, \u003e, \u003e=.\nOnly one of 'order', 'arrayConfig', and 'vectorConfig' can be specified. Possible values: [\"ASCENDING\", \"DESCENDING\"]","description_kind":"plain","optional":true}},"block_types":{"vector_config":{"nesting_mode":"list","block":{"attributes":{"dimension":{"type":"number","description":"The resulting index will only include vectors of this dimension, and can be used for vector search\nwith the same dimension.","description_kind":"plain","optional":true}},"block_types":{"flat":{"nesting_mode":"list","block":{"description":"Indicates the vector index is a flat index.","description_kind":"plain"},"max_items":1}},"description":"Indicates that this field supports vector search operations. Only one of 'order', 'arrayConfig', and\n'vectorConfig' can be specified. Vector Fields should come after the field path '__name__'.","description_kind":"plain"},"max_items":1}},"description":"The fields supported by this index. The last non-stored field entry is\nalways for the field path '__name__'. If, on creation, '__name__' was not\nspecified as the last field, it will be added automatically with the same\ndirection as that of the last field defined. If the final field in a\ncomposite index is not directional, the '__name__' will be ordered\n'\"ASCENDING\"' (unless explicitly specified otherwise).","description_kind":"plain"},"min_items":2},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.","description_kind":"plain","required":true},"folder_id":{"type":"string","description":"The folder id from the name \"folders/{folder_id}\"","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Folder. Its format is folders/{folder_id}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the parent Folder or Organization. Must be of the form folders/{folder_id} or organizations/{org_id}.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Folder has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Folder.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"ID of the folder of the access approval settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Folder (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"folders/{folder_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n * all\n * App Engine\n * BigQuery\n * Cloud Bigtable\n * Cloud Key Management Service\n * Compute Engine\n * Cloud Dataflow\n * Cloud Identity and Access Management\n * Cloud Pub/Sub\n * Cloud Storage\n * Persistent Disk\n\nNote: These values are supported as input, but considered a legacy format:\n * all\n * appengine.googleapis.com\n * bigquery.googleapis.com\n * bigtable.googleapis.com\n * cloudkms.googleapis.com\n * compute.googleapis.com\n * dataflow.googleapis.com\n * iam.googleapis.com\n * pubsub.googleapis.com\n * storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_folder_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_folder_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description":"The source cluster from which Backups will be created via this BackupPlan.","description_kind":"plain","required":true},"deactivated":{"type":"bool","description":"This flag indicates whether this BackupPlan has been deactivated.\nSetting this field to True locks the BackupPlan such that no further updates will be allowed\n(except deletes), including the deactivated field itself. It also prevents any new Backups\nfrom being created via this BackupPlan (including scheduled Backups).","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"User specified descriptive string for this BackupPlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"etag is used for optimistic concurrency control as a way to help prevent simultaneous\nupdates of a backup plan from overwriting each other. It is strongly suggested that\nsystems make use of the 'etag' in the read-modify-write cycle to perform BackupPlan updates\nin order to avoid race conditions: An etag is returned in the response to backupPlans.get,\nand systems are expected to put that etag in the request to backupPlans.patch or\nbackupPlans.delete to ensure that their change will be applied to the same version of the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Backup Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protected_pod_count":{"type":"number","description":"The number of Kubernetes Pods backed up in the last successful Backup created via this BackupPlan.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State of the BackupPlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why BackupPlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"backup_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, include all namespaced resources.","description_kind":"plain","optional":true},"include_secrets":{"type":"bool","description":"This flag specifies whether Kubernetes Secret resources should be included\nwhen they fall into the scope of Backups.","description_kind":"plain","optional":true,"computed":true},"include_volume_data":{"type":"bool","description":"This flag specifies whether volume data should be backed up when PVCs are\nincluded in the scope of a Backup.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_key":{"nesting_mode":"list","block":{"attributes":{"gcp_kms_encryption_key":{"type":"string","description":"Google Cloud KMS encryption key. Format: projects/*/locations/*/keyRings/*/cryptoKeys/*","description_kind":"plain","required":true}},"description":"This defines a customer managed encryption key that will be used to encrypt the \"config\"\nportion (the Kubernetes resources) of Backups created via this plan.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of namespaced Kubernetes Resources.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"If set, include just the resources in the listed namespaces.","description_kind":"plain"},"max_items":1}},"description":"Defines the configuration of Backups created via this BackupPlan.","description_kind":"plain"},"max_items":1},"backup_schedule":{"nesting_mode":"list","block":{"attributes":{"cron_schedule":{"type":"string","description":"A standard cron string that defines a repeating schedule for\ncreating Backups via this BackupPlan.\nThis is mutually exclusive with the rpoConfig field since at most one\nschedule can be defined for a BackupPlan.\nIf this is defined, then backupRetainDays must also be defined.","description_kind":"plain","optional":true},"paused":{"type":"bool","description":"This flag denotes whether automatic Backup creation is paused for this BackupPlan.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"rpo_config":{"nesting_mode":"list","block":{"attributes":{"target_rpo_minutes":{"type":"number","description":"Defines the target RPO for the BackupPlan in minutes, which means the target\nmaximum data loss in time that is acceptable for this BackupPlan. This must be\nat least 60, i.e., 1 hour, and at most 86400, i.e., 60 days.","description_kind":"plain","required":true}},"block_types":{"exclusion_windows":{"nesting_mode":"list","block":{"attributes":{"daily":{"type":"bool","description":"The exclusion window occurs every day if set to \"True\".\nSpecifying this field to \"False\" is an error.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Specifies duration of the window in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\". Restrictions for duration based on the\nrecurrence type to allow some time for backup to happen:\n - single_occurrence_date: no restriction\n - daily window: duration \u003c 24 hours\n - weekly window:\n - days of week includes all seven days of a week: duration \u003c 24 hours\n - all other weekly window: duration \u003c 168 hours (i.e., 24 * 7 hours)","description_kind":"plain","required":true}},"block_types":{"days_of_week":{"nesting_mode":"list","block":{"attributes":{"days_of_week":{"type":["list","string"],"description":"A list of days of week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","optional":true}},"description":"The exclusion window occurs on these days of each week in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"single_occurrence_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date.","description_kind":"plain","optional":true}},"description":"No recurrence. The exclusion window occurs only once and on this date in UTC.\nOnly one of singleOccurrenceDate, daily and daysOfWeek may be set.","description_kind":"plain"},"max_items":1},"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time.","description_kind":"plain","optional":true}},"description":"Specifies the start time of the window using time of the day in UTC.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"User specified time windows during which backup can NOT happen for this BackupPlan.\nBackups should start and finish outside of any given exclusion window. Note: backup\njobs will be scheduled to start and finish outside the duration of the window as\nmuch as possible, but running jobs will not get canceled when it runs into the window.\nAll the time and date values in exclusionWindows entry in the API are in UTC. We\nonly allow \u003c=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no\nrestriction on number of single occurrence windows.","description_kind":"plain"}}},"description":"Defines the RPO schedule configuration for this BackupPlan. This is mutually\nexclusive with the cronSchedule field since at most one schedule can be defined\nfor a BackupPLan. If this is defined, then backupRetainDays must also be defined.","description_kind":"plain"},"max_items":1}},"description":"Defines a schedule for automatic Backup creation via this BackupPlan.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"backup_delete_lock_days":{"type":"number","description":"Minimum age for a Backup created via this BackupPlan (in days).\nMust be an integer value between 0-90 (inclusive).\nA Backup created under this BackupPlan will not be deletable\nuntil it reaches Backup's (create time + backup_delete_lock_days).\nUpdating this field of a BackupPlan does not affect existing Backups.\nBackups created after a successful update will inherit this new value.","description_kind":"plain","optional":true,"computed":true},"backup_retain_days":{"type":"number","description":"The default maximum age of a Backup created via this BackupPlan.\nThis field MUST be an integer value \u003e= 0 and \u003c= 365. If specified,\na Backup created under this BackupPlan will be automatically deleted\nafter its age reaches (createTime + backupRetainDays).\nIf not specified, Backups created under this BackupPlan will NOT be\nsubject to automatic deletion. Updating this field does NOT affect\nexisting Backups under it. Backups created AFTER a successful update\nwill automatically pick up the new value.\nNOTE: backupRetainDays must be \u003e= backupDeleteLockDays.\nIf cronSchedule is defined, then this must be \u003c= 360 * the creation interval.\nIf rpo_config is defined, then this must be\n\u003c= 360 * targetRpoMinutes/(1440minutes/day)","description_kind":"plain","optional":true,"computed":true},"locked":{"type":"bool","description":"This flag denotes whether the retention policy of this BackupPlan is locked.\nIf set to True, no further update is allowed on this policy, including\nthe locked field itself.","description_kind":"plain","optional":true,"computed":true}},"description":"RetentionPolicy governs lifecycle of Backups created under this plan.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan":{"version":0,"block":{"attributes":{"backup_plan":{"type":"string","description":"A reference to the BackupPlan from which Backups may be used\nas the source for Restores created via this RestorePlan.","description_kind":"plain","required":true},"cluster":{"type":"string","description":"The source cluster from which Restores will be created via this RestorePlan.","description_kind":"plain","required":true},"description":{"type":"string","description":"User specified descriptive string for this RestorePlan.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Description: A set of custom labels supplied by the user.\nA list of key-\u003evalue pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The region of the Restore Plan.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full name of the BackupPlan Resource.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The State of the RestorePlan.","description_kind":"plain","computed":true},"state_reason":{"type":"string","description":"Detailed description of why RestorePlan is in its current state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server generated, unique identifier of UUID format.","description_kind":"plain","computed":true}},"block_types":{"restore_config":{"nesting_mode":"list","block":{"attributes":{"all_namespaces":{"type":"bool","description":"If True, restore all namespaced resources in the Backup.\nSetting this field to False will result in an error.","description_kind":"plain","optional":true},"cluster_resource_conflict_policy":{"type":"string","description":"Defines the behavior for handling the situation where cluster-scoped resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'CLUSTER_RESOURCE_CONFLICT_POLICY_UNSPECIFIED'\nif 'clusterResourceRestoreScope' is anyting other than 'noGroupKinds'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#clusterresourceconflictpolicy\nfor more information on each policy option. Possible values: [\"USE_EXISTING_VERSION\", \"USE_BACKUP_VERSION\"]","description_kind":"plain","optional":true},"namespaced_resource_restore_mode":{"type":"string","description":"Defines the behavior for handling the situation where sets of namespaced resources\nbeing restored already exist in the target cluster.\nThis MUST be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#namespacedresourcerestoremode\nfor more information on each mode. Possible values: [\"DELETE_AND_RESTORE\", \"FAIL_ON_CONFLICT\"]","description_kind":"plain","optional":true},"no_namespaces":{"type":"bool","description":"Do not restore any namespaced resources if set to \"True\".\nSpecifying this field to \"False\" is not allowed.","description_kind":"plain","optional":true},"volume_data_restore_policy":{"type":"string","description":"Specifies the mechanism to be used to restore volume data.\nThis should be set to a value other than 'NAMESPACED_RESOURCE_RESTORE_MODE_UNSPECIFIED'\nif the 'namespacedResourceRestoreScope' is anything other than 'noNamespaces'.\nIf not specified, it will be treated as 'NO_VOLUME_DATA_RESTORATION'.\nSee https://cloud.google.com/kubernetes-engine/docs/add-on/backup-for-gke/reference/rest/v1/RestoreConfig#VolumeDataRestorePolicy\nfor more information on each policy option. Possible values: [\"RESTORE_VOLUME_DATA_FROM_BACKUP\", \"REUSE_VOLUME_HANDLE_FROM_BACKUP\", \"NO_VOLUME_DATA_RESTORATION\"]","description_kind":"plain","optional":true}},"block_types":{"cluster_resource_restore_scope":{"nesting_mode":"list","block":{"attributes":{"all_group_kinds":{"type":"bool","description":"If True, all valid cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true},"no_group_kinds":{"type":"bool","description":"If True, no cluster-scoped resources will be restored.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain","optional":true}},"block_types":{"excluded_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to NOT restore from the backup.\nIf specified, all valid cluster-scoped resources will be restored except\nfor those specified in the list.\nMutually exclusive to any other field in 'clusterResourceRestoreScope'.","description_kind":"plain"}},"selected_group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"A list of cluster-scoped resource group kinds to restore from the backup.\nIf specified, only the selected resources will be restored.\nMutually exclusive to any other field in the 'clusterResourceRestoreScope'.","description_kind":"plain"}}},"description":"Identifies the cluster-scoped resources to restore from the Backup.","description_kind":"plain"},"max_items":1},"excluded_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces excluded from restoration.\nAll namespaces except those in this list will be restored.","description_kind":"plain"},"max_items":1},"selected_applications":{"nesting_mode":"list","block":{"block_types":{"namespaced_names":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of a Kubernetes Resource.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace of a Kubernetes Resource.","description_kind":"plain","required":true}},"description":"A list of namespaced Kubernetes resources.","description_kind":"plain"},"min_items":1}},"description":"A list of selected ProtectedApplications to restore.\nThe listed ProtectedApplications and all the resources\nto which they refer will be restored.","description_kind":"plain"},"max_items":1},"selected_namespaces":{"nesting_mode":"list","block":{"attributes":{"namespaces":{"type":["list","string"],"description":"A list of Kubernetes Namespaces.","description_kind":"plain","required":true}},"description":"A list of selected namespaces to restore from the Backup.\nThe listed Namespaces and all resources contained in them will be restored.","description_kind":"plain"},"max_items":1},"transformation_rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description is a user specified string description\nof the transformation rule.","description_kind":"plain","optional":true}},"block_types":{"field_actions":{"nesting_mode":"list","block":{"attributes":{"from_path":{"type":"string","description":"A string containing a JSON Pointer value that references the\nlocation in the target document to move the value from.","description_kind":"plain","optional":true},"op":{"type":"string","description":"Specifies the operation to perform. Possible values: [\"REMOVE\", \"MOVE\", \"COPY\", \"ADD\", \"TEST\", \"REPLACE\"]","description_kind":"plain","required":true},"path":{"type":"string","description":"A string containing a JSON-Pointer value that references a\nlocation within the target document where the operation is performed.","description_kind":"plain","optional":true},"value":{"type":"string","description":"A string that specifies the desired value in string format\nto use for transformation.","description_kind":"plain","optional":true}},"description":"A list of transformation rule actions to take against candidate\nresources. Actions are executed in order defined - this order\nmatters, as they could potentially interfere with each other and\nthe first operation could affect the outcome of the second operation.","description_kind":"plain"},"min_items":1},"resource_filter":{"nesting_mode":"list","block":{"attributes":{"json_path":{"type":"string","description":"This is a JSONPath expression that matches specific fields of\ncandidate resources and it operates as a filtering parameter\n(resources that are not matched with this expression will not\nbe candidates for transformation).","description_kind":"plain","optional":true},"namespaces":{"type":["list","string"],"description":"(Filtering parameter) Any resource subject to transformation must\nbe contained within one of the listed Kubernetes Namespace in the\nBackup. If this field is not provided, no namespace filtering will\nbe performed (all resources in all Namespaces, including all\ncluster-scoped resources, will be candidates for transformation).\nTo mix cluster-scoped and namespaced resources in the same rule,\nuse an empty string (\"\") as one of the target namespaces.","description_kind":"plain","optional":true}},"block_types":{"group_kinds":{"nesting_mode":"list","block":{"attributes":{"resource_group":{"type":"string","description":"API Group string of a Kubernetes resource, e.g.\n\"apiextensions.k8s.io\", \"storage.k8s.io\", etc.\nUse empty string for core group.","description_kind":"plain","optional":true},"resource_kind":{"type":"string","description":"Kind of a Kubernetes resource, e.g.\n\"CustomResourceDefinition\", \"StorageClass\", etc.","description_kind":"plain","optional":true}},"description":"(Filtering parameter) Any resource subject to transformation must\nbelong to one of the listed \"types\". If this field is not provided,\nno type filtering will be performed\n(all resources of all types matching previous filtering parameters\nwill be candidates for transformation).","description_kind":"plain"}}},"description":"This field is used to specify a set of fields that should be used to\ndetermine which resources in backup should be acted upon by the\nsupplied transformation rule actions, and this will ensure that only\nspecific resources are affected by transformation rule actions.","description_kind":"plain"},"max_items":1}},"description":"A list of transformation rules to be applied against Kubernetes\nresources as they are selected for restoration from a Backup.\nRules are executed in order defined - this order matters,\nas changes made by a rule may impact the filtering logic of subsequent\nrules. An empty list means no transformation will occur.","description_kind":"plain"}}},"description":"Defines the configuration of Restores created via this RestorePlan.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. When the Feature resource was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Output only. When the Feature resource was deleted.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"GCP labels for this Feature.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The full, unique name of this Feature resource","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"resource_state":{"type":["list",["object",{"has_resources":"bool","state":"string"}]],"description":"State of the Feature resource itself.","description_kind":"plain","computed":true},"state":{"type":["list",["object",{"state":["list",["object",{"code":"string","description":"string","update_time":"string"}]]}]],"description":"Output only. The Hub-wide Feature state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. When the Feature resource was last updated.","description_kind":"plain","computed":true}},"block_types":{"fleet_default_member_config":{"nesting_mode":"list","block":{"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","optional":true}},"block_types":{"config_sync":{"nesting_mode":"list","block":{"attributes":{"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in hierarchical or unstructured mode","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS Proxy to be used when communicating with the Git repo","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true}},"description":"Git repo configuration for the cluster","description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The Google Cloud Service Account Email used for auth when secretType is gcpServiceAccount","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo","description_kind":"plain","required":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15","description_kind":"plain","optional":true},"version":{"type":"string","description":"Version of ACM installed","description_kind":"plain","deprecated":true,"optional":true}},"description":"OCI repo configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"ConfigSync configuration for the cluster","description_kind":"plain"},"max_items":1}},"description":"Config Management spec","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"management":{"type":"string","description":"Whether to automatically manage Service Mesh Possible values: [\"MANAGEMENT_UNSPECIFIED\", \"MANAGEMENT_AUTOMATIC\", \"MANAGEMENT_MANUAL\"]","description_kind":"plain","required":true}},"description":"Service Mesh spec","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Configures the version of Policy Controller","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation Possible values: [\"INSTALL_SPEC_UNSPECIFIED\", \"INSTALL_SPEC_NOT_INSTALLED\", \"INSTALL_SPEC_ENABLED\", \"INSTALL_SPEC_SUSPENDED\", \"INSTALL_SPEC_DETACHED\"]","description_kind":"plain","required":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component":{"type":"string","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: [\"AFFINITY_UNSPECIFIED\", \"NO_AFFINITY\", \"ANTI_AFFINITY\"]","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_toleration":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":"Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: [\"MONITORING_BACKEND_UNSPECIFIED\", \"PROMETHEUS\", \"CLOUD_MONITORING\"]","description_kind":"plain","optional":true,"computed":true}},"description":"Monitoring specifies the configuration of monitoring Policy Controller.","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle":{"type":"string","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"Configures which bundles to install and their corresponding install specs.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: [\"INSTALATION_UNSPECIFIED\", \"NOT_INSTALLED\", \"ALL\"]","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Configuration of Policy Controller","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller spec","description_kind":"plain"},"max_items":1}},"description":"Optional. Fleet Default Membership Configuration.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"block_types":{"clusterupgrade":{"nesting_mode":"list","block":{"attributes":{"upstream_fleets":{"type":["list","string"],"description":"Specified if other fleet should be considered as a source of upgrades. Currently, at most one upstream fleet is allowed. The fleet name should be either fleet project number or id.","description_kind":"plain","required":true}},"block_types":{"gke_upgrade_overrides":{"nesting_mode":"list","block":{"block_types":{"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"min_items":1,"max_items":1},"upgrade":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the upgrade, e.g., \"k8s_control_plane\". It should be a valid upgrade name. It must not exceet 99 characters.","description_kind":"plain","required":true},"version":{"type":"string","description":"Version of the upgrade, e.g., \"1.22.1-gke.100\". It should be a valid version. It must not exceet 99 characters.","description_kind":"plain","required":true}},"description":"Which upgrade to override.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configuration overrides for individual upgrades.","description_kind":"plain"}},"post_conditions":{"nesting_mode":"list","block":{"attributes":{"soaking":{"type":"string","description":"Amount of time to \"soak\" after a rollout has been finished before marking it COMPLETE. Cannot exceed 30 days.","description_kind":"plain","required":true}},"description":"Post conditions to override for the specified upgrade.","description_kind":"plain"},"max_items":1}},"description":"Clusterupgrade feature spec.","description_kind":"plain"},"max_items":1},"fleetobservability":{"nesting_mode":"list","block":{"block_types":{"logging_config":{"nesting_mode":"list","block":{"block_types":{"default_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the default routing config to logs not specified in other configs.","description_kind":"plain"},"max_items":1},"fleet_scope_logs_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Specified if fleet logging feature is enabled. Possible values: [\"MODE_UNSPECIFIED\", \"COPY\", \"MOVE\"]","description_kind":"plain","optional":true}},"description":"Specified if applying the routing config to all logs for all fleet scopes.","description_kind":"plain"},"max_items":1}},"description":"Specified if fleet logging feature is enabled for the entire fleet. If UNSPECIFIED, fleet logging feature is disabled for the entire fleet.","description_kind":"plain"},"max_items":1}},"description":"Fleet Observability feature spec.","description_kind":"plain"},"max_items":1},"multiclusteringress":{"nesting_mode":"list","block":{"attributes":{"config_membership":{"type":"string","description":"Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: 'projects/foo-proj/locations/global/memberships/bar'","description_kind":"plain","required":true}},"description":"Multicluster Ingress-specific spec.","description_kind":"plain"},"max_items":1}},"description":"Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_feature_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_membership":{"version":0,"block":{"attributes":{"feature":{"type":"string","description":"The name of the feature","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the feature","description_kind":"plain","required":true},"membership":{"type":"string","description":"The name of the membership","description_kind":"plain","required":true},"membership_location":{"type":"string","description":"The location of the membership","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project of the feature","description_kind":"plain","optional":true,"computed":true}},"block_types":{"configmanagement":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of ACM to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"binauthz":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether binauthz is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"**DEPRECATED** Binauthz configuration for the cluster. This field will be ignored and should not be set.","description_kind":"plain"},"max_items":1},"config_sync":{"nesting_mode":"list","block":{"attributes":{"metrics_gcp_service_account_email":{"type":"string","description":"The Email of the Google Cloud Service Account (GSA) used for exporting Config Sync metrics to Cloud Monitoring. The GSA should have the Monitoring Metric Writer(roles/monitoring.metricWriter) IAM role. The Kubernetes ServiceAccount `default` in the namespace `config-management-monitoring` should be bound to the GSA.","description_kind":"plain","optional":true},"prevent_drift":{"type":"bool","description":"Set to true to enable the Config Sync admission webhook to prevent drifts. If set to `false`, disables the Config Sync admission webhook and does not prevent drifts.","description_kind":"plain","optional":true,"computed":true},"source_format":{"type":"string","description":"Specifies whether the Config Sync Repo is in \"hierarchical\" or \"unstructured\" mode.","description_kind":"plain","optional":true}},"block_types":{"git":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secretType is gcpServiceAccount.","description_kind":"plain","optional":true},"https_proxy":{"type":"string","description":"URL for the HTTPS proxy to be used when communicating with the Git repo.","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the Git repo. Must be one of ssh, cookiefile, gcenode, token, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_branch":{"type":"string","description":"The branch of the repository to sync from. Default: master.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The URL of the Git repository to use as the source of truth.","description_kind":"plain","optional":true},"sync_rev":{"type":"string","description":"Git revision (tag or hash) to check out. Default HEAD.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"oci":{"nesting_mode":"list","block":{"attributes":{"gcp_service_account_email":{"type":"string","description":"The GCP Service Account Email used for auth when secret_type is gcpserviceaccount. ","description_kind":"plain","optional":true},"policy_dir":{"type":"string","description":"The absolute path of the directory that contains the local resources. Default: the root directory of the image.","description_kind":"plain","optional":true},"secret_type":{"type":"string","description":"Type of secret configured for access to the OCI Image. Must be one of gcenode, gcpserviceaccount or none. The validation of this is case-sensitive.","description_kind":"plain","optional":true},"sync_repo":{"type":"string","description":"The OCI image repository URL for the package to sync from. e.g. LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY_NAME/PACKAGE_NAME.","description_kind":"plain","optional":true},"sync_wait_secs":{"type":"string","description":"Period in seconds(int64 format) between consecutive syncs. Default: 15.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"Config Sync configuration for the cluster.","description_kind":"plain"},"max_items":1},"hierarchy_controller":{"nesting_mode":"list","block":{"attributes":{"enable_hierarchical_resource_quota":{"type":"bool","description":"Whether hierarchical resource quota is enabled in this cluster.","description_kind":"plain","optional":true},"enable_pod_tree_labels":{"type":"bool","description":"Whether pod tree labels are enabled in this cluster.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether Hierarchy Controller is enabled in this cluster.","description_kind":"plain","optional":true}},"description":"Hierarchy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1},"policy_controller":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"string","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enable or disable mutation in policy controller. If true, mutation CRDs, webhook and controller deployment will be deployed to the cluster.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true},"template_library_installed":{"type":"bool","description":"Installs the default template library along with Policy Controller.","description_kind":"plain","optional":true}},"block_types":{"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"max_items":1}},"description":"Config Management-specific spec.","description_kind":"plain"},"max_items":1},"mesh":{"nesting_mode":"list","block":{"attributes":{"control_plane":{"type":"string","description":"**DEPRECATED** Whether to automatically manage Service Mesh control planes. Possible values: CONTROL_PLANE_MANAGEMENT_UNSPECIFIED, AUTOMATIC, MANUAL","description_kind":"plain","deprecated":true,"optional":true},"management":{"type":"string","description":"Whether to automatically manage Service Mesh. Possible values: MANAGEMENT_UNSPECIFIED, MANAGEMENT_AUTOMATIC, MANAGEMENT_MANUAL","description_kind":"plain","optional":true}},"description":"Manage Mesh Features","description_kind":"plain"},"max_items":1},"policycontroller":{"nesting_mode":"list","block":{"attributes":{"version":{"type":"string","description":"Optional. Version of Policy Controller to install. Defaults to the latest version.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"policy_controller_hub_config":{"nesting_mode":"list","block":{"attributes":{"audit_interval_seconds":{"type":"number","description":"Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.","description_kind":"plain","optional":true},"constraint_violation_limit":{"type":"number","description":"The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.","description_kind":"plain","optional":true},"exemptable_namespaces":{"type":["list","string"],"description":"The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.","description_kind":"plain","optional":true},"install_spec":{"type":"string","description":"Configures the mode of the Policy Controller installation. Possible values: INSTALL_SPEC_UNSPECIFIED, INSTALL_SPEC_NOT_INSTALLED, INSTALL_SPEC_ENABLED, INSTALL_SPEC_SUSPENDED, INSTALL_SPEC_DETACHED","description_kind":"plain","optional":true},"log_denies_enabled":{"type":"bool","description":"Logs all denies and dry run failures.","description_kind":"plain","optional":true},"mutation_enabled":{"type":"bool","description":"Enables the ability to mutate resources using Policy Controller.","description_kind":"plain","optional":true},"referential_rules_enabled":{"type":"bool","description":"Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.","description_kind":"plain","optional":true}},"block_types":{"deployment_configs":{"nesting_mode":"set","block":{"attributes":{"component_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"pod_affinity":{"type":"string","description":"Pod affinity configuration. Possible values: AFFINITY_UNSPECIFIED, NO_AFFINITY, ANTI_AFFINITY","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Pod replica count.","description_kind":"plain","optional":true}},"block_types":{"container_resources":{"nesting_mode":"list","block":{"block_types":{"limits":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Limits describes the maximum amount of compute resources allowed for use by the running container.","description_kind":"plain"},"max_items":1},"requests":{"nesting_mode":"list","block":{"attributes":{"cpu":{"type":"string","description":"CPU requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true},"memory":{"type":"string","description":"Memory requirement expressed in Kubernetes resource units.","description_kind":"plain","optional":true}},"description":"Requests describes the amount of compute resources reserved for the container by the kube-scheduler.","description_kind":"plain"},"max_items":1}},"description":"Container resource requirements.","description_kind":"plain"},"max_items":1},"pod_tolerations":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Matches a taint effect.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Matches a taint key (not necessarily unique).","description_kind":"plain","optional":true},"operator":{"type":"string","description":"Matches a taint operator.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Matches a taint value.","description_kind":"plain","optional":true}},"description":"Pod tolerations of node taints.","description_kind":"plain"}}},"description":"Map of deployment configs to deployments (\"admission\", \"audit\", \"mutation\").","description_kind":"plain"}},"monitoring":{"nesting_mode":"list","block":{"attributes":{"backends":{"type":["list","string"],"description":" Specifies the list of backends Policy Controller will export to. Specifying an empty value `[]` disables metrics export.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: [\"cloudmonitoring\", \"prometheus\"]. Default: [\"cloudmonitoring\", \"prometheus\"]","description_kind":"plain"},"max_items":1},"policy_content":{"nesting_mode":"list","block":{"block_types":{"bundles":{"nesting_mode":"set","block":{"attributes":{"bundle_name":{"type":"string","description":"The name for the key in the map for which this object is mapped to in the API","description_kind":"plain","required":true},"exempted_namespaces":{"type":["list","string"],"description":"The set of namespaces to be exempted from the bundle.","description_kind":"plain","optional":true}},"description":"map of bundle name to BundleInstallSpec. The bundle name maps to the `bundleName` key in the `policycontroller.gke.io/constraintData` annotation on a constraint.","description_kind":"plain"}},"template_library":{"nesting_mode":"list","block":{"attributes":{"installation":{"type":"string","description":"Configures the manner in which the template library is installed on the cluster. Possible values: INSTALLATION_UNSPECIFIED, NOT_INSTALLED, ALL","description_kind":"plain","optional":true}},"description":"Configures the installation of the Template Library.","description_kind":"plain"},"max_items":1}},"description":"Specifies the desired policy content on the cluster.","description_kind":"plain"},"max_items":1}},"description":"Policy Controller configuration for the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Policy Controller-specific spec.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_fleet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time the fleet was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the fleet was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-assigned display name of the Fleet. When present, it must be between 4 to 30 characters.\nAllowed characters are: lowercase and uppercase letters, numbers, hyphen, single-quote, double-quote, space, and exclamation point.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"The state of the fleet resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource. This is unique across all\nFleet resources. If a Fleet resource is deleted and another\nresource with the same name is created, it gets a different uid.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the fleet was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"default_cluster_config":{"nesting_mode":"list","block":{"block_types":{"binary_authorization_config":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. Possible values: [\"DISABLED\", \"POLICY_BINDINGS\"]","description_kind":"plain","optional":true}},"block_types":{"policy_bindings":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The relative resource name of the binauthz platform policy to audit. GKE\nplatform policies have the following format:\n'projects/{project_number}/platforms/gke/policies/{policy_id}'.","description_kind":"plain","optional":true}},"description":"Binauthz policies that apply to this cluster.","description_kind":"plain"}}},"description":"Enable/Disable binary authorization features for the cluster.","description_kind":"plain"},"max_items":1},"security_posture_config":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Sets which mode to use for Security Posture features. Possible values: [\"DISABLED\", \"BASIC\"]","description_kind":"plain","optional":true},"vulnerability_mode":{"type":"string","description":"Sets which mode to use for vulnerability scanning. Possible values: [\"VULNERABILITY_DISABLED\", \"VULNERABILITY_BASIC\", \"VULNERABILITY_ENTERPRISE\"]","description_kind":"plain","optional":true}},"description":"Enable/Disable Security Posture features for the cluster.","description_kind":"plain"},"max_items":1}},"description":"The default cluster configurations to apply across the fleet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership":{"version":1,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this membership.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership.\nThe default value is 'global'.","description_kind":"plain","optional":true},"membership_id":{"type":"string","description":"The client-provided identifier of the membership.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique identifier of the membership.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"authority":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"A JSON Web Token (JWT) issuer URI. 'issuer' must start with 'https://' and // be a valid\nwith length \u003c2000 characters. For example: 'https://container.googleapis.com/v1/projects/my-project/locations/us-west1/clusters/my-cluster' (must be 'locations' rather than 'zones'). If the cluster is provisioned with Terraform, this is '\"https://container.googleapis.com/v1/${google_container_cluster.my-cluster.id}\"'.","description_kind":"plain","required":true}},"description":"Authority encodes how Google will recognize identities from this Membership.\nSee the workload identity documentation for more details:\nhttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity","description_kind":"plain"},"max_items":1},"endpoint":{"nesting_mode":"list","block":{"block_types":{"gke_cluster":{"nesting_mode":"list","block":{"attributes":{"resource_link":{"type":"string","description":"Self-link of the GCP resource for the GKE cluster.\nFor example: '//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster'.\nIt can be at the most 1000 characters in length. If the cluster is provisioned with Terraform,\nthis can be '\"//container.googleapis.com/${google_container_cluster.my-cluster.id}\"' or\n'google_container_cluster.my-cluster.id'.","description_kind":"plain","required":true}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1}},"description":"If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the MembershipBinding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the MembershipBinding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Membership binding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the membership","description_kind":"plain","required":true},"membership_binding_id":{"type":"string","description":"The client-provided identifier of the membership binding.","description_kind":"plain","required":true},"membership_id":{"type":"string","description":"Id of the membership","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the membershipbinding itself","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"A Workspace resource name in the format\n'projects/*/locations/*/scopes/*'.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the membership binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the MembershipBinding was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_membership_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_namespace":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Namespace was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Namespace.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the namespace","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Namespace-level cluster namespace labels. These labels are applied\nto the related namespace of the member clusters bound to the parent\nScope. Scope-level labels ('namespace_labels' in the Fleet Scope\nresource) take precedence over Namespace-level labels if they share\na key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"The name of the Scope instance.","description_kind":"plain","required":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_namespace_id":{"type":"string","description":"The client-provided identifier of the namespace.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the namespace resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Scope was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the Scope was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this Scope.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The unique identifier of the scope","description_kind":"plain","computed":true},"namespace_labels":{"type":["map","string"],"description":"Scope-level cluster namespace labels. For the member clusters bound\nto the Scope, these labels are applied to each namespace under the\nScope. Scope-level labels take precedence over Namespace-level\nlabels ('namespace_labels' in the Fleet Namespace resource) if they\nshare a key. Keys and values must be Kubernetes-conformant.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"The client-provided identifier of the scope.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the scope resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Scope was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gke_hub_scope_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_hub_scope_rbac_role_binding":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the RBAC Role Binding was created in UTC.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"Time the RBAC Role Binding was deleted in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\ngroup is the group, as seen by the kubernetes cluster.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels for this ScopeRBACRoleBinding.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the RBAC Role Binding","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description":"Id of the scope","description_kind":"plain","required":true},"scope_rbac_role_binding_id":{"type":"string","description":"The client-provided identifier of the RBAC Role Binding.","description_kind":"plain","required":true},"state":{"type":["list",["object",{"code":"string"}]],"description":"State of the RBAC Role Binding resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Google-generated UUID for this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the RBAC Role Binding was updated in UTC.","description_kind":"plain","computed":true},"user":{"type":"string","description":"Principal that is be authorized in the cluster (at least of one the oneof\nis required). Updating one will unset the other automatically.\nuser is the name of the user as seen by the kubernetes cluster, example\n\"alice\" or \"alice@domain.tld\"","description_kind":"plain","optional":true}},"block_types":{"role":{"nesting_mode":"list","block":{"attributes":{"predefined_role":{"type":"string","description":"PredefinedRole is an ENUM representation of the default Kubernetes Roles Possible values: [\"UNKNOWN\", \"ADMIN\", \"EDIT\", \"VIEW\"]","description_kind":"plain","optional":true}},"description":"Role to bind to the principal.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_admin_cluster":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Admin Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal Admin Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal Admin Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Admin Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal admin cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Admin Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal Admin Cluster.","description_kind":"plain","computed":true}},"block_types":{"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the Admin Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The Admin Cluster this Bare Metal User Cluster belongs to.\nThis is the full resource name of the Admin Cluster's hub membership.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_version":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this Bare Metal User Cluster.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address name of Bare Metal User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet related configuration.\nFleets are a Google Cloud concept for logically organizing clusters,\nletting you use and manage multi-cluster capabilities and apply\nconsistent policies across your systems.\nSee [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for\nmore details on Anthos multi-cluster capabilities using Fleets.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the Bare Metal Cluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal cluster name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed cluster status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain","computed":true}},"block_types":{"binary_authorization":{"nesting_mode":"list","block":{"attributes":{"evaluation_mode":{"type":"string","description":"Mode of operation for binauthz policy evaluation. If unspecified,\ndefaults to DISABLED. Possible values: [\"DISABLED\", \"PROJECT_SINGLETON_POLICY_ENFORCE\"]","description_kind":"plain","optional":true}},"description":"Binary Authorization related configurations.","description_kind":"plain"},"max_items":1},"cluster_operations":{"nesting_mode":"list","block":{"attributes":{"enable_application_logs":{"type":"bool","description":"Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics).","description_kind":"plain","optional":true}},"description":"Specifies the User Cluster's observability infrastructure.","description_kind":"plain"},"max_items":1},"control_plane":{"nesting_mode":"list","block":{"block_types":{"api_server_args":{"nesting_mode":"list","block":{"attributes":{"argument":{"type":"string","description":"The argument name as it appears on the API Server command line please make sure to remove the leading dashes.","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of the arg as it will be passed to the API Server command line.","description_kind":"plain","required":true}},"description":"Customizes the default API server args. Only a subset of\ncustomized flags are supported. Please refer to the API server\ndocumentation below to know the exact format:\nhttps://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/","description_kind":"plain"}},"control_plane_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running the control plane.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the control plane configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"bgp_lb_config":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) of the cluster.\nThis field can be updated after cluster creation.","description_kind":"plain","required":true}},"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"string","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"bgp_peer_configs":{"nesting_mode":"list","block":{"attributes":{"asn":{"type":"number","description":"BGP autonomous system number (ASN) for the network that contains the\nexternal peer device.","description_kind":"plain","required":true},"control_plane_nodes":{"type":["list","string"],"description":"The IP address of the control plane node that connects to the external\npeer.\nIf you don't specify any control plane nodes, all control plane nodes\ncan connect to the external peer. If you specify one or more IP addresses,\nonly the nodes specified participate in peering sessions.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the external peer device.","description_kind":"plain","required":true}},"description":"The list of BGP peers that the cluster will connect to.\nAt least one peer must be configured for each control plane node.\nControl plane nodes will connect to these peers to advertise the control\nplane VIP. The Services load balancer also uses these peers by default.\nThis field can be updated after cluster creation.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true}},"block_types":{"kubelet_config":{"nesting_mode":"list","block":{"attributes":{"registry_burst":{"type":"number","description":"The maximum size of bursty pulls, temporarily allows pulls to burst to this\nnumber, while still not exceeding registry_pull_qps.\nThe value must not be a negative number.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 10.","description_kind":"plain","optional":true},"registry_pull_qps":{"type":"number","description":"The limit of registry pulls per second.\nSetting this value to 0 means no limit.\nUpdating this field may impact scalability by changing the amount of\ntraffic produced by image pulls.\nDefaults to 5.","description_kind":"plain","optional":true},"serialize_image_pulls_disabled":{"type":"bool","description":"Prevents the Kubelet from pulling multiple images at a time.\nWe recommend *not* changing the default value on nodes that run docker\ndaemon with version \u003c 1.9 or an Another Union File System (Aufs) storage\nbackend. Issue https://github.com/kubernetes/kubernetes/issues/10959 has\nmore details.","description_kind":"plain","optional":true}},"description":"The modifiable kubelet configurations for the baremetal machines.","description_kind":"plain"},"max_items":1},"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the node pool running data plane load balancing. L2 connectivity\nis required among nodes in this pool. If missing, the control plane node\npool is used for data plane load balancing.","description_kind":"plain"},"max_items":1}},"description":"Configuration for BGP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether manual load balancing is enabled.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address must be either in the CIDR form (1.2.3.0/24) or range form (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for those special IP addresses.","description_kind":"plain","optional":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1},"load_balancer_node_pool_config":{"nesting_mode":"list","block":{"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"}},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"The generic configuration for a node pool running a load balancer.","description_kind":"plain"},"max_items":1}},"description":"Specifies the load balancer's node pool configuration.","description_kind":"plain"},"max_items":1}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"port_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_load_balancer_port":{"type":"number","description":"The port that control plane hosted load balancers will listen on.","description_kind":"plain","required":true}},"description":"Specifies the load balancer ports.","description_kind":"plain"},"min_items":1,"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this Bare Metal User Cluster.","description_kind":"plain","required":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this Bare Metal User Cluster.","description_kind":"plain","required":true}},"description":"Specified the Bare Metal Load Balancer Config","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the load balancer configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"maintenance_config":{"nesting_mode":"list","block":{"attributes":{"maintenance_address_cidr_blocks":{"type":["list","string"],"description":"All IPv4 address from these ranges will be placed into maintenance mode.\nNodes in maintenance mode will be cordoned and drained. When both of these\nare true, the \"baremetal.cluster.gke.io/maintenance\" annotation will be set\non the node resource.","description_kind":"plain","required":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enables the use of advanced Anthos networking features, such as Bundled\nLoad Balancing with BGP or the egress NAT gateway.\nSetting configuration for advanced networking features will automatically\nset this flag.","description_kind":"plain","optional":true}},"block_types":{"island_mode_cidr":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"multiple_network_interfaces_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable multiple network interfaces for your pods.\nWhen set network_config.advanced_networking is automatically\nset to true.","description_kind":"plain","optional":true}},"description":"Configuration for multiple network interfaces.","description_kind":"plain"},"max_items":1},"sr_iov_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to install the SR-IOV operator.","description_kind":"plain","optional":true}},"description":"Configuration for SR-IOV.","description_kind":"plain"},"max_items":1}},"description":"Network configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"node_access_config":{"nesting_mode":"list","block":{"attributes":{"login_user":{"type":"string","description":"LoginUser is the user name used to access node machines.\nIt defaults to \"root\" if not set.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the node access related settings for the bare metal user cluster.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"container_runtime":{"type":"string","description":"The available runtimes that can be used to run containers in a Bare Metal User Cluster. Possible values: [\"CONTAINER_RUNTIME_UNSPECIFIED\", \"DOCKER\", \"CONTAINERD\"]","description_kind":"plain","optional":true,"computed":true},"max_pods_per_node":{"type":"number","description":"The maximum number of pods a node can run. The size of the CIDR range\nassigned to the node will be derived from this parameter.","description_kind":"plain","optional":true,"computed":true}},"description":"Specifies the workload node configurations.","description_kind":"plain"},"max_items":1},"os_environment_config":{"nesting_mode":"list","block":{"attributes":{"package_repo_excluded":{"type":"bool","description":"Whether the package repo should not be included when initializing\nbare metal machines.","description_kind":"plain","required":true}},"description":"OS environment related configurations.","description_kind":"plain"},"max_items":1},"proxy":{"nesting_mode":"list","block":{"attributes":{"no_proxy":{"type":["list","string"],"description":"A list of IPs, hostnames, and domains that should skip the proxy.\nExamples: [\"127.0.0.1\", \"example.com\", \".corp\", \"localhost\"].","description_kind":"plain","optional":true},"uri":{"type":"string","description":"Specifies the address of your proxy server.\nExamples: http://domain\nWARNING: Do not provide credentials in the format\nhttp://(username:password@)domain these will be rejected by the server.","description_kind":"plain","required":true}},"description":"Specifies the cluster proxy configuration.","description_kind":"plain"},"max_items":1},"security_config":{"nesting_mode":"list","block":{"block_types":{"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster.","description_kind":"plain"},"min_items":1}},"description":"Configures user access to the Bare Metal User cluster.","description_kind":"plain"},"max_items":1}},"description":"Specifies the security related settings for the Bare Metal User Cluster.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"block_types":{"lvp_node_mounts_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Specifies the config for local PersistentVolumes backed\nby mounted node disks. These disks need to be formatted and mounted by the\nuser, which can be done before or after cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1},"lvp_share_config":{"nesting_mode":"list","block":{"attributes":{"shared_path_pv_count":{"type":"number","description":"The number of subdirectories to create under path.","description_kind":"plain","optional":true}},"block_types":{"lvp_config":{"nesting_mode":"list","block":{"attributes":{"path":{"type":"string","description":"The host machine path.","description_kind":"plain","required":true},"storage_class":{"type":"string","description":"The StorageClass name that PVs will be created with.","description_kind":"plain","required":true}},"description":"Defines the machine path and storage class for the LVP Share.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the config for local PersistentVolumes backed by\nsubdirectories in a shared filesystem. These subdirectores are\nautomatically created during cluster creation.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies the cluster storage configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"policy":{"type":"string","description":"Specifies which upgrade policy to use. Possible values: [\"SERIAL\", \"CONCURRENT\"]","description_kind":"plain","optional":true}},"description":"The cluster upgrade policy.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_bare_metal_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the Bare Metal Node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"bare_metal_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the Bare Metal Node Pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The bare metal node pool name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the Bare Metal User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"Specifies detailed node pool status.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the Bare Metal Node Pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"node_pool_config":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true,"computed":true},"operating_system":{"type":"string","description":"Specifies the nodes operating system (default: LINUX).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"node_configs":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to\neach node. These will added in addition to any default label(s)\nthat Kubernetes may apply to the node. In case of conflict in\nlabel keys, the applied set may differ depending on the Kubernetes\nversion -- it's best to assume the behavior is undefined and\nconflicts should be avoided. For more information, including usage\nand the valid values, see:\n http://kubernetes.io/v1.1/docs/user-guide/labels.html\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"node_ip":{"type":"string","description":"The default IPv4 address for SSH access and Kubernetes node.\nExample: 192.168.0.1","description_kind":"plain","optional":true}},"description":"The list of machine addresses in the Bare Metal Node Pool.","description_kind":"plain"},"min_items":1},"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Specifies the nodes operating system (default: LINUX). Possible values: [\"EFFECT_UNSPECIFIED\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","optional":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","optional":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}}},"description":"Node pool configuration.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_gkeonprem_vmware_cluster":{"version":0,"block":{"attributes":{"admin_cluster_membership":{"type":"string","description":"The admin cluster this VMware User Cluster belongs to.\nThis is the full resource name of the admin cluster's hub membership.\nIn the future, references to other resource types might be allowed if\nadmin clusters are modeled as their own resources.","description_kind":"plain","required":true},"annotations":{"type":["map","string"],"description":"Annotations on the VMware User Cluster.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which VMware User Cluster was created.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time at which VMware User Cluster was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human readable description of this VMware User Cluster.","description_kind":"plain","optional":true},"disable_bundled_ingress":{"type":"bool","description":"Disable bundled ingress.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_control_plane_v2":{"type":"bool","description":"Enable control plane V2. Default to false.","description_kind":"plain","optional":true},"endpoint":{"type":"string","description":"The DNS name of VMware User Cluster's API server.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string"}]],"description":"Fleet configuration for the cluster.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"local_name":{"type":"string","description":"The object name of the VMware OnPremUserCluster custom resource on the\nassociated admin cluster. This field is used to support conflicting\nnames when enrolling existing clusters to the API. When used as a part of\ncluster enrollment, this field will differ from the ID in the resource\nname. For new clusters, this field will match the user provided cluster ID\nand be visible in the last component of the resource name. It is not\nmodifiable.\n\nAll users should use this name to access their cluster using gkectl or\nkubectl and should expect to see the local name when viewing admin\ncluster controller logs.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The VMware cluster name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"The Anthos clusters on the VMware version for your user cluster.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the VMware User Cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the VMware User Cluster.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which VMware User Cluster was last updated.","description_kind":"plain","computed":true},"validation_check":{"type":["list",["object",{"options":"string","scenario":"string","status":["list",["object",{"result":["list",["object",{"category":"string","description":"string","details":"string","options":"string","reason":"string"}]]}]]}]],"description":"ValidationCheck represents the result of the preflight check job.","description_kind":"plain","computed":true},"vm_tracking_enabled":{"type":"bool","description":"Enable VM tracking.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"anti_affinity_groups":{"nesting_mode":"list","block":{"attributes":{"aag_config_disabled":{"type":"bool","description":"Spread nodes across at least three physical hosts (requires at least three\nhosts).\nEnabled by default.","description_kind":"plain","required":true}},"description":"AAGConfig specifies whether to spread VMware User Cluster nodes across at\nleast three physical hosts in the datacenter.","description_kind":"plain"},"max_items":1},"authorization":{"nesting_mode":"list","block":{"block_types":{"admin_users":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"The name of the user, e.g. 'my-gcp-id@gmail.com'.","description_kind":"plain","required":true}},"description":"Users that will be granted the cluster-admin role on the cluster, providing\nfull access to the cluster.","description_kind":"plain"}}},"description":"RBAC policy that will be applied and managed by GKE On-Prem.","description_kind":"plain"},"max_items":1},"auto_repair_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether auto repair is enabled.","description_kind":"plain","required":true}},"description":"Configuration for auto repairing.","description_kind":"plain"},"max_items":1},"control_plane_node":{"nesting_mode":"list","block":{"attributes":{"cpus":{"type":"number","description":"The number of CPUs for each admin cluster node that serve as control planes\nfor this VMware User Cluster. (default: 4 CPUs)","description_kind":"plain","optional":true},"memory":{"type":"number","description":"The megabytes of memory for each admin cluster node that serves as a\ncontrol plane for this VMware User Cluster (default: 8192 MB memory).","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of control plane nodes for this VMware User Cluster.\n(default: 1 replica).","description_kind":"plain","optional":true},"vsphere_config":{"type":["list",["object",{"datastore":"string","storage_policy_name":"string"}]],"description":"Vsphere-specific config.","description_kind":"plain","computed":true}},"block_types":{"auto_resize_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether to enable control plane node auto resizing.","description_kind":"plain","required":true}},"description":"AutoResizeConfig provides auto resizing configurations.","description_kind":"plain"},"max_items":1}},"description":"VMware User Cluster control plane nodes must have either 1 or 3 replicas.","description_kind":"plain"},"min_items":1,"max_items":1},"dataplane_v2":{"nesting_mode":"list","block":{"attributes":{"advanced_networking":{"type":"bool","description":"Enable advanced networking which requires dataplane_v2_enabled to be set true.","description_kind":"plain","optional":true},"dataplane_v2_enabled":{"type":"bool","description":"Enables Dataplane V2.","description_kind":"plain","optional":true},"windows_dataplane_v2_enabled":{"type":"bool","description":"Enable Dataplane V2 for clusters with Windows nodes.","description_kind":"plain","optional":true}},"description":"VmwareDataplaneV2Config specifies configuration for Dataplane V2.","description_kind":"plain"},"max_items":1},"load_balancer":{"nesting_mode":"list","block":{"block_types":{"f5_config":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The load balancer's IP address.","description_kind":"plain","optional":true},"partition":{"type":"string","description":"he preexisting partition to be used by the load balancer. T\nhis partition is usually created for the admin cluster for example:\n'my-f5-admin-partition'.","description_kind":"plain","optional":true},"snat_pool":{"type":"string","description":"The pool name. Only necessary, if using SNAT.","description_kind":"plain","optional":true,"computed":true}},"description":"Configuration for F5 Big IP typed load balancers.","description_kind":"plain"},"max_items":1},"manual_lb_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_node_port":{"type":"number","description":"NodePort for control plane service. The Kubernetes API server in the admin\ncluster is implemented as a Service of type NodePort (ex. 30968).","description_kind":"plain","optional":true,"computed":true},"ingress_http_node_port":{"type":"number","description":"NodePort for ingress service's http. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 32527).","description_kind":"plain","optional":true,"computed":true},"ingress_https_node_port":{"type":"number","description":"NodePort for ingress service's https. The ingress service in the admin\ncluster is implemented as a Service of type NodePort (ex. 30139).","description_kind":"plain","optional":true,"computed":true},"konnectivity_server_node_port":{"type":"number","description":"NodePort for konnectivity server service running as a sidecar in each\nkube-apiserver pod (ex. 30564).","description_kind":"plain","optional":true,"computed":true}},"description":"Manually configured load balancers.","description_kind":"plain"},"max_items":1},"metal_lb_config":{"nesting_mode":"list","block":{"block_types":{"address_pools":{"nesting_mode":"list","block":{"attributes":{"addresses":{"type":["list","string"],"description":"The addresses that are part of this pool. Each address\nmust be either in the CIDR form (1.2.3.0/24) or range\nform (1.2.3.1-1.2.3.5).","description_kind":"plain","required":true},"avoid_buggy_ips":{"type":"bool","description":"If true, avoid using IPs ending in .0 or .255.\nThis avoids buggy consumer devices mistakenly dropping IPv4 traffic for\nthose special IP addresses.","description_kind":"plain","optional":true,"computed":true},"manual_assign":{"type":"bool","description":"If true, prevent IP addresses from being automatically assigned.","description_kind":"plain","optional":true,"computed":true},"pool":{"type":"string","description":"The name of the address pool.","description_kind":"plain","required":true}},"description":"AddressPools is a list of non-overlapping IP pools used by load balancer\ntyped services. All addresses must be routable to load balancer nodes.\nIngressVIP must be included in the pools.","description_kind":"plain"},"min_items":1}},"description":"Configuration for MetalLB typed load balancers.","description_kind":"plain"},"max_items":1},"vip_config":{"nesting_mode":"list","block":{"attributes":{"control_plane_vip":{"type":"string","description":"The VIP which you previously set aside for the Kubernetes API of this cluster.","description_kind":"plain","optional":true},"ingress_vip":{"type":"string","description":"The VIP which you previously set aside for ingress traffic into this cluster.","description_kind":"plain","optional":true}},"description":"The VIPs used by the load balancer.","description_kind":"plain"},"max_items":1}},"description":"Load Balancer configuration.","description_kind":"plain"},"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"pod_address_cidr_blocks":{"type":["list","string"],"description":"All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges.\nOnly a single range is supported. This field cannot be changed after creation.","description_kind":"plain","required":true},"service_address_cidr_blocks":{"type":["list","string"],"description":"All services in the cluster are assigned an RFC1918 IPv4 address\nfrom these ranges. Only a single range is supported.. This field\ncannot be changed after creation.","description_kind":"plain","required":true},"vcenter_network":{"type":"string","description":"vcenter_network specifies vCenter network name. Inherited from the admin cluster.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"control_plane_v2_config":{"nesting_mode":"list","block":{"block_types":{"control_plane_ip_block":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","optional":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","optional":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","optional":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"}}},"description":"Static IP addresses for the control plane nodes.","description_kind":"plain"},"max_items":1}},"description":"Configuration for control plane V2 mode.","description_kind":"plain"},"max_items":1},"dhcp_ip_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"enabled is a flag to mark if DHCP IP allocation is\nused for VMware user clusters.","description_kind":"plain","required":true}},"description":"Configuration settings for a DHCP IP configuration.","description_kind":"plain"},"max_items":1},"host_config":{"nesting_mode":"list","block":{"attributes":{"dns_search_domains":{"type":["list","string"],"description":"DNS search domains.","description_kind":"plain","optional":true},"dns_servers":{"type":["list","string"],"description":"DNS servers.","description_kind":"plain","optional":true},"ntp_servers":{"type":["list","string"],"description":"NTP servers.","description_kind":"plain","optional":true}},"description":"Represents common network settings irrespective of the host's IP address.","description_kind":"plain"},"max_items":1},"static_ip_config":{"nesting_mode":"list","block":{"block_types":{"ip_blocks":{"nesting_mode":"list","block":{"attributes":{"gateway":{"type":"string","description":"The network gateway used by the VMware User Cluster.","description_kind":"plain","required":true},"netmask":{"type":"string","description":"The netmask used by the VMware User Cluster.","description_kind":"plain","required":true}},"block_types":{"ips":{"nesting_mode":"list","block":{"attributes":{"hostname":{"type":"string","description":"Hostname of the machine. VM's name will be used if this field is empty.","description_kind":"plain","optional":true,"computed":true},"ip":{"type":"string","description":"IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24).","description_kind":"plain","required":true}},"description":"The node's network configurations used by the VMware User Cluster.","description_kind":"plain"},"min_items":1}},"description":"Represents the configuration values for static IP allocation to nodes.","description_kind":"plain"},"min_items":1}},"description":"Configuration settings for a static IP configuration.","description_kind":"plain"},"max_items":1}},"description":"The VMware User Cluster network configuration.","description_kind":"plain"},"max_items":1},"storage":{"nesting_mode":"list","block":{"attributes":{"vsphere_csi_disabled":{"type":"bool","description":"Whether or not to deploy vSphere CSI components in the VMware User Cluster.\nEnabled by default.","description_kind":"plain","required":true}},"description":"Storage configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"upgrade_policy":{"nesting_mode":"list","block":{"attributes":{"control_plane_only":{"type":"bool","description":"Controls whether the upgrade applies to the control plane only.","description_kind":"plain","optional":true}},"description":"Specifies upgrade policy for the cluster.","description_kind":"plain"},"max_items":1},"vcenter":{"nesting_mode":"list","block":{"attributes":{"address":{"type":"string","description":"The vCenter IP address.","description_kind":"plain","computed":true},"ca_cert_data":{"type":"string","description":"Contains the vCenter CA certificate public key for SSL verification.","description_kind":"plain","optional":true},"cluster":{"type":"string","description":"The name of the vCenter cluster for the user cluster.","description_kind":"plain","optional":true},"datacenter":{"type":"string","description":"The name of the vCenter datacenter for the user cluster.","description_kind":"plain","optional":true},"datastore":{"type":"string","description":"The name of the vCenter datastore for the user cluster.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The name of the vCenter folder for the user cluster.","description_kind":"plain","optional":true},"resource_pool":{"type":"string","description":"The name of the vCenter resource pool for the user cluster.","description_kind":"plain","optional":true},"storage_policy_name":{"type":"string","description":"The name of the vCenter storage policy for the user cluster.","description_kind":"plain","optional":true}},"description":"VmwareVCenterConfig specifies vCenter config for the user cluster.\nInherited from the admin cluster.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_gkeonprem_vmware_node_pool":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Annotations on the node Pool.\nThis field has the same restrictions as Kubernetes annotations.\nThe total size of all keys and values combined is limited to 256k.\nKey can have 2 segments: prefix (optional) and name (required),\nseparated by a slash (/).\nPrefix must be a DNS subdomain.\nName must be 63 characters or less, begin and end with alphanumerics,\nwith dashes (-), underscores (_), dots (.), and alphanumerics between.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the cluster was created, in RFC3339 text format.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The time the cluster was deleted, in RFC3339 text format.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name for the node pool.","description_kind":"plain","optional":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"This checksum is computed by the server based on the value of other\nfields, and may be sent on update and delete requests to ensure the\nclient has an up-to-date value before proceeding.\nAllows clients to perform consistent read-modify-writes\nthrough optimistic concurrency control.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"The vmware node pool name.","description_kind":"plain","required":true},"on_prem_version":{"type":"string","description":"Anthos version for the node pool. Defaults to the user cluster version.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the node pool.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster.","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"last_transition_time":"string","message":"string","reason":"string","state":"string","type":"string"}]],"error_message":"string"}]],"description":"ResourceStatus representing detailed cluster state.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The unique identifier of the node pool.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time the cluster was last updated, in RFC3339 text format.","description_kind":"plain","computed":true},"vmware_cluster":{"type":"string","description":"The cluster this node pool belongs to.","description_kind":"plain","required":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"VMware disk size to be used during creation.","description_kind":"plain","optional":true},"cpus":{"type":"number","description":"The number of CPUs for each node in the node pool.","description_kind":"plain","optional":true},"enable_load_balancer":{"type":"bool","description":"Allow node pool traffic to be load balanced. Only works for clusters with\nMetalLB load balancers.","description_kind":"plain","optional":true},"image":{"type":"string","description":"The OS image name in vCenter, only valid when using Windows.","description_kind":"plain","optional":true},"image_type":{"type":"string","description":"The OS image to be used for each node in a node pool.\nCurrently 'cos', 'ubuntu', 'ubuntu_containerd' and 'windows' are supported.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"The map of Kubernetes labels (key/value pairs) to be applied to each node.\nThese will added in addition to any default label(s) that\nKubernetes may apply to the node.\nIn case of conflict in label keys, the applied set may differ depending on\nthe Kubernetes version -- it's best to assume the behavior is undefined\nand conflicts should be avoided.","description_kind":"plain","optional":true,"computed":true},"memory_mb":{"type":"number","description":"The megabytes of memory for each node in the node pool.","description_kind":"plain","optional":true},"replicas":{"type":"number","description":"The number of nodes in the node pool.","description_kind":"plain","optional":true}},"block_types":{"taints":{"nesting_mode":"list","block":{"attributes":{"effect":{"type":"string","description":"Available taint effects. Possible values: [\"EFFECT_UNSPECIFIED\", \"NO_SCHEDULE\", \"PREFER_NO_SCHEDULE\", \"NO_EXECUTE\"]","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key associated with the effect.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value associated with the effect.","description_kind":"plain","required":true}},"description":"The initial taints assigned to nodes of this node pool.","description_kind":"plain"}},"vsphere_config":{"nesting_mode":"list","block":{"attributes":{"datastore":{"type":"string","description":"The name of the vCenter datastore. Inherited from the user cluster.","description_kind":"plain","optional":true},"host_groups":{"type":["list","string"],"description":"Vsphere host groups to apply to all VMs in the node pool","description_kind":"plain","optional":true}},"block_types":{"tags":{"nesting_mode":"list","block":{"attributes":{"category":{"type":"string","description":"The Vsphere tag category.","description_kind":"plain","optional":true},"tag":{"type":"string","description":"The Vsphere tag name.","description_kind":"plain","optional":true}},"description":"Tags to apply to VMs.","description_kind":"plain"}}},"description":"Specifies the vSphere config for node pool.","description_kind":"plain"},"max_items":1}},"description":"The node configuration of the node pool.","description_kind":"plain"},"min_items":1,"max_items":1},"node_pool_autoscaling":{"nesting_mode":"list","block":{"attributes":{"max_replicas":{"type":"number","description":"Maximum number of replicas in the NodePool.","description_kind":"plain","required":true},"min_replicas":{"type":"number","description":"Minimum number of replicas in the NodePool.","description_kind":"plain","required":true}},"description":"Node Pool autoscaling config for the node pool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_consent_ttl":{"type":"string","description":"Default time to live for consents in this store. Must be at least 24 hours. Updating this field will not affect the expiration time of existing consents.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_consent_create_on_update":{"type":"bool","description":"If true, [consents.patch] [google.cloud.healthcare.v1.consent.UpdateConsent] creates the consent if it does not already exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize Consent stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}'\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: '[\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}'\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of this ConsentStore, for example:\n\"consent1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_binding":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_member":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dataset":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the Dataset.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Dataset.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"time_zone":{"type":"string","description":"The default timezone used by this dataset. Must be a either a valid IANA time zone name such as\n\"America/New_York\" or empty, which defaults to UTC. This is used for parsing times in resources\n(e.g., HL7 messages) where no explicit timezone is specified.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dataset_iam_binding":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_member":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_dicom_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize DICOM stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the DicomStore.\n\n** Changing this property may recreate the Dicom store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_binding":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_member":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_fhir_store":{"version":0,"block":{"attributes":{"complex_data_type_reference_parsing":{"type":"string","description":"Enable parsing of references within complex FHIR data types such as Extensions. If this value is set to ENABLED, then features like referential integrity and Bundle reference rewriting apply to all references. If this flag has not been specified the behavior of the FHIR store will not change, references in complex data types will not be parsed. New stores will have this value set to ENABLED by default after a notification period. Warning: turning on this flag causes processing existing resources to fail if they contain references to non-existent resources. Possible values: [\"COMPLEX_DATA_TYPE_REFERENCE_PARSING_UNSPECIFIED\", \"DISABLED\", \"ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"default_search_handling_strict":{"type":"bool","description":"If true, overrides the default search behavior for this FHIR store to handling=strict which returns an error for unrecognized search parameters.\nIf false, uses the FHIR specification default handling=lenient which ignores unrecognized search parameters.\nThe handling can always be changed from the default on an individual API call by setting the HTTP header Prefer: handling=strict or Prefer: handling=lenient.","description_kind":"plain","optional":true},"disable_referential_integrity":{"type":"bool","description":"Whether to disable referential integrity in this FHIR store. This field is immutable after FHIR store\ncreation. The default value is false, meaning that the API will enforce referential integrity and fail the\nrequests that will result in inconsistent state in the FHIR store. When this field is set to true, the API\nwill skip referential integrity check. Consequently, operations that rely on references, such as\nPatient.get$everything, will not return all the results if broken references exist.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"disable_resource_versioning":{"type":"bool","description":"Whether to disable resource versioning for this FHIR store. This field can not be changed after the creation\nof FHIR store. If set to false, which is the default behavior, all write operations will cause historical\nversions to be recorded automatically. The historical versions can be fetched through the history APIs, but\ncannot be updated. If set to true, no historical versions will be kept. The server will send back errors for\nattempts to read the historical versions.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_history_import":{"type":"bool","description":"Whether to allow the bulk import API to accept history bundles and directly insert historical resource\nversions into the FHIR store. Importing resource histories creates resource interactions that appear to have\noccurred in the past, which clients may not want to allow. If set to false, history bundles within an import\nwill fail with an error.\n\n** Changing this property may recreate the FHIR store (removing all data) **\n\n** This property can be changed manually in the Google Cloud Healthcare admin console without recreating the FHIR store **","description_kind":"plain","optional":true},"enable_update_create":{"type":"bool","description":"Whether this FHIR store has the updateCreate capability. This determines if the client can use an Update\noperation to create a new resource with a client-specified ID. If false, all IDs are server-assigned through\nthe Create operation and attempts to Update a non-existent resource will return errors. Please treat the audit\nlogs with appropriate levels of care if client-specified resource IDs contain sensitive data such as patient\nidentifiers, those IDs will be part of the FHIR resource path recorded in Cloud audit logs and Cloud Pub/Sub\nnotifications.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize FHIR stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the FhirStore.\n\n** Changing this property may recreate the FHIR store (removing all data) **","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version":{"type":"string","description":"The FHIR specification version. Possible values: [\"DSTU2\", \"STU3\", \"R4\"]","description_kind":"plain","required":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"stream_configs":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"Supply a FHIR resource type (such as \"Patient\" or \"Observation\"). See\nhttps://www.hl7.org/fhir/valueset-resource-types.html for a list of all FHIR resource types. The server treats\nan empty list as an intent to stream all the supported resource types in this FHIR store.","description_kind":"plain","optional":true}},"block_types":{"bigquery_destination":{"nesting_mode":"list","block":{"attributes":{"dataset_uri":{"type":"string","description":"BigQuery URI to a dataset, up to 2000 characters long, in the format bq://projectId.bqDatasetId","description_kind":"plain","required":true}},"block_types":{"schema_config":{"nesting_mode":"list","block":{"attributes":{"recursive_structure_depth":{"type":"number","description":"The depth for all recursive structures in the output analytics schema. For example, concept in the CodeSystem\nresource is a recursive structure; when the depth is 2, the CodeSystem table will have a column called\nconcept.concept but not concept.concept.concept. If not specified or set to 0, the server will use the default\nvalue 2. The maximum depth allowed is 5.","description_kind":"plain","required":true},"schema_type":{"type":"string","description":"Specifies the output schema type.\n * ANALYTICS: Analytics schema defined by the FHIR community.\n See https://github.com/FHIR/sql-on-fhir/blob/master/sql-on-fhir.md.\n * ANALYTICS_V2: Analytics V2, similar to schema defined by the FHIR community, with added support for extensions with one or more occurrences and contained resources in stringified JSON.\n * LOSSLESS: A data-driven schema generated from the fields present in the FHIR data being exported, with no additional simplification. Default value: \"ANALYTICS\" Possible values: [\"ANALYTICS\", \"ANALYTICS_V2\", \"LOSSLESS\"]","description_kind":"plain","optional":true}},"block_types":{"last_updated_partition_config":{"nesting_mode":"list","block":{"attributes":{"expiration_ms":{"type":"string","description":"Number of milliseconds for which to keep the storage for a partition.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of partitioning. Possible values: [\"PARTITION_TYPE_UNSPECIFIED\", \"HOUR\", \"DAY\", \"MONTH\", \"YEAR\"]","description_kind":"plain","required":true}},"description":"The configuration for exported BigQuery tables to be partitioned by FHIR resource's last updated time column.","description_kind":"plain"},"max_items":1}},"description":"The configuration for the exported BigQuery schema.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The destination BigQuery structure that contains both the dataset location and corresponding schema config.\nThe output is organized in one table per resource type. The server reuses the existing tables (if any) that\nare named after the resource types, e.g. \"Patient\", \"Observation\". When there is no existing table for a given\nresource type, the server attempts to create one.\nSee the [streaming config reference](https://cloud.google.com/healthcare/docs/reference/rest/v1beta1/projects.locations.datasets.fhirStores#streamconfig) for more details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A list of streaming configs that configure the destinations of streaming export for every resource mutation in\nthis FHIR store. Each store is allowed to have up to 10 streaming configs. After a new config is added, the next\nresource mutation is streamed to the new location in addition to the existing ones. When a location is removed\nfrom the list, the server stops streaming to that location. Before adding a new config, you must add the required\nbigquery.dataEditor role to your project's Cloud Healthcare Service Agent service account. Some lag (typically on\nthe order of dozens of seconds) is expected before the results show up in the streaming destination.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store":{"version":0,"block":{"attributes":{"dataset":{"type":"string","description":"Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-supplied key-value pairs used to organize HL7v2 stores.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, and must\nconform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values are optional, must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128\nbytes, and must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be associated with a given store.\n\nAn object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the Hl7V2Store.\n\n** Changing this property may recreate the Hl7v2 store (removing all data) **","description_kind":"plain","required":true},"reject_duplicate_message":{"type":"bool","description":"Determines whether duplicate messages are allowed.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this dataset","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"notification_config":{"nesting_mode":"list","block":{"attributes":{"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.","description_kind":"plain","required":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"notification_configs":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Restricts notifications sent for messages matching a filter. If this is empty, all messages\nare matched. Syntax: https://cloud.google.com/appengine/docs/standard/python/search/query_strings\n\nFields/functions available for filtering are:\n\n* messageType, from the MSH-9.1 field. For example, NOT messageType = \"ADT\".\n* send_date or sendDate, the YYYY-MM-DD date the message was sent in the dataset's timeZone, from the MSH-7 segment. For example, send_date \u003c \"2017-01-02\".\n* sendTime, the timestamp when the message was sent, using the RFC3339 time format for comparisons, from the MSH-7 segment. For example, sendTime \u003c \"2017-01-02T00:00:00-05:00\".\n* sendFacility, the care center that the message came from, from the MSH-4 segment. For example, sendFacility = \"ABC\".\n* PatientId(value, type), which matches if the message lists a patient having an ID of the given value and type in the PID-2, PID-3, or PID-4 segments. For example, PatientId(\"123456\", \"MRN\").\n* labels.x, a string value of the label with key x as set using the Message.labels map. For example, labels.\"priority\"=\"high\". The operator :* can be used to assert the existence of a label. For example, labels.\"priority\":*.","description_kind":"plain","optional":true},"pubsub_topic":{"type":"string","description":"The Cloud Pub/Sub topic that notifications of changes are published on. Supplied by the client.\nPubsubMessage.Data will contain the resource name. PubsubMessage.MessageId is the ID of this message.\nIt is guaranteed to be unique within the topic. PubsubMessage.PublishTime is the time at which the message\nwas published. Notifications are only sent if the topic is non-empty. Topic names must be scoped to a\nproject. service-PROJECT_NUMBER@gcp-sa-healthcare.iam.gserviceaccount.com must have publisher permissions on the given\nCloud Pub/Sub topic. Not having adequate permissions will cause the calls that send notifications to fail.\n\nIf a notification cannot be published to Cloud Pub/Sub, errors will be logged to Stackdriver","description_kind":"plain","required":true}},"description":"A list of notification configs. Each configuration uses a filter to determine whether to publish a\nmessage (both Ingest \u0026 Create) on the corresponding notification destination. Only the message name\nis sent as part of the notification. Supplied by the client.","description_kind":"plain"}},"parser_config":{"nesting_mode":"list","block":{"attributes":{"allow_null_header":{"type":"bool","description":"Determines whether messages with no header are allowed.","description_kind":"plain","optional":true},"schema":{"type":"string","description":"JSON encoded string for schemas used to parse messages in this\nstore if schematized parsing is desired.","description_kind":"plain","optional":true},"segment_terminator":{"type":"string","description":"Byte(s) to be used as the segment terminator. If this is unset, '\\r' will be used as segment terminator.\n\nA base64-encoded string.","description_kind":"plain","optional":true},"version":{"type":"string","description":"The version of the unschematized parser to be used when a custom 'schema' is not set. Default value: \"V1\" Possible values: [\"V1\", \"V2\", \"V3\"]","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iam_access_boundary_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"access_boundary_rule":{"nesting_mode":"list","block":{"attributes":{"available_permissions":{"type":["list","string"],"description":"A list of permissions that may be allowed for use on the specified resource.","description_kind":"plain","optional":true},"available_resource":{"type":"string","description":"The full resource name of a Google Cloud resource entity.","description_kind":"plain","optional":true}},"block_types":{"availability_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The availability condition further constrains the access allowed by the access boundary rule.","description_kind":"plain"},"max_items":1}},"description":"An access boundary rule in an IAM policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_deny_policy":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The display name of the rule.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The hash of the resource. Used internally during updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the policy.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The attachment point is identified by its URL-encoded full resource name.","description_kind":"plain","required":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"The description of the rule.","description_kind":"plain","optional":true}},"block_types":{"deny_rule":{"nesting_mode":"list","block":{"attributes":{"denied_permissions":{"type":["list","string"],"description":"The permissions that are explicitly denied by this rule. Each permission uses the format '{service-fqdn}/{resource}.{verb}',\nwhere '{service-fqdn}' is the fully qualified domain name for the service. For example, 'iam.googleapis.com/roles.list'.","description_kind":"plain","optional":true},"denied_principals":{"type":["list","string"],"description":"The identities that are prevented from using one or more permissions on Google Cloud resources.","description_kind":"plain","optional":true},"exception_permissions":{"type":["list","string"],"description":"Specifies the permissions that this rule excludes from the set of denied permissions given by deniedPermissions.\nIf a permission appears in deniedPermissions and in exceptionPermissions then it will not be denied.\nThe excluded permissions can be specified using the same syntax as deniedPermissions.","description_kind":"plain","optional":true},"exception_principals":{"type":["list","string"],"description":"The identities that are excluded from the deny rule, even if they are listed in the deniedPrincipals.\nFor example, you could add a Google group to the deniedPrincipals, then exclude specific users who belong to that group.","description_kind":"plain","optional":true}},"block_types":{"denial_condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression,\ne.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting,\ne.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.\nThis can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.","description_kind":"plain"},"max_items":1}},"description":"A deny rule in an IAM deny policy.","description_kind":"plain"},"max_items":1}},"description":"Rules to be applied.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A user-specified description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens,\nor use existing tokens to access resources. If the pool is re-enabled, existing tokens grant access again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name of the pool in Google Cloud Console. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the pool.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Immutable. The resource name of the parent. Format: 'organizations/{org-id}'.","description_kind":"plain","required":true},"session_duration":{"type":"string","description":"Duration that the Google Cloud access tokens, console sign-in sessions,\nand 'gcloud' sign-in sessions from this pool are valid.\nMust be greater than 15 minutes (900s) and less than 12 hours (43200s).\nIf 'sessionDuration' is not configured, minted credentials have a default duration of one hour (3600s).\nA duration in seconds with up to nine fractional digits, ending with ''s''. Example: \"'3.5s'\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"Output only. The state of the pool.\n * STATE_UNSPECIFIED: State unspecified.\n * ACTIVE: The pool is active, and may be used in Google Cloud policies.\n * DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted\n after approximately 30 days. You can restore a soft-deleted pool using\n [workforcePools.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePool).\n You cannot reuse the ID of a soft-deleted pool until it is permanently deleted.\n While a pool is deleted, you cannot use it to exchange tokens, or use\n existing tokens to access resources. If the pool is undeleted, existing\n tokens grant access again.","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The name of the pool. The ID must be a globally unique string of 6 to 63 lowercase letters,\ndigits, or hyphens. It must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"access_restrictions":{"nesting_mode":"list","block":{"attributes":{"disable_programmatic_signin":{"type":"bool","description":"Disable programmatic sign-in by disabling token issue via the Security Token API endpoint.\nSee [Security Token Service API](https://cloud.google.com/iam/docs/reference/sts/rest).","description_kind":"plain","optional":true}},"block_types":{"allowed_services":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the service.\nExample: console.cloud.google","description_kind":"plain","optional":true}},"description":"Services allowed for web sign-in with the workforce pool.\nIf not set by default there are no restrictions.","description_kind":"plain"}}},"description":"Configure access restrictions on the workforce pool users. This is an optional field. If specified web\nsign-in can be restricted to given set of services or programmatic sign-in can be disabled for pool users.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workforce_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"A [Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n 'google.profile_photo' and 'google.display_name' are not supported.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters.\nIf unspecified, all valid authentication credentials will be accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups' value of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from the authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value in IAM bindings.\n This is also the subject that appears in Cloud Logging logs. This is a required field and\n the mapped subject cannot exceed 127 bytes.\n * 'google.groups': Groups the authenticating user belongs to. You can grant groups access to\n resources using an IAM 'principalSet' binding; access applies to all members of the group.\n * 'google.display_name': The name of the authenticated user. This is an optional field and\n the mapped display name cannot exceed 100 bytes. If not set, 'google.subject' will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n * 'google.profile_photo': The URL that specifies the authenticated user's thumbnail photo.\n This is an optional field. When set, the image will be visible as the user's profile picture.\n If not set, a generic user icon will be displayed instead.\n This attribute cannot be referenced in IAM bindings.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}', where {custom_attribute}\nis the name of the custom attribute to be mapped. You can define a maximum of 50 custom attributes.\nThe maximum length of a mapped attribute key is 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a workforce pool\nto Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/locations/{location}/workforcePools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/locations/{location}/workforcePools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor OIDC providers, you must supply a custom mapping that includes the 'google.subject' attribute.\nFor example, the following maps the sub claim of the incoming credential to the 'subject' attribute\non a Google token:\n'''\n{\"google.subject\": \"assertion.sub\"}\n'''\n\nAn object containing a list of '\"key\": value' pairs.\nExample: '{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }'.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A user-specified description of the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A user-specified display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The resource name of the provider.\nFormat: 'locations/{location}/workforcePools/{workforcePoolId}/providers/{providerId}'","description_kind":"plain","computed":true},"provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name.\nThis value must be 4-32 characters, and may contain the characters [a-z0-9-].\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently\n deleted after approximately 30 days. You can restore a soft-deleted provider using\n [providers.undelete](https://cloud.google.com/iam/docs/reference/rest/v1/locations.workforcePools.providers/undelete#google.iam.admin.v1.WorkforcePools.UndeleteWorkforcePoolProvider).","description_kind":"plain","computed":true},"workforce_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name.\nThe IDs must be a globally unique string of 6 to 63 lowercase letters, digits, or hyphens.\nIt must start with a letter, and cannot have a trailing hyphen.\nThe prefix 'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"oidc":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID. Must match the audience claim of the JWT issued by the identity provider.","description_kind":"plain","required":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URI. Must be a valid URI using the 'https' scheme.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"block_types":{"value":{"nesting_mode":"list","block":{"attributes":{"plain_text":{"type":"string","description":"The plain text of the client secret value.","description_kind":"plain","required":true,"sensitive":true},"thumbprint":{"type":"string","description":"A thumbprint to represent the current client secret value.","description_kind":"plain","computed":true}},"description":"The value of the client secret.","description_kind":"plain"},"max_items":1}},"description":"The optional client secret. Required to enable Authorization Code flow for web sign-in.","description_kind":"plain"},"max_items":1},"web_sso_config":{"nesting_mode":"list","block":{"attributes":{"additional_scopes":{"type":["list","string"],"description":"Additional scopes to request for in the OIDC authentication request on top of scopes requested by default. By default, the 'openid', 'profile' and 'email' scopes that are supported by the identity provider are requested.\nEach additional scope may be at most 256 characters. A maximum of 10 additional scopes may be configured.","description_kind":"plain","optional":true},"assertion_claims_behavior":{"type":"string","description":"The behavior for how OIDC Claims are included in the 'assertion' object used for attribute mapping and attribute condition.\n* MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS: Merge the UserInfo Endpoint Claims with ID Token Claims, preferring UserInfo Claim Values for the same Claim Name. This option is available only for the Authorization Code Flow.\n* ONLY_ID_TOKEN_CLAIMS: Only include ID Token Claims. Possible values: [\"MERGE_USER_INFO_OVER_ID_TOKEN_CLAIMS\", \"ONLY_ID_TOKEN_CLAIMS\"]","description_kind":"plain","required":true},"response_type":{"type":"string","description":"The Response Type to request for in the OIDC Authorization Request for web sign-in.\n\nThe 'CODE' Response Type is recommended to avoid the Implicit Flow, for security reasons.\n* CODE: The 'response_type=code' selection uses the Authorization Code Flow for web sign-in. Requires a configured client secret.\n* ID_TOKEN: The 'response_type=id_token' selection uses the Implicit Flow for web sign-in. Possible values: [\"CODE\", \"ID_TOKEN\"]","description_kind":"plain","required":true}},"description":"Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser.","description_kind":"plain"},"max_items":1}},"description":"Represents an OpenId Connect 1.0 identity provider.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.\nThe xml document should comply with [SAML 2.0 specification](https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf).\nThe max size of the acceptable xml document will be bounded to 128k characters.\n\nThe metadata xml document should satisfy the following constraints:\n1) Must contain an Identity Provider Entity ID.\n2) Must contain at least one non-expired signing key certificate.\n3) For each signing key:\n a) Valid from should be no more than 7 days from now.\n b) Valid to should be no more than 10 years in the future.\n4) Up to 3 IdP signing keys are allowed in the metadata xml.\n\nWhen updating the provider's metadata xml, at least one non-expired signing key\nmust overlap with the existing metadata. This requirement is skipped if there are\nno non-expired signing keys present in the existing metadata.","description_kind":"plain","required":true}},"description":"Represents a SAML identity provider.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of the pool. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the pool is disabled. You cannot use a disabled pool to exchange tokens, or use\nexisting tokens to access resources. If the pool is re-enabled, existing tokens grant\naccess again.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the pool. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the pool as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the pool.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The pool is active, and may be used in Google Cloud policies.\n* DELETED: The pool is soft-deleted. Soft-deleted pools are permanently deleted after\n approximately 30 days. You can restore a soft-deleted pool using\n UndeleteWorkloadIdentityPool. You cannot reuse the ID of a soft-deleted pool until it is\n permanently deleted. While a pool is deleted, you cannot use it to exchange tokens, or\n use existing tokens to access resources. If the pool is undeleted, existing tokens grant\n access again.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID to use for the pool, which becomes the final component of the resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_workload_identity_pool_provider":{"version":0,"block":{"attributes":{"attribute_condition":{"type":"string","description":"[A Common Expression Language](https://opensource.google/projects/cel) expression, in\nplain text, to restrict what otherwise valid authentication credentials issued by the\nprovider should not be accepted.\n\nThe expression must output a boolean representing whether to allow the federation.\n\nThe following keywords may be referenced in the expressions:\n * 'assertion': JSON representing the authentication credential issued by the provider.\n * 'google': The Google attributes mapped from the assertion in the 'attribute_mappings'.\n * 'attribute': The custom attributes mapped from the assertion in the 'attribute_mappings'.\n\nThe maximum length of the attribute condition expression is 4096 characters. If\nunspecified, all valid authentication credential are accepted.\n\nThe following example shows how to only allow credentials with a mapped 'google.groups'\nvalue of 'admins':\n'''\n\"'admins' in google.groups\"\n'''","description_kind":"plain","optional":true},"attribute_mapping":{"type":["map","string"],"description":"Maps attributes from authentication credentials issued by an external identity provider\nto Google Cloud attributes, such as 'subject' and 'segment'.\n\nEach key must be a string specifying the Google Cloud IAM attribute to map to.\n\nThe following keys are supported:\n * 'google.subject': The principal IAM is authenticating. You can reference this value\n in IAM bindings. This is also the subject that appears in Cloud Logging logs.\n Cannot exceed 127 characters.\n * 'google.groups': Groups the external identity belongs to. You can grant groups\n access to resources using an IAM 'principalSet' binding; access applies to all\n members of the group.\n\nYou can also provide custom attributes by specifying 'attribute.{custom_attribute}',\nwhere '{custom_attribute}' is the name of the custom attribute to be mapped. You can\ndefine a maximum of 50 custom attributes. The maximum length of a mapped attribute key\nis 100 characters, and the key may only contain the characters [a-z0-9_].\n\nYou can reference these attributes in IAM policies to define fine-grained access for a\nworkload to Google Cloud resources. For example:\n * 'google.subject':\n 'principal://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/subject/{value}'\n * 'google.groups':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/group/{value}'\n * 'attribute.{custom_attribute}':\n 'principalSet://iam.googleapis.com/projects/{project}/locations/{location}/workloadIdentityPools/{pool}/attribute.{custom_attribute}/{value}'\n\nEach value must be a [Common Expression Language](https://opensource.google/projects/cel)\nfunction that maps an identity provider credential to the normalized attribute specified\nby the corresponding map key.\n\nYou can use the 'assertion' keyword in the expression to access a JSON representation of\nthe authentication credential issued by the provider.\n\nThe maximum length of an attribute mapping expression is 2048 characters. When evaluated,\nthe total size of all mapped attributes must not exceed 8KB.\n\nFor AWS providers, the following rules apply:\n - If no attribute mapping is defined, the following default mapping applies:\n '''\n {\n \"google.subject\":\"assertion.arn\",\n \"attribute.aws_role\":\n \"assertion.arn.contains('assumed-role')\"\n \" ? assertion.arn.extract('{account_arn}assumed-role/')\"\n \" + 'assumed-role/'\"\n \" + assertion.arn.extract('assumed-role/{role_name}/')\"\n \" : assertion.arn\",\n }\n '''\n - If any custom attribute mappings are defined, they must include a mapping to the\n 'google.subject' attribute.\n\nFor OIDC providers, the following rules apply:\n - Custom attribute mappings must be defined, and must include a mapping to the\n 'google.subject' attribute. For example, the following maps the 'sub' claim of the\n incoming credential to the 'subject' attribute on a Google token.\n '''\n {\"google.subject\": \"assertion.sub\"}\n '''","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description for the provider. Cannot exceed 256 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the provider is disabled. You cannot use a disabled provider to exchange tokens.\nHowever, existing tokens still grant access.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A display name for the provider. Cannot exceed 32 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the provider as\n'projects/{project_number}/locations/global/workloadIdentityPools/{workload_identity_pool_id}/providers/{workload_identity_pool_provider_id}'.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the provider.\n* STATE_UNSPECIFIED: State unspecified.\n* ACTIVE: The provider is active, and may be used to validate authentication credentials.\n* DELETED: The provider is soft-deleted. Soft-deleted providers are permanently deleted\n after approximately 30 days. You can restore a soft-deleted provider using\n UndeleteWorkloadIdentityPoolProvider. You cannot reuse the ID of a soft-deleted provider\n until it is permanently deleted.","description_kind":"plain","computed":true},"workload_identity_pool_id":{"type":"string","description":"The ID used for the pool, which is the final component of the pool resource name. This\nvalue should be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true},"workload_identity_pool_provider_id":{"type":"string","description":"The ID for the provider, which becomes the final component of the resource name. This\nvalue must be 4-32 characters, and may contain the characters [a-z0-9-]. The prefix\n'gcp-' is reserved for use by Google, and may not be specified.","description_kind":"plain","required":true}},"block_types":{"aws":{"nesting_mode":"list","block":{"attributes":{"account_id":{"type":"string","description":"The AWS account ID.","description_kind":"plain","required":true}},"description":"An Amazon Web Services identity provider. Not compatible with the property oidc or saml.","description_kind":"plain"},"max_items":1},"oidc":{"nesting_mode":"list","block":{"attributes":{"allowed_audiences":{"type":["list","string"],"description":"Acceptable values for the 'aud' field (audience) in the OIDC token. Token exchange\nrequests are rejected if the token audience does not match one of the configured\nvalues. Each audience may be at most 256 characters. A maximum of 10 audiences may\nbe configured.\n\nIf this list is empty, the OIDC token audience must be equal to the full canonical\nresource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix.\nFor example:\n'''\n//iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\nhttps://iam.googleapis.com/projects/\u003cproject-number\u003e/locations/\u003clocation\u003e/workloadIdentityPools/\u003cpool-id\u003e/providers/\u003cprovider-id\u003e\n'''","description_kind":"plain","optional":true},"issuer_uri":{"type":"string","description":"The OIDC issuer URL.","description_kind":"plain","required":true},"jwks_json":{"type":"string","description":"OIDC JWKs in JSON String format. For details on definition of a\nJWK, see https:tools.ietf.org/html/rfc7517. If not set, then we\nuse the 'jwks_uri' from the discovery document fetched from the\n.well-known path for the 'issuer_uri'. Currently, RSA and EC asymmetric\nkeys are supported. The JWK must use following format and include only\nthe following fields:\n'''\n{\n \"keys\": [\n {\n \"kty\": \"RSA/EC\",\n \"alg\": \"\u003calgorithm\u003e\",\n \"use\": \"sig\",\n \"kid\": \"\u003ckey-id\u003e\",\n \"n\": \"\",\n \"e\": \"\",\n \"x\": \"\",\n \"y\": \"\",\n \"crv\": \"\"\n }\n ]\n}\n'''","description_kind":"plain","optional":true}},"description":"An OpenId Connect 1.0 identity provider. Not compatible with the property aws or saml.","description_kind":"plain"},"max_items":1},"saml":{"nesting_mode":"list","block":{"attributes":{"idp_metadata_xml":{"type":"string","description":"SAML Identity provider configuration metadata xml doc.","description_kind":"plain","required":true}},"description":"An SAML 2.0 identity provider. Not compatible with the property oidc or aws.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_brand":{"version":0,"block":{"attributes":{"application_title":{"type":"string","description":"Application name displayed on OAuth consent screen.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Output only. Identifier of the brand, in the format 'projects/{project_number}/brands/{brand_id}'\nNOTE: The name can also be expressed as 'projects/{project_id}/brands/{brand_id}', e.g. when importing.\nNOTE: The brand identification corresponds to the project number as only one\nbrand can be created per project.","description_kind":"plain","computed":true},"org_internal_only":{"type":"bool","description":"Whether the brand is only intended for usage inside the GSuite organization only.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"support_email":{"type":"string","description":"Support email displayed on the OAuth consent screen. Can be either a\nuser or group email. When a user email is specified, the caller must\nbe the user with the associated email address. When a group email is\nspecified, the caller can be either a user or a service account which\nis an owner of the specified group in Cloud Identity.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group":{"version":0,"block":{"attributes":{"cidrs":{"type":["list","string"],"description":"List of CIDRs that this group applies to.","description_kind":"plain","optional":true},"fqdns":{"type":["list","string"],"description":"List of FQDNs that this group applies to.","description_kind":"plain","optional":true},"group_name":{"type":"string","description":"Unique tunnel destination group name.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Full resource name.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tunnel group. Must be the same as the network resources in the group.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_binding":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_member":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_binding":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_member":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_identity_platform_config":{"version":0,"block":{"attributes":{"authorized_domains":{"type":["list","string"],"description":"List of domains authorized for OAuth redirects.","description_kind":"plain","optional":true,"computed":true},"autodelete_anonymous_users":{"type":"bool","description":"Whether anonymous users will be auto-deleted after a period of 30 days","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"blocking_functions":{"nesting_mode":"list","block":{"block_types":{"forward_inbound_credentials":{"nesting_mode":"list","block":{"attributes":{"access_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's access token.","description_kind":"plain","optional":true},"id_token":{"type":"bool","description":"Whether to pass the user's OIDC identity provider's ID token.","description_kind":"plain","optional":true},"refresh_token":{"type":"bool","description":"Whether to pass the user's OAuth identity provider's refresh token.","description_kind":"plain","optional":true}},"description":"The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.","description_kind":"plain"},"max_items":1},"triggers":{"nesting_mode":"set","block":{"attributes":{"event_type":{"type":"string","description_kind":"plain","required":true},"function_uri":{"type":"string","description":"HTTP URI trigger for the Cloud Function.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"When the trigger was changed.","description_kind":"plain","computed":true}},"description":"Map of Trigger to event type. Key should be one of the supported event types: \"beforeCreate\", \"beforeSignIn\".","description_kind":"plain"},"min_items":1}},"description":"Configuration related to blocking functions.","description_kind":"plain"},"max_items":1},"client":{"nesting_mode":"list","block":{"attributes":{"api_key":{"type":"string","description":"API key that can be used when making requests for this project.","description_kind":"plain","computed":true,"sensitive":true},"firebase_subdomain":{"type":"string","description":"Firebase subdomain.","description_kind":"plain","computed":true}},"block_types":{"permissions":{"nesting_mode":"list","block":{"attributes":{"disabled_user_deletion":{"type":"bool","description":"When true, end users cannot delete their account on the associated project through any of our API methods","description_kind":"plain","optional":true},"disabled_user_signup":{"type":"bool","description":"When true, end users cannot sign up for a new account on the associated project through any of our API methods","description_kind":"plain","optional":true}},"description":"Configuration related to restricting a user's ability to affect their account.","description_kind":"plain"},"max_items":1}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"mfa":{"nesting_mode":"list","block":{"attributes":{"enabled_providers":{"type":["list","string"],"description":"A list of usable second factors for this project. Possible values: [\"PHONE_SMS\"]","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"provider_configs":{"nesting_mode":"list","block":{"attributes":{"state":{"type":"string","description":"Whether MultiFactor Authentication has been enabled for this project. Possible values: [\"DISABLED\", \"ENABLED\", \"MANDATORY\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"totp_provider_config":{"nesting_mode":"list","block":{"attributes":{"adjacent_intervals":{"type":"number","description":"The allowed number of adjacent intervals that will be used for verification to avoid clock skew.","description_kind":"plain","optional":true}},"description":"TOTP MFA provider config for this project.","description_kind":"plain"},"max_items":1}},"description":"A list of usable second factors for this project along with their configurations.\nThis field does not support phone based MFA, for that use the 'enabledProviders' field.","description_kind":"plain"}}},"description":"Options related to how clients making requests on behalf of a project should be configured.","description_kind":"plain"},"max_items":1},"monitoring":{"nesting_mode":"list","block":{"block_types":{"request_logging":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether logging is enabled for this project or not.","description_kind":"plain","optional":true}},"description":"Configuration for logging requests made to this project to Stackdriver Logging","description_kind":"plain"},"max_items":1}},"description":"Configuration related to monitoring project activity.","description_kind":"plain"},"max_items":1},"multi_tenant":{"nesting_mode":"list","block":{"attributes":{"allow_tenants":{"type":"bool","description":"Whether this project can have tenants or not.","description_kind":"plain","optional":true},"default_tenant_location":{"type":"string","description":"The default cloud parent org or folder that the tenant project should be created under.\nThe parent resource name should be in the format of \"/\", such as \"folders/123\" or \"organizations/456\".\nIf the value is not set, the tenant will be created under the same organization or folder as the agent project.","description_kind":"plain","optional":true}},"description":"Configuration related to multi-tenant functionality.","description_kind":"plain"},"max_items":1},"quota":{"nesting_mode":"list","block":{"block_types":{"sign_up_quota_config":{"nesting_mode":"list","block":{"attributes":{"quota":{"type":"number","description":"A sign up APIs quota that customers can override temporarily.","description_kind":"plain","optional":true},"quota_duration":{"type":"string","description":"How long this quota will be active for. It is measurred in seconds, e.g., Example: \"9.615s\".","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"When this quota will take affect.","description_kind":"plain","optional":true}},"description":"Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to quotas.","description_kind":"plain"},"max_items":1},"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","required":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","required":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"sms_region_config":{"nesting_mode":"list","block":{"block_types":{"allow_by_default":{"nesting_mode":"list","block":{"attributes":{"disallowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of allowing SMS to every region by default and adding disallowed regions to a disallow list.","description_kind":"plain"},"max_items":1},"allowlist_only":{"nesting_mode":"list","block":{"attributes":{"allowed_regions":{"type":["list","string"],"description":"Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json","description_kind":"plain","optional":true}},"description":"A policy of only allowing regions by explicitly adding them to an allowlist.","description_kind":"plain"},"max_items":1}},"description":"Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the DefaultSupportedIdpConfig resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The IdP's x509 certificate.","description_kind":"plain","optional":true}},"description":"The IdP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","optional":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","optional":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_project_default_config":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the Config resource. Example: \"projects/my-awesome-project/config\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"sign_in":{"nesting_mode":"list","block":{"attributes":{"allow_duplicate_emails":{"type":"bool","description":"Whether to allow more than one account to have the same email.","description_kind":"plain","optional":true},"hash_config":{"type":["list",["object",{"algorithm":"string","memory_cost":"number","rounds":"number","salt_separator":"string","signer_key":"string"}]],"description":"Output only. Hash config information.","description_kind":"plain","computed":true}},"block_types":{"anonymous":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether anonymous user auth is enabled for the project or not.","description_kind":"plain","required":true}},"description":"Configuration options related to authenticating an anonymous user.","description_kind":"plain"},"max_items":1},"email":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether email auth is enabled for the project or not.","description_kind":"plain","optional":true},"password_required":{"type":"bool","description":"Whether a password is required for email auth or not. If true, both an email and\npassword must be provided to sign in. If false, a user may sign in via either\nemail/password or email link.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticating a user by their email address.","description_kind":"plain"},"max_items":1},"phone_number":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether phone number auth is enabled for the project or not.","description_kind":"plain","optional":true},"test_phone_numbers":{"type":["map","string"],"description":"A map of \u003ctest phone number, fake code\u003e that can be used for phone auth testing.","description_kind":"plain","optional":true}},"description":"Configuration options related to authenticated a user by their phone number.","description_kind":"plain"},"max_items":1}},"description":"Configuration related to local sign in methods.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain","deprecated":true}},"google_identity_platform_tenant":{"version":0,"block":{"attributes":{"allow_password_signup":{"type":"bool","description":"Whether to allow email/password user authentication.","description_kind":"plain","optional":true},"disable_auth":{"type":"bool","description":"Whether authentication is disabled for the tenant. If true, the users under\nthe disabled tenant are not allowed to sign-in. Admins of the disabled tenant\nare not able to manage its users.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name of the tenant.","description_kind":"plain","required":true},"enable_email_link_signin":{"type":"bool","description":"Whether to enable email link user authentication.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the tenant that is generated by the server","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_default_supported_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"OAuth client ID","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"OAuth client secret","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this IDP allows the user to sign in","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"idp_id":{"type":"string","description":"ID of the IDP. Possible values include:\n\n* 'apple.com'\n\n* 'facebook.com'\n\n* 'gc.apple.com'\n\n* 'github.com'\n\n* 'google.com'\n\n* 'linkedin.com'\n\n* 'microsoft.com'\n\n* 'playgames.google.com'\n\n* 'twitter.com'\n\n* 'yahoo.com'","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the default supported IDP config resource","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this DefaultSupportedIdpConfig resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_inbound_saml_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the InboundSamlConfig resource. Must start with 'saml.' and can only have alphanumeric characters,\nhyphens, underscores or periods. The part after 'saml.' must also start with a lowercase letter, end with an\nalphanumeric character, and have at least 2 characters.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this inbound SAML config resource exists","description_kind":"plain","required":true}},"block_types":{"idp_config":{"nesting_mode":"list","block":{"attributes":{"idp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities","description_kind":"plain","required":true},"sign_request":{"type":"bool","description":"Indicates if outbounding SAMLRequest should be signed.","description_kind":"plain","optional":true},"sso_url":{"type":"string","description":"URL to send Authentication request to.","description_kind":"plain","required":true}},"block_types":{"idp_certificates":{"nesting_mode":"list","block":{"attributes":{"x509_certificate":{"type":"string","description":"The x509 certificate","description_kind":"plain","optional":true}},"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain"},"min_items":1}},"description":"SAML IdP configuration when the project acts as the relying party","description_kind":"plain"},"min_items":1,"max_items":1},"sp_config":{"nesting_mode":"list","block":{"attributes":{"callback_uri":{"type":"string","description":"Callback URI where responses from IDP are handled. Must start with 'https://'.","description_kind":"plain","required":true},"sp_certificates":{"type":["list",["object",{"x509_certificate":"string"}]],"description":"The IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.","description_kind":"plain","computed":true},"sp_entity_id":{"type":"string","description":"Unique identifier for all SAML entities.","description_kind":"plain","required":true}},"description":"SAML SP (Service Provider) configuration when the project acts as the relying party to receive\nand accept an authentication assertion issued by a SAML identity provider.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_identity_platform_tenant_oauth_idp_config":{"version":0,"block":{"attributes":{"client_id":{"type":"string","description":"The client id of an OAuth client.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret of the OAuth client, to enable OIDC code flow.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Human friendly display name.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"If this config allows users to sign in with the provider.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer":{"type":"string","description":"For OIDC Idps, the issuer identifier.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the OauthIdpConfig. Must start with 'oidc.'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tenant":{"type":"string","description":"The name of the tenant where this OIDC IDP configuration resource exists","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_connection":{"version":0,"block":{"attributes":{"connection_revision":{"type":"string","description":"Connection revision. This field is only updated when the connection is created or updated by User.","description_kind":"plain","computed":true},"connector_version":{"type":"string","description":"connectorVersion of the Connector.","description_kind":"plain","required":true},"connector_version_infra_config":{"type":["list",["object",{"ratelimit_threshold":"string"}]],"description":"This configuration provides infra configs like rate limit threshold which need to be configurable for every connector version.","description_kind":"plain","computed":true},"connector_version_launch_stage":{"type":"string","description":"Flag to mark the version indicating the launch stage.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An arbitrary description for the Conection.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"eventing_enablement_type":{"type":"string","description":"Eventing enablement type. Will be nil if eventing is not enabled. Possible values: [\"EVENTING_AND_CONNECTION\", \"ONLY_EVENTING\"]","description_kind":"plain","optional":true},"eventing_runtime_data":{"type":["list",["object",{"events_listener_endpoint":"string","status":["list",["object",{"description":"string","state":"string"}]]}]],"description":"Eventing Runtime Data.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Connection needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Connection needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"Service account needed for runtime plane to access Google Cloud resources.","description_kind":"plain","optional":true,"computed":true},"service_directory":{"type":"string","description":"The name of the Service Directory service name. Used for Private Harpoon to resolve the ILB address.\ne.g. \"projects/cloud-connectors-e2e-testing/locations/us-central1/namespaces/istio-system/services/istio-ingressgateway-connectors\"","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"description":"string","state":"string","status":"string"}]],"description":"Status of the Integration Connector.","description_kind":"plain","computed":true},"subscription_type":{"type":"string","description":"This subscription type enum states the subscription type of the project.","description_kind":"plain","computed":true},"suspended":{"type":"bool","description":"Suspended indicates if a user has suspended a connection or not.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\", \"OAUTH2_JWT_BEARER\", \"OAUTH2_CLIENT_CREDENTIALS\", \"SSH_PUBLIC_KEY\", \"OAUTH2_AUTH_CODE_FLOW\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"oauth2_auth_code_flow":{"nesting_mode":"list","block":{"attributes":{"auth_uri":{"type":"string","description":"Auth URL for Authorization Code Flow.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"Client ID for user-provided OAuth app.","description_kind":"plain","optional":true},"enable_pkce":{"type":"bool","description":"Whether to enable PKCE when the user performs the auth code flow.","description_kind":"plain","optional":true},"scopes":{"type":["list","string"],"description":"Scopes the connection will request when the user performs the auth code flow.","description_kind":"plain","optional":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Client secret for user-provided OAuth app.","description_kind":"plain"},"max_items":1}},"description":"Parameters to support Oauth 2.0 Auth Code Grant Authentication.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"Secret version of Password for Authentication.","description_kind":"plain","required":true}},"block_types":{"client_secret":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing the client secret.","description_kind":"plain"},"max_items":1}},"description":"OAuth3 Client Credentials for Authentication.","description_kind":"plain"},"max_items":1},"oauth2_jwt_bearer":{"nesting_mode":"list","block":{"block_types":{"client_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Secret version reference containing a PKCS#8 PEM-encoded private key associated with the Client Certificate.\nThis private key will be used to sign JWTs used for the jwt-bearer authorization grant.\nSpecified in the form as: projects/*/secrets/*/versions/*.","description_kind":"plain"},"max_items":1},"jwt_claims":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Value for the \"aud\" claim.","description_kind":"plain","optional":true},"issuer":{"type":"string","description":"Value for the \"iss\" claim.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"Value for the \"sub\" claim.","description_kind":"plain","optional":true}},"description":"JwtClaims providers fields to generate the token.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 JWT Bearer for Authentication.","description_kind":"plain"},"max_items":1},"ssh_public_key":{"nesting_mode":"list","block":{"attributes":{"cert_type":{"type":"string","description":"Format of SSH Client cert.","description_kind":"plain","optional":true},"username":{"type":"string","description":"The user account used to authenticate.","description_kind":"plain","required":true}},"block_types":{"ssh_client_cert":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"SSH Client Cert. It should contain both public and private key.","description_kind":"plain"},"max_items":1},"ssh_client_cert_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password (passphrase) for ssh client certificate if it has one.","description_kind":"plain"},"max_items":1}},"description":"SSH Public Key for Authentication.","description_kind":"plain"},"max_items":1},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","required":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"authConfig for the connection.","description_kind":"plain"},"max_items":1},"config_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","required":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable.","description_kind":"plain"},"max_items":1}},"description":"Config Variables for the connection.","description_kind":"plain"}},"destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"The key is the destination identifier that is supported by the Connector.","description_kind":"plain","required":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"For publicly routable host.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port is the target port number that is accepted by the destination.","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"PSC service attachments. Format: projects/*/regions/*/serviceAttachments/*","description_kind":"plain","optional":true}},"description":"The destinations for the key.","description_kind":"plain"}}},"description":"Define the Connectors target endpoint.","description_kind":"plain"}},"eventing_config":{"nesting_mode":"list","block":{"attributes":{"enrichment_enabled":{"type":"bool","description":"Enrichment Enabled.","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encryption Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable.","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"auth_config":{"nesting_mode":"list","block":{"attributes":{"auth_key":{"type":"string","description":"The type of authentication configured.","description_kind":"plain","optional":true},"auth_type":{"type":"string","description":"authType of the Connection Possible values: [\"USER_PASSWORD\"]","description_kind":"plain","required":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"List containing additional auth configs.","description_kind":"plain"}},"user_password":{"nesting_mode":"list","block":{"attributes":{"username":{"type":"string","description":"Username for Authentication.","description_kind":"plain","optional":true}},"block_types":{"password":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The resource name of the secret version in the format,\nformat as: projects/*/secrets/*/versions/*.","description_kind":"plain","required":true}},"description":"Password for Authentication.","description_kind":"plain"},"max_items":1}},"description":"User password for Authentication.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"authConfig for Eventing Configuration.","description_kind":"plain"},"max_items":1},"registration_destination_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"Key for the connection","description_kind":"plain","optional":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"host":{"type":"string","description":"Host","description_kind":"plain","optional":true},"port":{"type":"number","description":"port number","description_kind":"plain","optional":true},"service_attachment":{"type":"string","description":"Service Attachment","description_kind":"plain","optional":true}},"description":"destinations for the connection","description_kind":"plain"}}},"description":"registrationDestinationConfig","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Eventing Configuration of a connection","description_kind":"plain"},"max_items":1},"lock_config":{"nesting_mode":"list","block":{"attributes":{"locked":{"type":"bool","description":"Indicates whether or not the connection is locked.","description_kind":"plain","required":true},"reason":{"type":"string","description":"Describes why a connection is locked.","description_kind":"plain","optional":true}},"description":"Determines whether or no a connection is locked. If locked, a reason must be specified.","description_kind":"plain"},"max_items":1},"log_config":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enabled represents whether logging is enabled or not for a connection.","description_kind":"plain","required":true}},"description":"Log configuration for the connection.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true},"min_node_count":{"type":"number","description":"Minimum number of nodes in the runtime nodes.","description_kind":"plain","optional":true,"computed":true}},"description":"Node configuration for the connection.","description_kind":"plain"},"max_items":1},"ssl_config":{"nesting_mode":"list","block":{"attributes":{"client_cert_type":{"type":"string","description":"Type of Client Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"server_cert_type":{"type":"string","description":"Type of Server Cert (PEM/JKS/.. etc.) Possible values: [\"PEM\"]","description_kind":"plain","optional":true},"trust_model":{"type":"string","description":"Enum for Trust Model Possible values: [\"PUBLIC\", \"PRIVATE\", \"INSECURE\"]","description_kind":"plain","optional":true},"type":{"type":"string","description":"Enum for controlling the SSL Type (TLS/MTLS) Possible values: [\"TLS\", \"MTLS\"]","description_kind":"plain","required":true},"use_ssl":{"type":"bool","description":"Bool for enabling SSL","description_kind":"plain","optional":true}},"block_types":{"additional_variable":{"nesting_mode":"list","block":{"attributes":{"boolean_value":{"type":"bool","description":"Boolean Value of configVariable.","description_kind":"plain","optional":true},"integer_value":{"type":"number","description":"Integer Value of configVariable.","description_kind":"plain","optional":true},"key":{"type":"string","description":"Key for the configVariable","description_kind":"plain","required":true},"string_value":{"type":"string","description":"String Value of configVariabley.","description_kind":"plain","optional":true}},"block_types":{"encryption_key_value":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The [KMS key name] with which the content of the Operation is encrypted. The expected\nformat: projects/*/locations/*/keyRings/*/cryptoKeys/*.\nWill be empty string if google managed.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Type of Encription Key Possible values: [\"GOOGLE_MANAGED\", \"CUSTOMER_MANAGED\"]","description_kind":"plain","optional":true}},"description":"Encription key value of configVariable","description_kind":"plain"},"max_items":1},"secret_value":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret value of configVariable","description_kind":"plain"},"max_items":1}},"description":"Additional SSL related field values.","description_kind":"plain"}},"client_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Certificate","description_kind":"plain"},"max_items":1},"client_private_key":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Client Private Key","description_kind":"plain"},"max_items":1},"client_private_key_pass":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Secret containing the passphrase protecting the Client Private Key","description_kind":"plain"},"max_items":1},"private_server_certificate":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"Secret version of Secret Value for Config variable.","description_kind":"plain","required":true}},"description":"Private Server Certificate. Needs to be specified if trust model is PRIVATE.","description_kind":"plain"},"max_items":1}},"description":"SSL Configuration of a connection","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integration_connectors_endpoint_attachment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Namespace was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"endpoint_ip":{"type":"string","description":"The Private Service Connect connection endpoint ip.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location in which Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of Endpoint Attachment needs to be created.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_attachment":{"type":"string","description":"The path of the service attachment.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Namespace was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_auth_config":{"version":0,"block":{"attributes":{"certificate_id":{"type":"string","description":"Certificate id for client certificate.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp when the auth config is created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"creator_email":{"type":"string","description":"The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"credential_type":{"type":"string","description":"Credential type of the encrypted credential.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the auth config.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The name of the auth config.","description_kind":"plain","required":true},"encrypted_credential":{"type":"string","description":"Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.\n\nA base64-encoded string.","description_kind":"plain","computed":true},"expiry_notification_duration":{"type":["list","string"],"description":"User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.\n\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modifier_email":{"type":"string","description":"The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name of the auth config.","description_kind":"plain","computed":true},"override_valid_time":{"type":"string","description":"User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"reason":{"type":"string","description":"The reason / details of the current status.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The status of the auth config.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the auth config is modified.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_time":{"type":"string","description":"The time until the auth config is valid. Empty or max value is considered the auth config won't expire.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"visibility":{"type":"string","description":"The visibility of the auth config. Possible values: [\"PRIVATE\", \"CLIENT_VISIBLE\"]","description_kind":"plain","optional":true}},"block_types":{"client_certificate":{"nesting_mode":"list","block":{"attributes":{"encrypted_private_key":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true},"passphrase":{"type":"string","description":"'passphrase' should be left unset if private key is not encrypted.\nNote that 'passphrase' is not the password for web server, but an extra layer of security to protected private key.","description_kind":"plain","optional":true},"ssl_certificate":{"type":"string","description":"The ssl certificate encoded in PEM format. This string must include the begin header and end footer lines.","description_kind":"plain","required":true}},"description":"Raw client certificate","description_kind":"plain"},"max_items":1},"decrypted_credential":{"nesting_mode":"list","block":{"attributes":{"credential_type":{"type":"string","description":"Credential type associated with auth configs.","description_kind":"plain","required":true}},"block_types":{"auth_token":{"nesting_mode":"list","block":{"attributes":{"token":{"type":"string","description":"The token for the auth type.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Authentication type, e.g. \"Basic\", \"Bearer\", etc.","description_kind":"plain","optional":true}},"description":"Auth token credential.","description_kind":"plain"},"max_items":1},"jwt":{"nesting_mode":"list","block":{"attributes":{"jwt":{"type":"string","description":"The token calculated by the header, payload and signature.","description_kind":"plain","computed":true},"jwt_header":{"type":"string","description":"Identifies which algorithm is used to generate the signature.","description_kind":"plain","optional":true},"jwt_payload":{"type":"string","description":"Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.","description_kind":"plain","optional":true},"secret":{"type":"string","description":"User's pre-shared secret to sign the token.","description_kind":"plain","optional":true}},"description":"JWT credential.","description_kind":"plain"},"max_items":1},"oauth2_authorization_code":{"nesting_mode":"list","block":{"attributes":{"auth_endpoint":{"type":"string","description":"The auth url endpoint to send the auth code request to.","description_kind":"plain","optional":true},"client_id":{"type":"string","description":"The client's id.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token url endpoint to send the token request to.","description_kind":"plain","optional":true}},"description":"OAuth2 authorization code credential.","description_kind":"plain"},"max_items":1},"oauth2_client_credentials":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client's ID.","description_kind":"plain","optional":true},"client_secret":{"type":"string","description":"The client's secret.","description_kind":"plain","optional":true},"request_type":{"type":"string","description":"Represent how to pass parameters to fetch access token Possible values: [\"REQUEST_TYPE_UNSPECIFIED\", \"REQUEST_BODY\", \"QUERY_PARAMETERS\", \"ENCODED_HEADER\"]","description_kind":"plain","optional":true},"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"token_endpoint":{"type":"string","description":"The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.","description_kind":"plain","optional":true}},"block_types":{"token_params":{"nesting_mode":"list","block":{"block_types":{"entries":{"nesting_mode":"list","block":{"block_types":{"key":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Key of the map entry.","description_kind":"plain"},"max_items":1},"value":{"nesting_mode":"list","block":{"block_types":{"literal_value":{"nesting_mode":"list","block":{"attributes":{"string_value":{"type":"string","description":"String.","description_kind":"plain","optional":true}},"description":"Passing a literal value","description_kind":"plain"},"max_items":1}},"description":"Value of the map entry.","description_kind":"plain"},"max_items":1}},"description":"A list of parameter map entries.","description_kind":"plain"}}},"description":"Token parameters for the auth request.","description_kind":"plain"},"max_items":1}},"description":"OAuth2 client credentials.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"The service account email to be used as the identity for the token.","description_kind":"plain","optional":true},"token":{"type":"string","description":"ID token obtained for the service account.","description_kind":"plain","computed":true},"token_expire_time":{"type":"string","description":"The approximate time until the token retrieved is valid.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description":"Google OIDC ID Token.","description_kind":"plain"},"max_items":1},"service_account_credentials":{"nesting_mode":"list","block":{"attributes":{"scope":{"type":"string","description":"A space-delimited list of requested scope permissions.","description_kind":"plain","optional":true},"service_account":{"type":"string","description":"Name of the service account that has the permission to make the request.","description_kind":"plain","optional":true}},"description":"Service account credential.","description_kind":"plain"},"max_items":1},"username_and_password":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"Password to be used.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username to be used.","description_kind":"plain","optional":true}},"description":"Username and password credential.","description_kind":"plain"},"max_items":1}},"description":"Raw auth credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_integrations_client":{"version":0,"block":{"attributes":{"create_sample_integrations":{"type":"bool","description":"Indicates if sample integrations should be created along with provisioning.","description_kind":"plain","optional":true},"create_sample_workflows":{"type":"bool","description":"Indicates if sample workflow should be created along with provisioning.","description_kind":"plain","deprecated":true,"optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location in which client needs to be provisioned.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"provision_gmek":{"type":"bool","description":"Indicates provision with GMEK or CMEK.","description_kind":"plain","deprecated":true,"optional":true},"run_as_service_account":{"type":"string","description":"User input run-as service account, if empty, will bring up a new default service account.","description_kind":"plain","optional":true}},"block_types":{"cloud_kms_config":{"nesting_mode":"list","block":{"attributes":{"key":{"type":"string","description":"A Cloud KMS key is a named object containing one or more key versions, along\nwith metadata for the key. A key exists on exactly one key ring tied to a\nspecific location.","description_kind":"plain","required":true},"key_version":{"type":"string","description":"Each version of a key contains key material used for encryption or signing.\nA key's version is represented by an integer, starting at 1. To decrypt data\nor verify a signature, you must use the same key version that was used to\nencrypt or sign the data.","description_kind":"plain","optional":true},"kms_location":{"type":"string","description":"Location name of the key ring, e.g. \"us-west1\".","description_kind":"plain","required":true},"kms_project_id":{"type":"string","description":"The Google Cloud project id of the project where the kms key stored. If empty,\nthe kms key is stored at the same project as customer's project and ecrypted\nwith CMEK, otherwise, the kms key is stored in the tenant project and\nencrypted with GMEK.","description_kind":"plain","optional":true},"kms_ring":{"type":"string","description":"A key ring organizes keys in a specific Google Cloud location and allows you to\nmanage access control on groups of keys. A key ring's name does not need to be\nunique across a Google Cloud project, but must be unique within a given location.","description_kind":"plain","required":true}},"description":"Cloud KMS config for AuthModule to encrypt/decrypt credentials.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","optional":true,"computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","optional":true,"computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","optional":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"version_template":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use when creating a version based on this template.\nSee the [algorithm reference](https://cloud.google.com/kms/docs/reference/rest/v1/CryptoKeyVersionAlgorithm) for possible inputs.","description_kind":"plain","required":true},"protection_level":{"type":"string","description":"The protection level to use when creating a version based on this template. Possible values include \"SOFTWARE\", \"HSM\", \"EXTERNAL\", \"EXTERNAL_VPC\". Defaults to \"SOFTWARE\".","description_kind":"plain","optional":true}},"description":"A template describing settings for new crypto key versions.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_binding":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_member":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description":"The CryptoKeyVersionAlgorithm that this CryptoKeyVersion supports.","description_kind":"plain","computed":true},"attestation":{"type":["list",["object",{"cert_chains":["list",["object",{"cavium_certs":["list","string"],"google_card_certs":["list","string"],"google_partition_certs":["list","string"]}]],"content":"string","external_protection_level_options":["list",["object",{"ekm_connection_key_path":"string","external_key_uri":"string"}]],"format":"string"}]],"description":"Statement that was generated and signed by the HSM at key creation time. Use this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly provided for key versions with protectionLevel HSM.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The name of the cryptoKey associated with the CryptoKeyVersions.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"generate_time":{"type":"string","description":"The time this CryptoKeyVersion key material was generated","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name for this CryptoKeyVersion.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The ProtectionLevel describing how crypto operations are performed with this CryptoKeyVersion.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the CryptoKeyVersion. Possible values: [\"PENDING_GENERATION\", \"ENABLED\", \"DISABLED\", \"DESTROYED\", \"DESTROY_SCHEDULED\", \"PENDING_IMPORT\", \"IMPORT_FAILED\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"external_protection_level_options":{"nesting_mode":"list","block":{"attributes":{"ekm_connection_key_path":{"type":"string","description":"The path to the external key material on the EKM when using EkmConnection e.g., \"v0/my/key\". Set this field instead of externalKeyUri when using an EkmConnection.","description_kind":"plain","optional":true},"external_key_uri":{"type":"string","description":"The URI for an external resource that this CryptoKeyVersion represents.","description_kind":"plain","optional":true}},"description":"ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_ekm_connection":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which the EkmConnection was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"crypto_space_path":{"type":"string","description":"Optional. Identifies the EKM Crypto Space that this EkmConnection maps to. Note: This field is required if KeyManagementMode is CLOUD_KMS.","description_kind":"plain","optional":true,"computed":true},"etag":{"type":"string","description":"Optional. Etag of the currently stored EkmConnection.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_management_mode":{"type":"string","description":"Optional. Describes who can perform control plane operations on the EKM. If unset, this defaults to MANUAL Default value: \"MANUAL\" Possible values: [\"MANUAL\", \"CLOUD_KMS\"]","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the EkmConnection.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the EkmConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"service_resolvers":{"nesting_mode":"list","block":{"attributes":{"endpoint_filter":{"type":"string","description":"Optional. The filter applied to the endpoints of the resolved service. If no filter is specified, all endpoints will be considered. An endpoint will be chosen arbitrarily from the filtered list for each request. For endpoint filter syntax and examples, see https://cloud.google.com/service-directory/docs/reference/rpc/google.cloud.servicedirectory.v1#resolveservicerequest.","description_kind":"plain","optional":true,"computed":true},"hostname":{"type":"string","description":"Required. The hostname of the EKM replica used at TLS and HTTP layers.","description_kind":"plain","required":true},"service_directory_service":{"type":"string","description":"Required. The resource name of the Service Directory service pointing to an EKM replica, in the format projects/*/locations/*/namespaces/*/services/*","description_kind":"plain","required":true}},"block_types":{"server_certificates":{"nesting_mode":"list","block":{"attributes":{"issuer":{"type":"string","description":"Output only. The issuer distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"not_after_time":{"type":"string","description":"Output only. The certificate is not valid after this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"not_before_time":{"type":"string","description":"Output only. The certificate is not valid before this time. Only present if parsed is true.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"parsed":{"type":"bool","description":"Output only. True if the certificate was parsed successfully.","description_kind":"plain","computed":true},"raw_der":{"type":"string","description":"Required. The raw certificate bytes in DER format. A base64-encoded string.","description_kind":"plain","required":true},"serial_number":{"type":"string","description":"Output only. The certificate serial number as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"sha256_fingerprint":{"type":"string","description":"Output only. The SHA-256 certificate fingerprint as a hex string. Only present if parsed is true.","description_kind":"plain","computed":true},"subject":{"type":"string","description":"Output only. The subject distinguished name in RFC 2253 format. Only present if parsed is true.","description_kind":"plain","computed":true},"subject_alternative_dns_names":{"type":["list","string"],"description":"Output only. The subject Alternative DNS names. Only present if parsed is true.","description_kind":"plain","optional":true,"computed":true}},"description":"Required. A list of leaf server certificates used to authenticate HTTPS connections to the EKM replica. Currently, a maximum of 10 Certificate is supported.","description_kind":"plain"},"min_items":1}},"description":"A list of ServiceResolvers where the EKM can be reached. There should be one ServiceResolver per EKM replica. Currently, only a single ServiceResolver is supported","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_key_ring_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_kms_key_ring_import_job":{"version":0,"block":{"attributes":{"attestation":{"type":["list",["object",{"content":"string","format":"string"}]],"description":"Statement that was generated and signed by the key creator (for example, an HSM) at key creation time.\nUse this statement to verify attributes of the key as stored on the HSM, independently of Google.\nOnly present if the chosen ImportMethod is one with a protection level of HSM.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"The time at which this resource is scheduled for expiration and can no longer be used.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_job_id":{"type":"string","description":"It must be unique within a KeyRing and match the regular expression [a-zA-Z0-9_-]{1,63}","description_kind":"plain","required":true},"import_method":{"type":"string","description":"The wrapping method to be used for incoming key material. Possible values: [\"RSA_OAEP_3072_SHA1_AES_256\", \"RSA_OAEP_4096_SHA1_AES_256\"]","description_kind":"plain","required":true},"key_ring":{"type":"string","description":"The KeyRing that this import job belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this ImportJob in the format projects/*/locations/*/keyRings/*/importJobs/*.","description_kind":"plain","computed":true},"protection_level":{"type":"string","description":"The protection level of the ImportJob. This must match the protectionLevel of the\nversionTemplate on the CryptoKey you attempt to import into. Possible values: [\"SOFTWARE\", \"HSM\", \"EXTERNAL\"]","description_kind":"plain","required":true},"public_key":{"type":["list",["object",{"pem":"string"}]],"description":"The public key with which to wrap key material prior to import. Only returned if state is 'ACTIVE'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of the ImportJob, indicating if it can be used.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description":"The additional authenticated data used for integrity checks during encryption and decryption.","description_kind":"plain","optional":true,"sensitive":true},"ciphertext":{"type":"string","description":"Contains the result of encrypting the provided plaintext, encoded in base64.","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description":"The full name of the CryptoKey that will be used to encrypt the provided plaintext.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}/cryptoKeys/{{cryptoKey}}''","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description":"The plaintext to be encrypted.","description_kind":"plain","required":true,"sensitive":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_billing_account_bucket_config":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_billing_account_exclusion":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_billing_account_sink":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description":"The billing account exported to the sink.","description_kind":"plain","required":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_folder_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_folder_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"folder":{"type":"string","description":"The folder to be exported to the sink. Note that either [FOLDER_ID] or \"folders/[FOLDER_ID]\" is accepted.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_linked_dataset":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket to which the linked dataset is attached.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the link. A timestamp in RFC3339 UTC \"Zulu\" format,\nwith nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\"\nand \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this link. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"Output only. The linked dataset lifecycle state.","description_kind":"plain","computed":true},"link_id":{"type":"string","description":"The id of the linked dataset.","description_kind":"plain","required":true},"location":{"type":"string","description":"The location of the linked dataset.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the linked dataset. The name can have up to 100 characters. A valid link id\n(at the end of the link name) must only have alphanumeric characters and underscores within it.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the linked dataset.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"bigquery_dataset":{"nesting_mode":"list","block":{"attributes":{"dataset_id":{"type":"string","description":"Output only. The full resource name of the BigQuery dataset. The DATASET_ID will match the ID\nof the link, so the link must match the naming restrictions of BigQuery datasets\n(alphanumeric characters and underscores only). The dataset will have a resource path of\n\"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET_ID]\"","description_kind":"plain","computed":true}},"description":"The information of a BigQuery Dataset. When a link is created, a BigQuery dataset is created along\nwith it, in the same project as the LogBucket it's linked to. This dataset will also have BigQuery\nViews corresponding to the LogViews in the bucket.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_log_view":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The bucket of the resource","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Output only. The creation timestamp of the view.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Describes this view.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"Filter that restricts which log entries in a bucket are visible in this view. Filters are restricted to be a logical AND of ==/!= of any of the following: - originating project/folder/organization/billing account. - resource type - log id For example: SOURCE(\"projects/myproject\") AND resource.type = \"gce_instance\" AND LOG_ID(\"stdout\")","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource. The supported locations are: global, us-central1, us-east1, us-west1, asia-east1, europe-west1.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of the view. For example: \\'projects/my-project/locations/global/buckets/my-bucket/views/my-view\\'","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The last update timestamp of the view.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_metric":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The resource name of the Log Bucket that owns the Log Metric. Only Log Buckets in projects\nare supported. The bucket has to be in the same project as the metric.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this metric, which is used in documentation. The maximum length of the\ndescription is 8000 characters.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this metric is disabled and it does not generate any points.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter (https://cloud.google.com/logging/docs/view/advanced-filters) which\nis used to match log entries.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key string to an extractor expression which is used to extract data from a log\nentry field and assign as the label value. Each label key specified in the LabelDescriptor must\nhave an associated extractor expression in this map. The syntax of the extractor expression is\nthe same as for the valueExtractor field.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The client-assigned metric identifier. Examples - \"error_count\", \"nginx/requests\".\nMetric identifiers are limited to 100 characters and can include only the following\ncharacters A-Z, a-z, 0-9, and the special characters _-.,+!*',()%/. The forward-slash\ncharacter (/) denotes a hierarchy of name pieces, and it cannot be the first character\nof the name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"value_extractor":{"type":"string","description":"A valueExtractor is required when using a distribution logs-based metric to extract the values to\nrecord from a log entry. Two functions are supported for value extraction - EXTRACT(field) or\nREGEXP_EXTRACT(field, regex). The argument are 1. field - The name of the log entry field from which\nthe value is to be extracted. 2. regex - A regular expression using the Google RE2 syntax\n(https://github.com/google/re2/wiki/Syntax) with a single capture group to extract data from the specified\nlog entry field. The value of the field is converted to a string before applying the regex. It is an\nerror to specify a regex that does not include exactly one capture group.","description_kind":"plain","optional":true}},"block_types":{"bucket_options":{"nesting_mode":"list","block":{"block_types":{"explicit_buckets":{"nesting_mode":"list","block":{"attributes":{"bounds":{"type":["list","number"],"description":"The values must be monotonically increasing.","description_kind":"plain","required":true}},"description":"Specifies a set of buckets with arbitrary widths.","description_kind":"plain"},"max_items":1},"exponential_buckets":{"nesting_mode":"list","block":{"attributes":{"growth_factor":{"type":"number","description":"Must be greater than 1.","description_kind":"plain","required":true},"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"scale":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies an exponential sequence of buckets that have a width that is proportional to the value of\nthe lower bound. Each bucket represents a constant relative uncertainty on a specific value in the bucket.","description_kind":"plain"},"max_items":1},"linear_buckets":{"nesting_mode":"list","block":{"attributes":{"num_finite_buckets":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true},"offset":{"type":"number","description":"Lower bound of the first bucket.","description_kind":"plain","required":true},"width":{"type":"number","description":"Must be greater than 0.","description_kind":"plain","required":true}},"description":"Specifies a linear sequence of buckets that all have the same width (except overflow and underflow).\nEach bucket represents a constant absolute uncertainty on the specific value in the bucket.","description_kind":"plain"},"max_items":1}},"description":"The bucketOptions are required when the logs-based metric is using a DISTRIBUTION value type and it\ndescribes the bucket boundaries used to create a histogram of the extracted values.","description_kind":"plain"},"max_items":1},"metric_descriptor":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case\nwithout an ending period, for example \"Request count\". This field is optional but it is\nrecommended to be set for any metrics associated with user-visible concepts, such as Quota.","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to DELTA. Possible values: [\"DELTA\", \"GAUGE\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"unit":{"type":"string","description":"The unit in which the metric value is reported. It is only applicable if the valueType is\n'INT64', 'DOUBLE', or 'DISTRIBUTION'. The supported units are a subset of\n[The Unified Code for Units of Measure](http://unitsofmeasure.org/ucum.html) standard","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc.\nSome combinations of metricKind and valueType might not be supported.\nFor counter metrics, set this to INT64. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\", \"MONEY\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The label key.","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"BOOL\", \"INT64\", \"STRING\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. For\nexample, the appengine.googleapis.com/http/server/response_latencies metric type has a label\nfor the HTTP response code, response_code, so you can look at latencies for successful responses\nor just for responses that failed.","description_kind":"plain"}}},"description":"The optional metric descriptor associated with the logs-based metric.\nIf unspecified, it uses a default metric descriptor with a DELTA metric kind,\nINT64 value type, with no labels and a unit of \"1\". Such a metric counts the\nnumber of log entries matching the filter expression.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The parent resource that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_organization_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"org_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.","description_kind":"plain","optional":true,"computed":true},"kms_service_account_id":{"type":"string","description":"The service account that will be used by the Log Router to access your Cloud KMS key.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve or configure settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_organization_sink":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"include_children":{"type":"bool","description":"Whether or not to include children organizations in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided organization are included.","description_kind":"plain","optional":true},"intercept_children":{"type":"bool","description":"Whether or not to intercept logs from child projects. If true, matching logs will not match with sinks in child resources, except _Required sinks. This sink will be visible to child resources when listing sinks.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization to be exported to the sink.","description_kind":"plain","required":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_logging_project_bucket_config":{"version":0,"block":{"attributes":{"bucket_id":{"type":"string","description":"The name of the logging bucket. Logging automatically creates two log buckets: _Required and _Default.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description for this bucket.","description_kind":"plain","optional":true,"computed":true},"enable_analytics":{"type":"bool","description":"Enable log analytics for the bucket. Cannot be disabled once enabled.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description":"The bucket's lifecycle such as active or deleted.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the bucket.","description_kind":"plain","required":true},"locked":{"type":"bool","description":"Whether the bucket is locked. The retention period on a locked bucket cannot be changed. Locked buckets may only be deleted if they are empty.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the bucket","description_kind":"plain","computed":true},"project":{"type":"string","description":"The parent project that contains the logging bucket.","description_kind":"plain","required":true},"retention_days":{"type":"number","description":"Logs will be retained by default for this amount of time, after which they will automatically be deleted. The minimum retention period is 1 day. If this value is set to zero at bucket creation time, the default time of 30 days will be used.","description_kind":"plain","optional":true}},"block_types":{"cmek_settings":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\nTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\nThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","required":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\nKMS key name format:\n\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\nFor example:\n\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\nThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\nBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\nSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description":"The CMEK settings of the log bucket. If present, new log entries written to this log bucket are encrypted using the CMEK key provided in this configuration. If a log bucket has CMEK settings, the CMEK settings cannot be disabled later by updating the log bucket. Changing the KMS key is allowed.","description_kind":"plain"},"max_items":1},"index_configs":{"nesting_mode":"set","block":{"attributes":{"field_path":{"type":"string","description":"The LogEntry field path to index.","description_kind":"plain","required":true},"type":{"type":"string","description":"The type of data in this index\nNote that some paths are automatically indexed, and other paths are not eligible for indexing. See [indexing documentation]( https://cloud.google.com/logging/docs/view/advanced-queries#indexed-fields) for details.\nFor example: jsonPayload.request.status","description_kind":"plain","required":true}},"description":"A list of indexed fields and related configuration data.","description_kind":"plain"},"max_items":20}},"description_kind":"plain"}},"google_logging_project_exclusion":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether this exclusion rule should be disabled or not. This defaults to false.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when excluding logs. Only log entries that match the filter are excluded.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging exclusion.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_logging_project_sink":{"version":0,"block":{"attributes":{"custom_writer_identity":{"type":"string","description":"A service account provided by the caller that will be used to write the log entries. The format must be serviceAccount:some@email. This field can only be specified if you are routing logs to a destination outside this sink's project. If not specified, a Logging service account will automatically be generated.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","optional":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","required":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project to create the sink in. If omitted, the project associated with the provider is used.","description_kind":"plain","optional":true,"computed":true},"unique_writer_identity":{"type":"bool","description":"Whether or not to create a unique identity associated with this sink. If false (the legacy behavior), then the writer_identity used is serviceAccount:cloud-logs@system.gserviceaccount.com. If true (default), then a unique service account is created and used for this sink. If you wish to publish logs across projects, you must set unique_writer_identity to true.","description_kind":"plain","optional":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"block_types":{"bigquery_options":{"nesting_mode":"list","block":{"attributes":{"use_partitioned_tables":{"type":"bool","description":"Whether to use BigQuery's partition tables. By default, Logging creates dated tables based on the log entries' timestamps, e.g. syslog_20170523. With partitioned tables the date suffix is no longer present and special query syntax has to be used instead. In both cases, tables are sharded based on UTC timezone.","description_kind":"plain","required":true}},"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain"},"max_items":1},"exclusions":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A description of this exclusion.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If set to True, then this exclusion is disabled and it does not exclude any log entries","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An advanced logs filter that matches the log entries to be excluded. By using the sample function, you can exclude less than 100% of the matching log entries","description_kind":"plain","required":true},"name":{"type":"string","description":"A client-assigned identifier, such as \"load-balancer-exclusion\". Identifiers are limited to 100 characters and can include only letters, digits, underscores, hyphens, and periods. First character has to be alphanumeric.","description_kind":"plain","required":true}},"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain"}}},"description_kind":"plain"}},"google_looker_instance":{"version":0,"block":{"attributes":{"consumer_network":{"type":"string","description":"Network name in the consumer project in the format of: projects/{project}/global/networks/{network}\nNote that the consumer network may be in a different GCP project than the consumer\nproject that is hosting the Looker Instance.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"egress_public_ip":{"type":"string","description":"Public Egress IP (IPv4).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_private_ip":{"type":"string","description":"Private Ingress IP (IPv4).","description_kind":"plain","computed":true},"ingress_public_ip":{"type":"string","description":"Public Ingress IP (IPv4).","description_kind":"plain","computed":true},"looker_uri":{"type":"string","description":"Looker instance URI which can be used to access the Looker Instance UI.","description_kind":"plain","computed":true},"looker_version":{"type":"string","description":"The Looker version that the instance is using.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"platform_edition":{"type":"string","description":"Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:\n- LOOKER_CORE_TRIAL: trial instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD: pay as you go standard instance (Currently Unavailable)\n- LOOKER_CORE_STANDARD_ANNUAL: subscription standard instance\n- LOOKER_CORE_ENTERPRISE_ANNUAL: subscription enterprise instance\n- LOOKER_CORE_EMBED_ANNUAL: subscription embed instance Default value: \"LOOKER_CORE_TRIAL\" Possible values: [\"LOOKER_CORE_TRIAL\", \"LOOKER_CORE_STANDARD\", \"LOOKER_CORE_STANDARD_ANNUAL\", \"LOOKER_CORE_ENTERPRISE_ANNUAL\", \"LOOKER_CORE_EMBED_ANNUAL\"]","description_kind":"plain","optional":true},"private_ip_enabled":{"type":"bool","description":"Whether private IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_ip_enabled":{"type":"bool","description":"Whether public IP is enabled on the Looker instance.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the Looker region of the instance.","description_kind":"plain","optional":true,"computed":true},"reserved_range":{"type":"string","description":"Name of a reserved IP address range within the consumer network, to be used for\nprivate service access connection. User may or may not specify this in a request.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time the instance was updated in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true}},"block_types":{"admin_settings":{"nesting_mode":"list","block":{"attributes":{"allowed_email_domains":{"type":["list","string"],"description":"Email domain allowlist for the instance.\n\nDefine the email domains to which your users can deliver Looker (Google Cloud core) content.\nUpdating this list will restart the instance. Updating the allowed email domains from terraform\nmeans the value provided will be considered as the entire list and not an amendment to the\nexisting list of allowed email domains.","description_kind":"plain","optional":true}},"description":"Looker instance Admin settings.","description_kind":"plain"},"max_items":1},"custom_domain":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name","description_kind":"plain","optional":true},"state":{"type":"string","description":"Status of the custom domain.","description_kind":"plain","computed":true}},"description":"Custom domain settings for a Looker instance.","description_kind":"plain"},"max_items":1},"deny_maintenance_period":{"nesting_mode":"list","block":{"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of a month. Must be from 1 to 31 and valid for the year and month, or 0\nto specify a year by itself or a year and month where the day isn't significant.","description_kind":"plain","optional":true},"month":{"type":"number","description":"Month of a year. Must be from 1 to 12, or 0 to specify a year without a\nmonth and day.","description_kind":"plain","optional":true},"year":{"type":"number","description":"Year of the date. Must be from 1 to 9999, or 0 to specify a date without\na year.","description_kind":"plain","optional":true}},"description":"Required. Start date of the deny maintenance period","description_kind":"plain"},"min_items":1,"max_items":1},"time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance denial period for this instance.\n\nYou must allow at least 14 days of maintenance availability\nbetween any two deny maintenance periods.","description_kind":"plain"},"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Name of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","optional":true},"kms_key_name_version":{"type":"string","description":"Full name and version of the CMEK key currently in use to encrypt Looker data.","description_kind":"plain","computed":true},"kms_key_state":{"type":"string","description":"Status of the customer managed encryption key (CMEK) in KMS.","description_kind":"plain","computed":true}},"description":"Looker instance encryption settings.","description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"Required. Day of the week for this MaintenanceWindow (in UTC).\n\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Maintenance window for an instance.\n\nMaintenance of your instance takes place once a month, and will require\nyour instance to be restarted during updates, which will temporarily\ndisrupt service.","description_kind":"plain"},"max_items":1},"oauth_config":{"nesting_mode":"list","block":{"attributes":{"client_id":{"type":"string","description":"The client ID for the Oauth config.","description_kind":"plain","required":true},"client_secret":{"type":"string","description":"The client secret for the Oauth config.","description_kind":"plain","required":true}},"description":"Looker Instance OAuth login settings.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"user_metadata":{"nesting_mode":"list","block":{"attributes":{"additional_developer_user_count":{"type":"number","description":"Number of additional Developer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_standard_user_count":{"type":"number","description":"Number of additional Standard Users to allocate to the Looker Instance.","description_kind":"plain","optional":true},"additional_viewer_user_count":{"type":"number","description":"Number of additional Viewer Users to allocate to the Looker Instance.","description_kind":"plain","optional":true}},"description":"Metadata about users for a Looker instance.\n\nThese settings are only available when platform edition LOOKER_CORE_STANDARD is set.\n\nThere are ten Standard and two Developer users included in the cost of the product.\nYou can allocate additional Standard, Viewer, and Developer users for this instance.\nIt is an optional step and can be modified later.\n\nWith the Standard edition of Looker (Google Cloud core), you can provision up to 50\ntotal users, distributed across Viewer, Standard, and Developer.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_memcache_instance":{"version":0,"block":{"attributes":{"authorized_network":{"type":"string","description":"The full name of the GCE network to connect the instance to. If not provided,\n'default' will be used.","description_kind":"plain","optional":true,"computed":true},"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"discovery_endpoint":{"type":"string","description":"Endpoint for Discovery API","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A user-visible name for the instance.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Output only. Published maintenance schedule.","description_kind":"plain","computed":true},"memcache_full_version":{"type":"string","description":"The full version of memcached server running on this instance.","description_kind":"plain","computed":true},"memcache_nodes":{"type":["list",["object",{"host":"string","node_id":"string","port":"number","state":"string","zone":"string"}]],"description":"Additional information about the instance state, if available.","description_kind":"plain","computed":true},"memcache_version":{"type":"string","description":"The major version of Memcached software. If not provided, latest supported version will be used.\nCurrently the latest supported major version is MEMCACHE_1_5. The minor version will be automatically\ndetermined by our system based on the latest supported minor version. Default value: \"MEMCACHE_1_5\" Possible values: [\"MEMCACHE_1_5\", \"MEMCACHE_1_6_15\"]","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"node_count":{"type":"number","description":"Number of nodes in the memcache instance.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the Memcache instance. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range_id":{"type":["list","string"],"description":"Contains the name of allocated IP address ranges associated with\nthe private service access connection for example, \"test-default\"\nassociated with IP range 10.0.0.0/29.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zones":{"type":["set","string"],"description":"Zones where memcache nodes should be provisioned. If not\nprovided, all zones will be used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Required. The length of the maintenance window, ranging from 3 hours to 8 hours.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Required. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number of weekly_maintenance_windows\nis expected to be one.","description_kind":"plain"},"min_items":1}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"memcache_parameters":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"This is a unique ID associated with this set of parameters.","description_kind":"plain","computed":true},"params":{"type":["map","string"],"description":"User-defined set of parameters to use in the memcache process.","description_kind":"plain","optional":true}},"description":"User-specified parameters for this memcache instance.","description_kind":"plain"},"max_items":1},"node_config":{"nesting_mode":"list","block":{"attributes":{"cpu_count":{"type":"number","description":"Number of CPUs per node.","description_kind":"plain","required":true},"memory_size_mb":{"type":"number","description":"Memory size in Mebibytes for each memcache node.","description_kind":"plain","required":true}},"description":"Configuration for memcache nodes.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the group was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. The description of the group.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Optional. User-friendly display name.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"group_id":{"type":"string","description":"Required. User specified ID for the group. It will become the last component of the group name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression: '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. \n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the group.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. The name of the group.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the group was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_migration_center_preference_set":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The timestamp when the preference set was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the preference set.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User-friendly display name. Maximum length is 63 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Output only. Name of the preference set.","description_kind":"plain","computed":true},"preference_set_id":{"type":"string","description":"Required. User specified ID for the preference set. It will become the last component of the preference set name. The ID must be unique within the project, must conform with RFC-1034, is restricted to lower-cased letters, and has a maximum length of 63 characters. The ID must match the regular expression '[a-z]([a-z0-9-]{0,61}[a-z0-9])?'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. The timestamp when the preference set was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nCOMMITMENT_PLAN_NONE\nCOMMITMENT_PLAN_ONE_YEAR\nCOMMITMENT_PLAN_THREE_YEARS","description_kind":"plain","optional":true},"sizing_optimization_strategy":{"type":"string","description":"Sizing optimization strategy specifies the preferred strategy used when extrapolating usage data to calculate insights and recommendations for a virtual machine. If you are unsure which value to set, a moderate sizing optimization strategy is often a good value to start with. \n Possible values:\n SIZING_OPTIMIZATION_STRATEGY_UNSPECIFIED\nSIZING_OPTIMIZATION_STRATEGY_SAME_AS_SOURCE\nSIZING_OPTIMIZATION_STRATEGY_MODERATE\nSIZING_OPTIMIZATION_STRATEGY_AGGRESSIVE","description_kind":"plain","optional":true},"target_product":{"type":"string","description":"Target product for assets using this preference set. Specify either target product or business goal, but not both. \n Possible values:\n COMPUTE_MIGRATION_TARGET_PRODUCT_UNSPECIFIED\nCOMPUTE_MIGRATION_TARGET_PRODUCT_COMPUTE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_VMWARE_ENGINE\nCOMPUTE_MIGRATION_TARGET_PRODUCT_SOLE_TENANCY","description_kind":"plain","optional":true}},"block_types":{"compute_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"license_type":{"type":"string","description":"License type to consider when calculating costs for virtual machine insights and recommendations. If unspecified, costs are calculated based on the default licensing plan. \n Possible values:\n LICENSE_TYPE_UNSPECIFIED\nLICENSE_TYPE_DEFAULT\nLICENSE_TYPE_BRING_YOUR_OWN_LICENSE","description_kind":"plain","optional":true}},"block_types":{"machine_preferences":{"nesting_mode":"list","block":{"block_types":{"allowed_machine_series":{"nesting_mode":"list","block":{"attributes":{"code":{"type":"string","description":"Code to identify a Compute Engine machine series. Consult https://cloud.google.com/compute/docs/machine-resource#machine_type_comparison for more details on the available series.","description_kind":"plain","optional":true}},"description":"Compute Engine machine series to consider for insights and recommendations. If empty, no restriction is applied on the machine series.","description_kind":"plain"}}},"description":"The type of machines to consider when calculating virtual machine migration insights and recommendations. Not all machine types are available in all zones and regions.","description_kind":"plain"},"max_items":1}},"description":"The user preferences relating to Compute Engine target platform.","description_kind":"plain"},"max_items":1},"region_preferences":{"nesting_mode":"list","block":{"attributes":{"preferred_regions":{"type":["list","string"],"description":"A list of preferred regions, ordered by the most preferred region first. Set only valid Google Cloud region names. See https://cloud.google.com/compute/docs/regions-zones for available regions.","description_kind":"plain","optional":true}},"description":"The user preferences relating to target regions.","description_kind":"plain"},"max_items":1},"sole_tenancy_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR\nCOMMITMENT_3_YEAR","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 2.0 inclusive.","description_kind":"plain","optional":true},"host_maintenance_policy":{"type":"string","description":"Sole Tenancy nodes maintenance policy. \n Possible values:\n HOST_MAINTENANCE_POLICY_UNSPECIFIED\nHOST_MAINTENANCE_POLICY_DEFAULT\nHOST_MAINTENANCE_POLICY_RESTART_IN_PLACE\nHOST_MAINTENANCE_POLICY_MIGRATE_WITHIN_NODE_GROUP","description_kind":"plain","optional":true}},"block_types":{"node_types":{"nesting_mode":"list","block":{"attributes":{"node_name":{"type":"string","description":"Name of the Sole Tenant node. Consult https://cloud.google.com/compute/docs/nodes/sole-tenant-nodes","description_kind":"plain","optional":true}},"description":"A list of sole tenant node types. An empty list means that all possible node types will be considered.","description_kind":"plain"}}},"description":"Preferences concerning Sole Tenancy nodes and VMs.","description_kind":"plain"},"max_items":1},"vmware_engine_preferences":{"nesting_mode":"list","block":{"attributes":{"commitment_plan":{"type":"string","description":"Commitment plan to consider when calculating costs for virtual machine insights and recommendations. If you are unsure which value to set, a 3 year commitment plan is often a good value to start with. \n Possible values:\n COMMITMENT_PLAN_UNSPECIFIED\nON_DEMAND\nCOMMITMENT_1_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_3_YEAR_MONTHLY_PAYMENTS\nCOMMITMENT_1_YEAR_UPFRONT_PAYMENT\nCOMMITMENT_3_YEAR_UPFRONT_PAYMENT","description_kind":"plain","optional":true},"cpu_overcommit_ratio":{"type":"number","description":"CPU overcommit ratio. Acceptable values are between 1.0 and 8.0, with 0.1 increment.","description_kind":"plain","optional":true},"memory_overcommit_ratio":{"type":"number","description":"Memory overcommit ratio. Acceptable values are 1.0, 1.25, 1.5, 1.75 and 2.0.","description_kind":"plain","optional":true},"storage_deduplication_compression_ratio":{"type":"number","description":"The Deduplication and Compression ratio is based on the logical (Used Before) space required to store data before applying deduplication and compression, in relation to the physical (Used After) space required after applying deduplication and compression. Specifically, the ratio is the Used Before space divided by the Used After space. For example, if the Used Before space is 3 GB, but the physical Used After space is 1 GB, the deduplication and compression ratio is 3x. Acceptable values are between 1.0 and 4.0.","description_kind":"plain","optional":true}},"description":"The user preferences relating to Google Cloud VMware Engine target platform.","description_kind":"plain"},"max_items":1}},"description":"VirtualMachinePreferences enables you to create sets of assumptions, for example, a geographical location and pricing track, for your migrated virtual machines. The set of preferences influence recommendations for migrating virtual machine assets.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_ml_engine_model":{"version":1,"block":{"attributes":{"description":{"type":"string","description":"The description specified for the model when it was created.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"One or more labels that you can add, to organize your models.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the model.","description_kind":"plain","required":true},"online_prediction_console_logging":{"type":"bool","description":"If true, online prediction nodes send stderr and stdout streams to Stackdriver Logging","description_kind":"plain","optional":true},"online_prediction_logging":{"type":"bool","description":"If true, online prediction access logs are sent to StackDriver Logging.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"regions":{"type":["list","string"],"description":"The list of regions where the model is going to be deployed.\nCurrently only one region per model is supported","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"default_version":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name specified for the version when it was created.","description_kind":"plain","required":true}},"description":"The default version of the model. This version will be used to handle\nprediction requests that do not specify a version.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_alert_policy":{"version":0,"block":{"attributes":{"combiner":{"type":"string","description":"How to combine the results of multiple conditions to\ndetermine if an incident should be opened. Possible values: [\"AND\", \"OR\", \"AND_WITH_MATCHING_RESOURCE\"]","description_kind":"plain","required":true},"creation_record":{"type":["list",["object",{"mutate_time":"string","mutated_by":"string"}]],"description":"A read-only record of the creation of the alerting policy.\nIf provided in a call to create or update, this field will\nbe ignored.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"A short name or phrase used to identify the policy in\ndashboards, notifications, and incidents. To avoid confusion, don't use\nthe same display name for multiple policies in the same project. The\nname is limited to 512 Unicode characters.","description_kind":"plain","required":true},"enabled":{"type":"bool","description":"Whether or not the policy is enabled. The default is true.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The unique resource name for this policy.\nIts syntax is: projects/[PROJECT_ID]/alertPolicies/[ALERT_POLICY_ID]","description_kind":"plain","computed":true},"notification_channels":{"type":["list","string"],"description":"Identifies the notification channels to which notifications should be\nsent when incidents are opened or closed or when new violations occur\non an already opened incident. Each element of this array corresponds\nto the name field in each of the NotificationChannel objects that are\nreturned from the notificationChannels.list method. The syntax of the\nentries in this field is\n'projects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"severity":{"type":"string","description":"The severity of an alert policy indicates how important incidents generated\nby that policy are. The severity level will be displayed on the Incident\ndetail page and in notifications. Possible values: [\"CRITICAL\", \"ERROR\", \"WARNING\"]","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"alert_strategy":{"nesting_mode":"list","block":{"attributes":{"auto_close":{"type":"string","description":"If an alert policy that was active has no data for this long, any open incidents will close.","description_kind":"plain","optional":true}},"block_types":{"notification_channel_strategy":{"nesting_mode":"list","block":{"attributes":{"notification_channel_names":{"type":["list","string"],"description":"The notification channels that these settings apply to. Each of these\ncorrespond to the name field in one of the NotificationChannel objects\nreferenced in the notification_channels field of this AlertPolicy. The format is\n'projects/[PROJECT_ID_OR_NUMBER]/notificationChannels/[CHANNEL_ID]'","description_kind":"plain","optional":true},"renotify_interval":{"type":"string","description":"The frequency at which to send reminder notifications for open incidents.","description_kind":"plain","optional":true}},"description":"Control over how the notification channels in 'notification_channels'\nare notified when this alert fires, on a per-channel basis.","description_kind":"plain"}},"notification_rate_limit":{"nesting_mode":"list","block":{"attributes":{"period":{"type":"string","description":"Not more than one notification per period.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example \"60.5s\".","description_kind":"plain","optional":true}},"description":"Required for alert policies with a LogMatch condition.\nThis limit is not implemented for alert policies that are not log-based.","description_kind":"plain"},"max_items":1}},"description":"Control over how this alert policy's notification channels are notified.","description_kind":"plain"},"max_items":1},"conditions":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"A short name or phrase used to identify the\ncondition in dashboards, notifications, and\nincidents. To avoid confusion, don't use the same\ndisplay name for multiple conditions in the same\npolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The unique resource name for this condition.\nIts syntax is:\nprojects/[PROJECT_ID]/alertPolicies/[POLICY_ID]/conditions/[CONDITION_ID]\n[CONDITION_ID] is assigned by Stackdriver Monitoring when\nthe condition is created as part of a new or updated alerting\npolicy.","description_kind":"plain","computed":true}},"block_types":{"condition_absent":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nfail to report new data to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g. 60s, 120s, or 300s\n--are supported.","description_kind":"plain","required":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.","description_kind":"plain"}},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations.","description_kind":"plain"},"max_items":1}},"description":"A condition that checks that a time series\ncontinues to receive new data points.","description_kind":"plain"},"max_items":1},"condition_matched_log":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"A logs-based filter.","description_kind":"plain","required":true},"label_extractors":{"type":["map","string"],"description":"A map from a label key to an extractor expression, which is used to\nextract the value for this label key. Each entry in this map is\na specification for how data should be extracted from log entries that\nmatch filter. Each combination of extracted values is treated as\na separate rule for the purposes of triggering notifications.\nLabel keys and corresponding values can be used in notifications\ngenerated by this condition.","description_kind":"plain","optional":true}},"description":"A condition that checks for log messages matching given constraints.\nIf set, no other conditions can be present.","description_kind":"plain"},"max_items":1},"condition_monitoring_query_language":{"nesting_mode":"list","block":{"attributes":{"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"query":{"type":"string","description":"Monitoring Query Language query that outputs a boolean stream.","description_kind":"plain","required":true}},"block_types":{"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A Monitoring Query Language query that outputs a boolean stream","description_kind":"plain"},"max_items":1},"condition_prometheus_query_language":{"nesting_mode":"list","block":{"attributes":{"alert_rule":{"type":"string","description":"The alerting rule name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future.\n\nThis field is optional. If this field is not empty, then it must be a\nvalid Prometheus label name.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Alerts are considered firing once their PromQL expression evaluated\nto be \"true\" for this long. Alerts whose PromQL expression was not\nevaluated to be \"true\" for long enough are considered pending. The\ndefault value is zero. Must be zero or positive.","description_kind":"plain","optional":true},"evaluation_interval":{"type":"string","description":"How often this rule should be evaluated. Must be a positive multiple\nof 30 seconds or missing. The default value is 30 seconds. If this\nPrometheusQueryLanguageCondition was generated from a Prometheus\nalerting rule, then this value should be taken from the enclosing\nrule group.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to add to or overwrite in the PromQL query result. Label names\nmust be valid.\n\nLabel values can be templatized by using variables. The only available\nvariable names are the names of the labels in the PromQL result, including\n\"__name__\" and \"value\". \"labels\" may be empty. This field is intended to be\nused for organizing and identifying the AlertPolicy","description_kind":"plain","optional":true},"query":{"type":"string","description":"The PromQL expression to evaluate. Every evaluation cycle this\nexpression is evaluated at the current time, and all resultant time\nseries become pending/firing alerts. This field must not be empty.","description_kind":"plain","required":true},"rule_group":{"type":"string","description":"The rule group name of this alert in the corresponding Prometheus\nconfiguration file.\n\nSome external tools may require this field to be populated correctly\nin order to refer to the original Prometheus configuration file.\nThe rule group name and the alert name are necessary to update the\nrelevant AlertPolicies in case the definition of the rule group changes\nin the future. This field is optional.","description_kind":"plain","optional":true}},"description":"A condition type that allows alert policies to be defined using\nPrometheus Query Language (PromQL).\n\nThe PrometheusQueryLanguageCondition message contains information\nfrom a Prometheus alerting rule and its associated rule group.","description_kind":"plain"},"max_items":1},"condition_threshold":{"nesting_mode":"list","block":{"attributes":{"comparison":{"type":"string","description":"The comparison to apply between the time\nseries (indicated by filter and aggregation)\nand the threshold (indicated by\nthreshold_value). The comparison is applied\non each time series, with the time series on\nthe left-hand side and the threshold on the\nright-hand side. Only COMPARISON_LT and\nCOMPARISON_GT are supported currently. Possible values: [\"COMPARISON_GT\", \"COMPARISON_GE\", \"COMPARISON_LT\", \"COMPARISON_LE\", \"COMPARISON_EQ\", \"COMPARISON_NE\"]","description_kind":"plain","required":true},"denominator_filter":{"type":"string","description":"A filter that identifies a time series that\nshould be used as the denominator of a ratio\nthat will be compared with the threshold. If\na denominator_filter is specified, the time\nseries specified by the filter field will be\nused as the numerator.The filter is similar\nto the one that is specified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"The amount of time that a time series must\nviolate the threshold to be considered\nfailing. Currently, only values that are a\nmultiple of a minute--e.g., 0, 60, 120, or\n300 seconds--are supported. If an invalid\nvalue is given, an error will be returned.\nWhen choosing a duration, it is useful to\nkeep in mind the frequency of the underlying\ntime series data (which may also be affected\nby any alignments specified in the\naggregations field); a good duration is long\nenough so that a single outlier does not\ngenerate spurious alerts, but short enough\nthat unhealthy states are detected and\nalerted on quickly.","description_kind":"plain","required":true},"evaluation_missing_data":{"type":"string","description":"A condition control that determines how\nmetric-threshold conditions are evaluated when\ndata stops arriving. Possible values: [\"EVALUATION_MISSING_DATA_INACTIVE\", \"EVALUATION_MISSING_DATA_ACTIVE\", \"EVALUATION_MISSING_DATA_NO_OP\"]","description_kind":"plain","optional":true},"filter":{"type":"string","description":"A filter that identifies which time series\nshould be compared with the threshold.The\nfilter is similar to the one that is\nspecified in the\nMetricService.ListTimeSeries request (that\ncall is useful to verify the time series\nthat will be retrieved / processed) and must\nspecify the metric type and optionally may\ncontain restrictions on resource type,\nresource labels, and metric labels. This\nfield may not exceed 2048 Unicode characters\nin length.","description_kind":"plain","optional":true},"threshold_value":{"type":"number","description":"A value against which to compare the time\nseries.","description_kind":"plain","optional":true}},"block_types":{"aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series as well as how to\ncombine the retrieved time series together\n(such as when aggregating multiple streams\non each resource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).\nMultiple aggregations are applied in the\norder specified.This field is similar to the\none in the MetricService.ListTimeSeries\nrequest. It is advisable to use the\nListTimeSeries method when debugging this\nfield.","description_kind":"plain"}},"denominator_aggregations":{"nesting_mode":"list","block":{"attributes":{"alignment_period":{"type":"string","description":"The alignment period for per-time\nseries alignment. If present,\nalignmentPeriod must be at least\n60 seconds. After per-time series\nalignment, each time series will\ncontain data points only on the\nperiod boundaries. If\nperSeriesAligner is not specified\nor equals ALIGN_NONE, then this\nfield is ignored. If\nperSeriesAligner is specified and\ndoes not equal ALIGN_NONE, then\nthis field must be defined;\notherwise an error is returned.","description_kind":"plain","optional":true},"cross_series_reducer":{"type":"string","description":"The approach to be used to combine\ntime series. Not all reducer\nfunctions may be applied to all\ntime series, depending on the\nmetric type and the value type of\nthe original time series.\nReduction may change the metric\ntype of value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"REDUCE_NONE\", \"REDUCE_MEAN\", \"REDUCE_MIN\", \"REDUCE_MAX\", \"REDUCE_SUM\", \"REDUCE_STDDEV\", \"REDUCE_COUNT\", \"REDUCE_COUNT_TRUE\", \"REDUCE_COUNT_FALSE\", \"REDUCE_FRACTION_TRUE\", \"REDUCE_PERCENTILE_99\", \"REDUCE_PERCENTILE_95\", \"REDUCE_PERCENTILE_50\", \"REDUCE_PERCENTILE_05\"]","description_kind":"plain","optional":true},"group_by_fields":{"type":["list","string"],"description":"The set of fields to preserve when\ncrossSeriesReducer is specified.\nThe groupByFields determine how\nthe time series are partitioned\ninto subsets prior to applying the\naggregation function. Each subset\ncontains time series that have the\nsame value for each of the\ngrouping fields. Each individual\ntime series is a member of exactly\none subset. The crossSeriesReducer\nis applied to each subset of time\nseries. It is not possible to\nreduce across different resource\ntypes, so this field implicitly\ncontains resource.type. Fields not\nspecified in groupByFields are\naggregated away. If groupByFields\nis not specified and all the time\nseries have the same resource\ntype, then the time series are\naggregated into a single output\ntime series. If crossSeriesReducer\nis not defined, this field is\nignored.","description_kind":"plain","optional":true},"per_series_aligner":{"type":"string","description":"The approach to be used to align\nindividual time series. Not all\nalignment functions may be applied\nto all time series, depending on\nthe metric type and value type of\nthe original time series.\nAlignment may change the metric\ntype or the value type of the time\nseries.Time series data must be\naligned in order to perform cross-\ntime series reduction. If\ncrossSeriesReducer is specified,\nthen perSeriesAligner must be\nspecified and not equal ALIGN_NONE\nand alignmentPeriod must be\nspecified; otherwise, an error is\nreturned. Possible values: [\"ALIGN_NONE\", \"ALIGN_DELTA\", \"ALIGN_RATE\", \"ALIGN_INTERPOLATE\", \"ALIGN_NEXT_OLDER\", \"ALIGN_MIN\", \"ALIGN_MAX\", \"ALIGN_MEAN\", \"ALIGN_COUNT\", \"ALIGN_SUM\", \"ALIGN_STDDEV\", \"ALIGN_COUNT_TRUE\", \"ALIGN_COUNT_FALSE\", \"ALIGN_FRACTION_TRUE\", \"ALIGN_PERCENTILE_99\", \"ALIGN_PERCENTILE_95\", \"ALIGN_PERCENTILE_50\", \"ALIGN_PERCENTILE_05\", \"ALIGN_PERCENT_CHANGE\"]","description_kind":"plain","optional":true}},"description":"Specifies the alignment of data points in\nindividual time series selected by\ndenominatorFilter as well as how to combine\nthe retrieved time series together (such as\nwhen aggregating multiple streams on each\nresource to a single stream for each\nresource or when aggregating streams across\nall members of a group of resources).When\ncomputing ratios, the aggregations and\ndenominator_aggregations fields must use the\nsame alignment period and produce time\nseries that have the same periodicity and\nlabels.This field is similar to the one in\nthe MetricService.ListTimeSeries request. It\nis advisable to use the ListTimeSeries\nmethod when debugging this field.","description_kind":"plain"}},"forecast_options":{"nesting_mode":"list","block":{"attributes":{"forecast_horizon":{"type":"string","description":"The length of time into the future to forecast\nwhether a timeseries will violate the threshold.\nIf the predicted value is found to violate the\nthreshold, and the violation is observed in all\nforecasts made for the Configured 'duration',\nthen the timeseries is considered to be failing.","description_kind":"plain","required":true}},"description":"When this field is present, the 'MetricThreshold'\ncondition forecasts whether the time series is\npredicted to violate the threshold within the\n'forecastHorizon'. When this field is not set, the\n'MetricThreshold' tests the current value of the\ntimeseries against the threshold.","description_kind":"plain"},"max_items":1},"trigger":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The absolute number of time series\nthat must fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"The percentage of time series that\nmust fail the predicate for the\ncondition to be triggered.","description_kind":"plain","optional":true}},"description":"The number/percent of time series for which\nthe comparison must hold in order for the\ncondition to trigger. If unspecified, then\nthe condition will trigger if the comparison\nis true for any of the time series that have\nbeen identified by filter and aggregations,\nor by the ratio, if denominator_filter and\ndenominator_aggregations are specified.","description_kind":"plain"},"max_items":1}},"description":"A condition that compares a time series against a\nthreshold.","description_kind":"plain"},"max_items":1}},"description":"A list of conditions for the policy. The conditions are combined by\nAND or OR according to the combiner field. If the combined conditions\nevaluate to true, then an incident is created. A policy can have from\none to six conditions.","description_kind":"plain"},"min_items":1},"documentation":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"The text of the documentation, interpreted according to mimeType.\nThe content may not exceed 8,192 Unicode characters and may not\nexceed more than 10,240 bytes when encoded in UTF-8 format,\nwhichever is smaller.","description_kind":"plain","optional":true},"mime_type":{"type":"string","description":"The format of the content field. Presently, only the value\n\"text/markdown\" is supported.","description_kind":"plain","optional":true},"subject":{"type":"string","description":"The subject line of the notification. The subject line may not\nexceed 10,240 bytes. In notifications generated by this policy the contents\nof the subject line after variable expansion will be truncated to 255 bytes\nor shorter at the latest UTF-8 character boundary.","description_kind":"plain","optional":true}},"description":"Documentation that is included with notifications and incidents related\nto this policy. Best practice is for the documentation to include information\nto help responders understand, mitigate, escalate, and correct the underlying\nproblems detected by the alerting policy. Notification channels that have\nlimited capacity might not show this documentation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_custom_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"telemetry":{"nesting_mode":"list","block":{"attributes":{"resource_name":{"type":"string","description":"The full name of the resource that defines this service.\nFormatted as described in\nhttps://cloud.google.com/apis/design/resource_names.","description_kind":"plain","optional":true}},"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_dashboard":{"version":0,"block":{"attributes":{"dashboard_json":{"type":"string","description":"The JSON representation of a dashboard, following the format at https://cloud.google.com/monitoring/api/ref_v3/rest/v1/projects.dashboards.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_group":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"A user-assigned name for this group, used only for display\npurposes.","description_kind":"plain","required":true},"filter":{"type":"string","description":"The filter used to determine which monitored resources\nbelong to this group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_cluster":{"type":"bool","description":"If true, the members of this group are considered to be a\ncluster. The system can perform additional analysis on\ngroups that are clusters.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for this group. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\".","description_kind":"plain","computed":true},"parent_name":{"type":"string","description":"The name of the group's parent, if it has one. The format is\n\"projects/{project_id_or_number}/groups/{group_id}\". For\ngroups with no parent, parentName is the empty string, \"\".","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_metric_descriptor":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A detailed description of the metric, which can be used in documentation.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"A concise name for the metric, which can be displayed in user interfaces. Use sentence case without an ending period, for example \"Request count\".","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"launch_stage":{"type":"string","description":"The launch stage of the metric definition. Possible values: [\"LAUNCH_STAGE_UNSPECIFIED\", \"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","optional":true},"metric_kind":{"type":"string","description":"Whether the metric records instantaneous values, changes to a value, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"METRIC_KIND_UNSPECIFIED\", \"GAUGE\", \"DELTA\", \"CUMULATIVE\"]","description_kind":"plain","required":true},"monitored_resource_types":{"type":["set","string"],"description":"If present, then a time series, which is identified partially by a metric type and a MonitoredResourceDescriptor, that is associated with this metric type can only be associated with one of the monitored resource types listed here. This field allows time series to be associated with the intersection of this metric type and the monitored resource types in this list.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the metric descriptor.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The metric type, including its DNS name prefix. The type is not URL-encoded. All service defined metrics must be prefixed with the service name, in the format of {service name}/{relative metric name}, such as cloudsql.googleapis.com/database/cpu/utilization. The relative metric name must have only upper and lower-case letters, digits, '/' and underscores '_' are allowed. Additionally, the maximum number of characters allowed for the relative_metric_name is 100. All user-defined metric types have the DNS name custom.googleapis.com, external.googleapis.com, or logging.googleapis.com/user/.","description_kind":"plain","required":true},"unit":{"type":"string","description":"The units in which the metric value is reported. It is only applicable if the\nvalueType is INT64, DOUBLE, or DISTRIBUTION. The unit defines the representation of\nthe stored metric values.\n\nDifferent systems may scale the values to be more easily displayed (so a value of\n0.02KBy might be displayed as 20By, and a value of 3523KBy might be displayed as\n3.5MBy). However, if the unit is KBy, then the value of the metric is always in\nthousands of bytes, no matter how it may be displayed.\n\nIf you want a custom metric to record the exact number of CPU-seconds used by a job,\nyou can create an INT64 CUMULATIVE metric whose unit is s{CPU} (or equivalently\n1s{CPU} or just s). If the job uses 12,005 CPU-seconds, then the value is written as\n12005.\n\nAlternatively, if you want a custom metric to record data in a more granular way, you\ncan create a DOUBLE CUMULATIVE metric whose unit is ks{CPU}, and then write the value\n12.005 (which is 12005/1000), or use Kis{CPU} and write 11.723 (which is 12005/1024).\nThe supported units are a subset of The Unified Code for Units of Measure standard.\nMore info can be found in the API documentation\n(https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.metricDescriptors).","description_kind":"plain","optional":true},"value_type":{"type":"string","description":"Whether the measurement is an integer, a floating-point number, etc. Some combinations of metricKind and valueType might not be supported. Possible values: [\"BOOL\", \"INT64\", \"DOUBLE\", \"STRING\", \"DISTRIBUTION\"]","description_kind":"plain","required":true}},"block_types":{"labels":{"nesting_mode":"set","block":{"attributes":{"description":{"type":"string","description":"A human-readable description for the label.","description_kind":"plain","optional":true},"key":{"type":"string","description":"The key for this label. The key must not exceed 100 characters. The first character of the key must be an upper- or lower-case letter, the remaining characters must be letters, digits or underscores, and the key must match the regular expression [a-zA-Z][a-zA-Z0-9_]*","description_kind":"plain","required":true},"value_type":{"type":"string","description":"The type of data that can be assigned to the label. Default value: \"STRING\" Possible values: [\"STRING\", \"BOOL\", \"INT64\"]","description_kind":"plain","optional":true}},"description":"The set of labels that can be used to describe a specific instance of this metric type. In order to delete a label, the entire resource must be deleted, then created with the desired labels.","description_kind":"plain"}},"metadata":{"nesting_mode":"list","block":{"attributes":{"ingest_delay":{"type":"string","description":"The delay of data points caused by ingestion. Data points older than this age are guaranteed to be ingested and available to be read, excluding data loss due to errors. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true},"sample_period":{"type":"string","description":"The sampling period of metric data points. For metrics which are written periodically, consecutive data points are stored at this time interval, excluding data loss due to errors. Metrics with a higher granularity have a smaller sampling period. In '[duration format](https://developers.google.com/protocol-buffers/docs/reference/google.protobuf?\u0026_ga=2.264881487.1507873253.1593446723-935052455.1591817775#google.protobuf.Duration)'.","description_kind":"plain","optional":true}},"description":"Metadata which can be used to guide usage of the metric.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_monitored_project":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when this 'MonitoredProject' was created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"metrics_scope":{"type":"string","description":"Required. The resource name of the existing Metrics Scope that will monitor this project. Example: locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The resource name of the 'MonitoredProject'. On input, the resource name includes the scoping project ID and monitored project ID. On output, it contains the equivalent project numbers. Example: 'locations/global/metricsScopes/{SCOPING_PROJECT_ID_OR_NUMBER}/projects/{MONITORED_PROJECT_ID_OR_NUMBER}'","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","optional":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","required":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"block_types":{"sensitive_labels":{"nesting_mode":"list","block":{"attributes":{"auth_token":{"type":"string","description":"An authorization token for a notification channel. Channel types that support this field include: slack","description_kind":"plain","optional":true,"sensitive":true},"password":{"type":"string","description":"An password for a notification channel. Channel types that support this field include: webhook_basicauth","description_kind":"plain","optional":true,"sensitive":true},"service_key":{"type":"string","description":"An servicekey token for a notification channel. Channel types that support this field include: pagerduty","description_kind":"plain","optional":true,"sensitive":true}},"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","optional":true}},"block_types":{"basic_service":{"nesting_mode":"list","block":{"attributes":{"service_labels":{"type":["map","string"],"description":"Labels that specify the resource that emits the monitoring data\nwhich is used for SLO reporting of this 'Service'.","description_kind":"plain","optional":true},"service_type":{"type":"string","description":"The type of service that this basic service defines, e.g.\nAPP_ENGINE service type","description_kind":"plain","optional":true}},"description":"A well-known service type, defined by its service type and service labels.\nValid values of service types and services labels are described at\nhttps://cloud.google.com/stackdriver/docs/solutions/slo-monitoring/api/api-structures#basic-svc-w-basic-sli","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_monitoring_slo":{"version":0,"block":{"attributes":{"calendar_period":{"type":"string","description":"A calendar period, semantically \"since the start of the current\n\u003ccalendarPeriod\u003e\". Possible values: [\"DAY\", \"WEEK\", \"FORTNIGHT\", \"MONTH\"]","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Name used for UI elements listing this SLO.","description_kind":"plain","optional":true},"goal":{"type":"number","description":"The fraction of service that must be good in order for this objective\nto be met. 0 \u003c goal \u003c= 0.999","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID_OR_NUMBER]/services/[SERVICE_ID]/serviceLevelObjectives/[SLO_NAME]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"rolling_period_days":{"type":"number","description":"A rolling time period, semantically \"in the past X days\".\nMust be between 1 to 30 days, inclusive.","description_kind":"plain","optional":true},"service":{"type":"string","description":"ID of the service to which this SLO belongs.","description_kind":"plain","required":true},"slo_id":{"type":"string","description":"The id to use for this ServiceLevelObjective. If omitted, an id will be generated instead.","description_kind":"plain","optional":true,"computed":true},"user_labels":{"type":["map","string"],"description":"This field is intended to be used for organizing and identifying the AlertPolicy\nobjects.The field can contain up to 64 entries. Each key and value is limited\nto 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values\ncan contain only lowercase letters, numerals, underscores, and dashes. Keys\nmust begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"basic_sli":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic Service-Level Indicator (SLI) on a well-known service type.\nPerformance will be computed on the basis of pre-defined metrics.\n\nSLIs are used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"request_based_sli":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided.\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service.\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.\n\nExactly two of 'good_service_filter','bad_service_filter','total_service_filter'\nmust be set (good + bad = total is assumed).","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.\n\nExactly one of 'distribution_cut' or 'good_total_ratio' can be set.","description_kind":"plain"},"max_items":1}},"description":"A request-based SLI defines a SLI for which atomic units of\nservice are counted directly.\n\nA SLI describes a good service.\nIt is used to measure and calculate the quality of the Service's\nperformance with respect to a single aspect of service quality.\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"windows_based_sli":{"nesting_mode":"list","block":{"attributes":{"good_bad_metric_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nwith ValueType = BOOL. The window is good if any true values\nappear in the window. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain","optional":true},"window_period":{"type":"string","description":"Duration over which window quality is evaluated, given as a\nduration string \"{X}s\" representing X seconds. Must be an\ninteger fraction of a day and at least 60s.","description_kind":"plain","optional":true}},"block_types":{"good_total_ratio_threshold":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"number","description":"If window performance \u003e= threshold, the window is counted\nas good.","description_kind":"plain","optional":true}},"block_types":{"basic_sli_performance":{"nesting_mode":"list","block":{"attributes":{"location":{"type":["set","string"],"description":"An optional set of locations to which this SLI is relevant.\nTelemetry from other locations will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nlocations in which the Service has activity. For service types\nthat don't support breaking down by location, setting this\nfield will result in an error.","description_kind":"plain","optional":true},"method":{"type":["set","string"],"description":"An optional set of RPCs to which this SLI is relevant.\nTelemetry from other methods will not be used to calculate\nperformance for this SLI. If omitted, this SLI applies to all\nthe Service's methods. For service types that don't support\nbreaking down by method, setting this field will result in an\nerror.","description_kind":"plain","optional":true},"version":{"type":["set","string"],"description":"The set of API versions to which this SLI is relevant.\nTelemetry from other API versions will not be used to\ncalculate performance for this SLI. If omitted,\nthis SLI applies to all API versions. For service types\nthat don't support breaking down by version, setting this\nfield will result in an error.","description_kind":"plain","optional":true}},"block_types":{"availability":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Whether an availability SLI is enabled or not. Must be set to 'true. Defaults to 'true'.","description_kind":"plain","optional":true}},"description":"Availability based SLI, dervied from count of requests made to this service that return successfully.","description_kind":"plain"},"max_items":1},"latency":{"nesting_mode":"list","block":{"attributes":{"threshold":{"type":"string","description":"A duration string, e.g. 10s.\nGood service is defined to be the count of requests made to\nthis service that return in no more than threshold.","description_kind":"plain","required":true}},"description":"Parameters for a latency threshold SLI.","description_kind":"plain"},"max_items":1}},"description":"Basic SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1},"performance":{"nesting_mode":"list","block":{"block_types":{"distribution_cut":{"nesting_mode":"list","block":{"attributes":{"distribution_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\naggregating values to quantify the good service provided.\n\nMust have ValueType = DISTRIBUTION and\nMetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to 0","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Used when good_service is defined by a count of values aggregated in a\nDistribution that fall into a good range. The total_service is the\ntotal count of all values aggregated in the Distribution.\nDefines a distribution TimeSeries filter and thresholds used for\nmeasuring good service and total service.","description_kind":"plain"},"max_items":1},"good_total_ratio":{"nesting_mode":"list","block":{"attributes":{"bad_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying bad service provided, either demanded service that\nwas not provided or demanded service that was of inadequate\nquality. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"good_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying good service provided. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true},"total_service_filter":{"type":"string","description":"A TimeSeries [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nquantifying total demanded service. Exactly two of\ngood, bad, or total service filter must be defined (where\ngood + bad = total is assumed)\n\nMust have ValueType = DOUBLE or ValueType = INT64 and\nmust have MetricKind = DELTA or MetricKind = CUMULATIVE.","description_kind":"plain","optional":true}},"description":"A means to compute a ratio of 'good_service' to 'total_service'.\nDefines computing this ratio with two TimeSeries [monitoring filters](https://cloud.google.com/monitoring/api/v3/filters)\nMust specify exactly two of good, bad, and total service filters.\nThe relationship good_service + bad_service = total_service\nwill be assumed.","description_kind":"plain"},"max_items":1}},"description":"Request-based SLI to evaluate to judge window quality.","description_kind":"plain"},"max_items":1}},"description":"Criterion that describes a window as good if its performance is\nhigh enough. One of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1},"metric_mean_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nThe provided TimeSeries must have ValueType = INT64 or\nValueType = DOUBLE and MetricKind = GAUGE. Mean value 'X'\nshould satisfy 'range.min \u003c= X \u003c= range.max'\nunder good service.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Mean value 'X' of 'time_series'\nvalues should satisfy 'range.min \u003c= X \u003c= range.max' for a\ngood service.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *averaged* across returned streams.\nOne of 'good_bad_metric_filter',\n\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.\nAverage value X of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"max_items":1},"metric_sum_in_range":{"nesting_mode":"list","block":{"attributes":{"time_series":{"type":"string","description":"A [monitoring filter](https://cloud.google.com/monitoring/api/v3/filters)\nspecifying the TimeSeries to use for evaluating window\nquality. The provided TimeSeries must have\nValueType = INT64 or ValueType = DOUBLE and\nMetricKind = GAUGE.\n\nSummed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain","required":true}},"block_types":{"range":{"nesting_mode":"list","block":{"attributes":{"max":{"type":"number","description":"max value for the range (inclusive). If not given,\nwill be set to \"infinity\", defining an open range\n\"\u003e= range.min\"","description_kind":"plain","optional":true},"min":{"type":"number","description":"Min value for the range (inclusive). If not given,\nwill be set to \"-infinity\", defining an open range\n\"\u003c range.max\"","description_kind":"plain","optional":true}},"description":"Range of numerical values. The computed good_service\nwill be the count of values x in the Distribution such\nthat range.min \u003c= x \u003c= range.max. inclusive of min and\nmax. Open ranges can be defined by setting\njust one of min or max. Summed value 'X' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Criterion that describes a window as good if the metric's value\nis in a good range, *summed* across returned streams.\nSummed value 'X' of 'time_series' should satisfy\n'range.min \u003c= X \u003c= range.max' for a good window.\n\nOne of 'good_bad_metric_filter',\n'good_total_ratio_threshold', 'metric_mean_in_range',\n'metric_sum_in_range' must be set for 'windows_based_sli'.","description_kind":"plain"},"max_items":1}},"description":"A windows-based SLI defines the criteria for time windows.\ngood_service is defined based off the count of these time windows\nfor which the provided service was of good quality.\n\nA SLI describes a good service. It is used to measure and calculate\nthe quality of the Service's performance with respect to a single\naspect of service quality.\n\nExactly one of the following must be set:\n'basic_sli', 'request_based_sli', 'windows_based_sli'","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_monitoring_uptime_check_config":{"version":0,"block":{"attributes":{"checker_type":{"type":"string","description":"The checker type to use for the check. If the monitored resource type is 'servicedirectory_service', 'checker_type' must be set to 'VPC_CHECKERS'. Possible values: [\"STATIC_IP_CHECKERS\", \"VPC_CHECKERS\"]","description_kind":"plain","optional":true,"computed":true},"display_name":{"type":"string","description":"A human-friendly name for the uptime check configuration. The display name should be unique within a Stackdriver Workspace in order to make it easier to identify; however, uniqueness is not enforced.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A unique resource name for this UptimeCheckConfig. The format is 'projects/[PROJECT_ID]/uptimeCheckConfigs/[UPTIME_CHECK_ID]'.","description_kind":"plain","computed":true},"period":{"type":"string","description":"How often, in seconds, the uptime check is performed. Currently, the only supported values are 60s (1 minute), 300s (5 minutes), 600s (10 minutes), and 900s (15 minutes). Optional, defaults to 300s.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"selected_regions":{"type":["list","string"],"description":"The list of regions from which the check will be run. Some regions contain one location, and others contain more than one. If this field is specified, enough regions to include a minimum of 3 locations must be provided, or an error message is returned. Not specifying this field will result in uptime checks running from all regions.","description_kind":"plain","optional":true},"timeout":{"type":"string","description":"The maximum amount of time to wait for the request to complete (must be between 1 and 60 seconds). [See the accepted formats]( https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#google.protobuf.Duration)","description_kind":"plain","required":true},"uptime_check_id":{"type":"string","description":"The id of the uptime check","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data to be used for organizing and identifying the 'UptimeCheckConfig' objects. The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true}},"block_types":{"content_matchers":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"String or regex content to match (max 1024 bytes)","description_kind":"plain","required":true},"matcher":{"type":"string","description":"The type of content matcher that will be applied to the server output, compared to the content string when the check is run. Default value: \"CONTAINS_STRING\" Possible values: [\"CONTAINS_STRING\", \"NOT_CONTAINS_STRING\", \"MATCHES_REGEX\", \"NOT_MATCHES_REGEX\", \"MATCHES_JSON_PATH\", \"NOT_MATCHES_JSON_PATH\"]","description_kind":"plain","optional":true}},"block_types":{"json_path_matcher":{"nesting_mode":"list","block":{"attributes":{"json_matcher":{"type":"string","description":"Options to perform JSONPath content matching. Default value: \"EXACT_MATCH\" Possible values: [\"EXACT_MATCH\", \"REGEX_MATCH\"]","description_kind":"plain","optional":true},"json_path":{"type":"string","description":"JSONPath within the response output pointing to the expected 'ContentMatcher::content' to match against.","description_kind":"plain","required":true}},"description":"Information needed to perform a JSONPath content match. Used for 'ContentMatcherOption::MATCHES_JSON_PATH' and 'ContentMatcherOption::NOT_MATCHES_JSON_PATH'.","description_kind":"plain"},"max_items":1}},"description":"The expected content on the page the check is run against. Currently, only the first entry in the list is supported, and other entries will be ignored. The server will look for an exact match of the string in the page response's content. This field is optional and should only be specified if a content match is required.","description_kind":"plain"}},"http_check":{"nesting_mode":"list","block":{"attributes":{"body":{"type":"string","description":"The request body associated with the HTTP POST request. If 'content_type' is 'URL_ENCODED', the body passed in must be URL-encoded. Users can provide a 'Content-Length' header via the 'headers' field or the API will do so. If the 'request_method' is 'GET' and 'body' is not empty, the API will return an error. The maximum byte size is 1 megabyte. Note - As with all bytes fields JSON representations are base64 encoded. e.g. 'foo=bar' in URL-encoded form is 'foo%3Dbar' and in base64 encoding is 'Zm9vJTI1M0RiYXI='.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"The content type to use for the check. Possible values: [\"TYPE_UNSPECIFIED\", \"URL_ENCODED\", \"USER_PROVIDED\"]","description_kind":"plain","optional":true},"custom_content_type":{"type":"string","description":"A user provided content type header to use for the check. The invalid configurations outlined in the 'content_type' field apply to custom_content_type', as well as the following 1. 'content_type' is 'URL_ENCODED' and 'custom_content_type' is set. 2. 'content_type' is 'USER_PROVIDED' and 'custom_content_type' is not set.","description_kind":"plain","optional":true},"headers":{"type":["map","string"],"description":"The list of headers to send as part of the uptime check request. If two headers have the same key and different values, they should be entered as a single header, with the value being a comma-separated list of all the desired values as described in [RFC 2616 (page 31)](https://www.w3.org/Protocols/rfc2616/rfc2616.txt). Entering two separate headers with the same key in a Create call will cause the first to be overwritten by the second. The maximum number of headers allowed is 100.","description_kind":"plain","optional":true,"computed":true},"mask_headers":{"type":"bool","description":"Boolean specifying whether to encrypt the header information. Encryption should be specified for any headers related to authentication that you do not wish to be seen when retrieving the configuration. The server will be responsible for encrypting the headers. On Get/List calls, if 'mask_headers' is set to 'true' then the headers will be obscured with '******'.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The path to the page to run the check against. Will be combined with the host (specified within the MonitoredResource) and port to construct the full URL. If the provided path does not begin with '/', a '/' will be prepended automatically. Optional (defaults to '/').","description_kind":"plain","optional":true},"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with 'host' (specified within the ['monitored_resource'](#nested_monitored_resource)) and path to construct the full URL. Optional (defaults to 80 without SSL, or 443 with SSL).","description_kind":"plain","optional":true,"computed":true},"request_method":{"type":"string","description":"The HTTP request method to use for the check. If set to 'METHOD_UNSPECIFIED' then 'request_method' defaults to 'GET'. Default value: \"GET\" Possible values: [\"METHOD_UNSPECIFIED\", \"GET\", \"POST\"]","description_kind":"plain","optional":true},"use_ssl":{"type":"bool","description":"If true, use HTTPS instead of HTTP to run the check.","description_kind":"plain","optional":true},"validate_ssl":{"type":"bool","description":"Boolean specifying whether to include SSL certificate validation as a part of the Uptime check. Only applies to checks where 'monitored_resource' is set to 'uptime_url'. If 'use_ssl' is 'false', setting 'validate_ssl' to 'true' has no effect.","description_kind":"plain","optional":true}},"block_types":{"accepted_response_status_codes":{"nesting_mode":"list","block":{"attributes":{"status_class":{"type":"string","description":"A class of status codes to accept. Possible values: [\"STATUS_CLASS_1XX\", \"STATUS_CLASS_2XX\", \"STATUS_CLASS_3XX\", \"STATUS_CLASS_4XX\", \"STATUS_CLASS_5XX\", \"STATUS_CLASS_ANY\"]","description_kind":"plain","optional":true},"status_value":{"type":"number","description":"A status code to accept.","description_kind":"plain","optional":true}},"description":"If present, the check will only pass if the HTTP response status code is in this set of status codes. If empty, the HTTP status code will only pass if the HTTP status code is 200-299.","description_kind":"plain"}},"auth_info":{"nesting_mode":"list","block":{"attributes":{"password":{"type":"string","description":"The password to authenticate.","description_kind":"plain","required":true,"sensitive":true},"username":{"type":"string","description":"The username to authenticate.","description_kind":"plain","required":true}},"description":"The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1},"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to an HTTP check.","description_kind":"plain"},"max_items":1},"service_agent_authentication":{"nesting_mode":"list","block":{"attributes":{"type":{"type":"string","description":"The type of authentication to use. Possible values: [\"SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED\", \"OIDC_TOKEN\"]","description_kind":"plain","optional":true}},"description":"The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make an HTTP or HTTPS check.","description_kind":"plain"},"max_items":1},"monitored_resource":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Values for all of the labels listed in the associated monitored resource descriptor. For example, Compute Engine VM instances use the labels 'project_id', 'instance_id', and 'zone'.","description_kind":"plain","required":true},"type":{"type":"string","description":"The monitored resource type. This field must match the type field of a ['MonitoredResourceDescriptor'](https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.monitoredResourceDescriptors#MonitoredResourceDescriptor) object. For example, the type of a Compute Engine VM instance is 'gce_instance'. For a list of types, see [Monitoring resource types](https://cloud.google.com/monitoring/api/resources) and [Logging resource types](https://cloud.google.com/logging/docs/api/v2/resource-list).","description_kind":"plain","required":true}},"description":"The [monitored resource]\n(https://cloud.google.com/monitoring/api/resources) associated with the\nconfiguration. The following monitored resource types are supported for\nuptime checks:\n* 'aws_ec2_instance'\n* 'aws_elb_load_balancer'\n* 'gae_app\n* 'gce_instance'\n* 'k8s_service'\n* 'servicedirectory_service'\n* 'uptime_url'","description_kind":"plain"},"max_items":1},"resource_group":{"nesting_mode":"list","block":{"attributes":{"group_id":{"type":"string","description":"The group of resources being monitored. Should be the 'name' of a group","description_kind":"plain","optional":true},"resource_type":{"type":"string","description":"The resource type of the group members. Possible values: [\"RESOURCE_TYPE_UNSPECIFIED\", \"INSTANCE\", \"AWS_ELB_LOAD_BALANCER\"]","description_kind":"plain","optional":true}},"description":"The group resource associated with the configuration.","description_kind":"plain"},"max_items":1},"synthetic_monitor":{"nesting_mode":"list","block":{"block_types":{"cloud_function_v2":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The fully qualified name of the cloud function resource.","description_kind":"plain","required":true}},"description":"Target a Synthetic Monitor GCFv2 Instance","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A Synthetic Monitor deployed to a Cloud Functions V2 instance.","description_kind":"plain"},"max_items":1},"tcp_check":{"nesting_mode":"list","block":{"attributes":{"port":{"type":"number","description":"The port to the page to run the check against. Will be combined with host (specified within the 'monitored_resource') to construct the full URL.","description_kind":"plain","required":true}},"block_types":{"ping_config":{"nesting_mode":"list","block":{"attributes":{"pings_count":{"type":"number","description":"Number of ICMP pings. A maximum of 3 ICMP pings is currently supported.","description_kind":"plain","required":true}},"description":"Contains information needed to add pings to a TCP check.","description_kind":"plain"},"max_items":1}},"description":"Contains information needed to make a TCP check.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_active_directory":{"version":0,"block":{"attributes":{"aes_encryption":{"type":"bool","description":"Enables AES-128 and AES-256 encryption for Kerberos-based communication with Active Directory.","description_kind":"plain","optional":true},"backup_operators":{"type":["list","string"],"description":"Domain user/group accounts to be added to the Backup Operators group of the SMB service. The Backup Operators group allows members to backup and restore files regardless of whether they have read or write access to the files. Comma-separated list.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"dns":{"type":"string","description":"Comma separated list of DNS server IP addresses for the Active Directory domain.","description_kind":"plain","required":true},"domain":{"type":"string","description":"Fully qualified domain name for the Active Directory domain.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encrypt_dc_connections":{"type":"bool","description":"If enabled, traffic between the SMB server to Domain Controller (DC) will be encrypted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kdc_hostname":{"type":"string","description":"Hostname of the Active Directory server used as Kerberos Key Distribution Center. Only requried for volumes using kerberized NFSv4.1","description_kind":"plain","optional":true},"kdc_ip":{"type":"string","description":"IP address of the Active Directory server used as Kerberos Key Distribution Center.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_signing":{"type":"bool","description":"Specifies whether or not the LDAP traffic needs to be signed.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Active Directory pool. Needs to be unique per location.","description_kind":"plain","required":true},"net_bios_prefix":{"type":"string","description":"NetBIOS name prefix of the server to be created.\nA five-character random ID is generated automatically, for example, -6f9a, and appended to the prefix. The full UNC share path will have the following format:\n'\\\\NetBIOS_PREFIX-ABCD.DOMAIN_NAME\\SHARE_NAME'","description_kind":"plain","required":true},"nfs_users_with_ldap":{"type":"bool","description":"Local UNIX users on clients without valid user information in Active Directory are blocked from access to LDAP enabled volumes.\nThis option can be used to temporarily switch such volumes to AUTH_SYS authentication (user ID + 1-16 groups).","description_kind":"plain","optional":true},"organizational_unit":{"type":"string","description":"Name of the Organizational Unit where you intend to create the computer account for NetApp Volumes.\nDefaults to 'CN=Computers' if left empty.","description_kind":"plain","optional":true,"computed":true},"password":{"type":"string","description":"Password for specified username. Note - Manual changes done to the password will not be detected. Terraform will not re-apply the password, unless you use a new password in Terraform.","description_kind":"plain","required":true,"sensitive":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"security_operators":{"type":["list","string"],"description":"Domain accounts that require elevated privileges such as 'SeSecurityPrivilege' to manage security logs. Comma-separated list.","description_kind":"plain","optional":true},"site":{"type":"string","description":"Specifies an Active Directory site to manage domain controller selection.\nUse when Active Directory domain controllers in multiple regions are configured. Defaults to 'Default-First-Site-Name' if left empty.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The state of the Active Directory policy (not the Active Directory itself).","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"The state details of the Active Directory.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Username for the Active Directory account with permissions to create the compute account within the specified organizational unit.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_policy":{"version":0,"block":{"attributes":{"assigned_volume_count":{"type":"number","description":"The total number of volumes assigned by this backup policy.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Create time of the backup policy. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"daily_backup_limit":{"type":"number","description":"Number of daily backups to keep. Note that the minimum daily backup limit is 2.","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"If enabled, make backups automatically according to the schedules.\nThis will be applied to all volumes that have this policy attached and enforced on volume level.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the region for the policy to apply to.","description_kind":"plain","required":true},"monthly_backup_limit":{"type":"number","description":"Number of monthly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the backup policy. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the backup policy.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"weekly_backup_limit":{"type":"number","description":"Number of weekly backups to keep. Note that the sum of daily, weekly and monthly backups should be greater than 1.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_backup_vault":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the backup vault. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location (region) of the backup vault.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the backup vault. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Backup Vault.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_kmsconfig":{"version":0,"block":{"attributes":{"crypto_key_name":{"type":"string","description":"Resource name of the KMS key to use. Only regional keys are supported. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{key_ring}}/cryptoKeys/{{key}}'.","description_kind":"plain","required":true},"description":{"type":"string","description":"Description for the CMEK policy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instructions":{"type":"string","description":"Access to the key needs to be granted. The instructions contain gcloud commands to run to grant access.\n\nTo make the policy work, a CMEK policy check is required, which verifies key access.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the policy location. CMEK policies apply to the whole region.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the CMEK policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The Service account which needs to have access to the provided KMS key.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_storage_pool":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Specifies the Active Directory policy to be used. Format: 'projects/{{project}}/locations/{{location}}/activeDirectories/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"capacity_gib":{"type":"string","description":"Capacity of the storage pool (in GiB).","description_kind":"plain","required":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports if volumes in the pool are encrypted using a Google-managed encryption key or CMEK.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_config":{"type":"string","description":"Specifies the CMEK policy to be used for volume encryption. Format: 'projects/{{project}}/locations/{{location}}/kmsConfigs/{{name}}'.\nThe policy needs to be in the same location as the storage pool.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"When enabled, the volumes uses Active Directory as LDAP name service for UID/GID lookups. Required to enable extended group support for NFSv3,\nusing security identifiers for NFSv4.1 or principal names for kerberized NFSv4.1.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the storage pool. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the storage pool. Possible values: [\"PREMIUM\", \"EXTREME\", \"STANDARD\"]","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"volume_capacity_gib":{"type":"string","description":"Size allocated to volumes in the storage pool (in GiB).","description_kind":"plain","computed":true},"volume_count":{"type":"number","description":"Number of volume in the storage pool.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume":{"version":0,"block":{"attributes":{"active_directory":{"type":"string","description":"Reports the resource name of the Active Directory policy being used. Inherited from storage pool.","description_kind":"plain","computed":true},"capacity_gib":{"type":"string","description":"Capacity of the volume (in GiB).","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Create time of the volume. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"Policy to determine if the volume should be deleted forcefully.\nVolumes may have nested snapshot resources. Deleting such a volume will fail.\nSetting this parameter to FORCE will delete volumes including nested snapshots.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_type":{"type":"string","description":"Reports the data-at-rest encryption type of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"has_replication":{"type":"bool","description":"Indicates whether the volume is part of a volume replication relationship.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kerberos_enabled":{"type":"bool","description":"Flag indicating if the volume is a kerberos volume or not, export policy rules control kerberos security modes (krb5, krb5i, krb5p).","description_kind":"plain","optional":true},"kms_config":{"type":"string","description":"Reports the CMEK policy resurce name being used for volume encryption. Inherited from storage pool.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"ldap_enabled":{"type":"bool","description":"Flag indicating if the volume is NFS LDAP enabled or not. Inherited from storage pool.","description_kind":"plain","computed":true},"location":{"type":"string","description":"Name of the pool location. Usually a region name, expect for some STANDARD service level pools which require a zone name.","description_kind":"plain","required":true},"mount_options":{"type":["list",["object",{"export":"string","export_full":"string","instructions":"string","protocol":"string"}]],"description":"Reports mount instructions for this volume.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"network":{"type":"string","description":"VPC network name with format: 'projects/{{project}}/global/networks/{{network}}'. Inherited from storage pool.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocols":{"type":["list","string"],"description":"The protocol of the volume. Allowed combinations are '['NFSV3']', '['NFSV4']', '['SMB']', '['NFSV3', 'NFSV4']', '['SMB', 'NFSV3']' and '['SMB', 'NFSV4']'. Possible values: [\"NFSV3\", \"NFSV4\", \"SMB\"]","description_kind":"plain","required":true},"psa_range":{"type":"string","description":"Name of the Private Service Access allocated range. Inherited from storage pool.","description_kind":"plain","computed":true},"restricted_actions":{"type":["list","string"],"description":"List of actions that are restricted on this volume. Possible values: [\"DELETE\"]","description_kind":"plain","optional":true},"security_style":{"type":"string","description":"Security Style of the Volume. Use UNIX to use UNIX or NFSV4 ACLs for file permissions.\nUse NTFS to use NTFS ACLs for file permissions. Can only be set for volumes which use SMB together with NFS as protocol. Possible values: [\"NTFS\", \"UNIX\"]","description_kind":"plain","optional":true,"computed":true},"service_level":{"type":"string","description":"Service level of the volume. Inherited from storage pool.","description_kind":"plain","computed":true},"share_name":{"type":"string","description":"Share name (SMB) or export path (NFS) of the volume. Needs to be unique per location.","description_kind":"plain","required":true},"smb_settings":{"type":["list","string"],"description":"Settings for volumes with SMB access. Possible values: [\"ENCRYPT_DATA\", \"BROWSABLE\", \"CHANGE_NOTIFY\", \"NON_BROWSABLE\", \"OPLOCKS\", \"SHOW_SNAPSHOT\", \"SHOW_PREVIOUS_VERSIONS\", \"ACCESS_BASED_ENUMERATION\", \"CONTINUOUSLY_AVAILABLE\"]","description_kind":"plain","optional":true},"snapshot_directory":{"type":"bool","description":"If enabled, a NFS volume will contain a read-only .snapshot directory which provides access to each of the volume's snapshots. Will enable \"Previous Versions\" support for SMB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the volume.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the volume.","description_kind":"plain","computed":true},"storage_pool":{"type":"string","description":"Name of the storage pool to create the volume in. Pool needs enough spare capacity to accomodate the volume.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"unix_permissions":{"type":"string","description":"Unix permission the mount point will be created with. Default is 0770. Applicable for UNIX security style volumes only.","description_kind":"plain","optional":true,"computed":true},"used_gib":{"type":"string","description":"Used capacity of the volume (in GiB). This is computed periodically and it does not represent the realtime usage.","description_kind":"plain","computed":true}},"block_types":{"export_policy":{"nesting_mode":"list","block":{"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"Defines the access type for clients matching the 'allowedClients' specification. Possible values: [\"READ_ONLY\", \"READ_WRITE\", \"READ_NONE\"]","description_kind":"plain","optional":true},"allowed_clients":{"type":"string","description":"Defines the client ingress specification (allowed clients) as a comma seperated list with IPv4 CIDRs or IPv4 host addresses.","description_kind":"plain","optional":true},"has_root_access":{"type":"string","description":"If enabled, the root user (UID = 0) of the specified clients doesn't get mapped to nobody (UID = 65534). This is also known as no_root_squash.","description_kind":"plain","optional":true},"kerberos5_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'authentication' kerberos security mode. The 'kerberos5ReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5i_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5i_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'integrity' kerberos security mode. The 'kerberos5iReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"kerberos5p_read_only":{"type":"bool","description":"If enabled (true) the rule defines a read only access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode.","description_kind":"plain","optional":true},"kerberos5p_read_write":{"type":"bool","description":"If enabled (true) the rule defines read and write access for clients matching the 'allowedClients' specification. It enables nfs clients to mount using 'privacy' kerberos security mode. The 'kerberos5pReadOnly' value is ignored if this is enabled.","description_kind":"plain","optional":true},"nfsv3":{"type":"bool","description":"Enable to apply the export rule to NFSV3 clients.","description_kind":"plain","optional":true},"nfsv4":{"type":"bool","description":"Enable to apply the export rule to NFSV4.1 clients.","description_kind":"plain","optional":true}},"description":"Export rules (up to 5) control NFS volume access.","description_kind":"plain"},"min_items":1}},"description":"Export policy of the volume for NFSV3 and/or NFSV4.1 access.","description_kind":"plain"},"max_items":1},"restore_parameters":{"nesting_mode":"list","block":{"attributes":{"source_backup":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/backupVaults/{{backupVaultId}}/backups/{{backup}}'.","description_kind":"plain","optional":true},"source_snapshot":{"type":"string","description":"Full name of the snapshot to use for creating this volume.\n'source_snapshot' and 'source_backup' cannot be used simultaneously.\nFormat: 'projects/{{project}}/locations/{{location}}/volumes/{{volume}}/snapshots/{{snapshot}}'.","description_kind":"plain","optional":true}},"description":"Used to create this volume from a snapshot (= cloning) or an backup.","description_kind":"plain"},"max_items":1},"snapshot_policy":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"Enables automated snapshot creation according to defined schedule. Default is false.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain","optional":true}},"block_types":{"daily_schedule":{"nesting_mode":"list","block":{"attributes":{"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the daily schedule.","description_kind":"plain","required":true}},"description":"Daily schedule policy.","description_kind":"plain"},"max_items":1},"hourly_schedule":{"nesting_mode":"list","block":{"attributes":{"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the hourly schedule.","description_kind":"plain","required":true}},"description":"Hourly schedule policy.","description_kind":"plain"},"max_items":1},"monthly_schedule":{"nesting_mode":"list","block":{"attributes":{"days_of_month":{"type":"string","description":"Set the day or days of the month to make a snapshot (1-31). Accepts a comma separated number of days. Defaults to '1'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the monthly schedule","description_kind":"plain","required":true}},"description":"Monthly schedule policy.","description_kind":"plain"},"max_items":1},"weekly_schedule":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Set the day or days of the week to make a snapshot. Accepts a comma separated days of the week. Defaults to 'Sunday'.","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Set the hour to create the snapshot (0-23), defaults to midnight (0).","description_kind":"plain","optional":true},"minute":{"type":"number","description":"Set the minute of the hour to create the snapshot (0-59), defaults to the top of the hour (0).","description_kind":"plain","optional":true},"snapshots_to_keep":{"type":"number","description":"The maximum number of snapshots to keep for the weekly schedule.","description_kind":"plain","required":true}},"description":"Weekly schedule policy.","description_kind":"plain"},"max_items":1}},"description":"Snapshot policy defines the schedule for automatic snapshot creation.\nTo disable automatic snapshot creation you have to remove the whole snapshot_policy block.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_replication":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Create time of the active directory. A timestamp in RFC3339 UTC \"Zulu\" format. Examples: \"2023-06-22T09:13:01.617Z\".","description_kind":"plain","computed":true},"delete_destination_volume":{"type":"bool","description":"A destination volume is created as part of replication creation. The destination volume will not became\nunder Terraform management unless you import it manually. If you delete the replication, this volume\nwill remain.\nSetting this parameter to true will delete the *current* destination volume when destroying the\nreplication. If you reversed the replication direction, this will be your former source volume!\nFor production use, it is recommended to keep this parameter false to avoid accidental volume\ndeletion. Handle with care. Default is false.","description_kind":"plain","optional":true},"description":{"type":"string","description":"An description of this resource.","description_kind":"plain","optional":true},"destination_volume":{"type":"string","description":"Full resource name of destination volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_stopping":{"type":"bool","description":"Only replications with mirror_state=MIRRORED can be stopped. A replication in mirror_state=TRANSFERRING\ncurrently receives an update and stopping the update might be undesirable. Set this parameter to true\nto stop anyway. All data transferred to the destination will be discarded and content of destination\nvolume will remain at the state of the last successful update. Default is false.","description_kind":"plain","optional":true},"healthy":{"type":"bool","description":"Condition of the relationship. Can be one of the following:\n - true: The replication relationship is healthy. It has not missed the most recent scheduled transfer.\n - false: The replication relationship is not healthy. It has missed the most recent scheduled transfer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of region for this resource. The resource needs to be created in the region of the destination volume.","description_kind":"plain","required":true},"mirror_state":{"type":"string","description":"Indicates the state of the mirror between source and destination volumes. Depending on the amount of data\nin your source volume, PREPARING phase can take hours or days. mirrorState = MIRRORED indicates your baseline\ntransfer ended and destination volume became accessible read-only. TRANSFERRING means a MIRRORED volume\ncurrently receives an update. Updated every 5 minutes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the replication. Needs to be unique per location.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"replication_enabled":{"type":"bool","description":"Set to false to stop/break the mirror. Stopping the mirror makes the destination volume read-write\nand act independently from the source volume.\nSet to true to enable/resume the mirror. WARNING: Resuming a mirror overwrites any changes\ndone to the destination volume with the content of the source volume.","description_kind":"plain","optional":true},"replication_schedule":{"type":"string","description":"Specifies the replication interval. Possible values: [\"EVERY_10_MINUTES\", \"HOURLY\", \"DAILY\"]","description_kind":"plain","required":true},"role":{"type":"string","description":"Reverting a replication can swap source and destination volume roles. This field indicates if the 'location' hosts\nthe source or destination volume. For resume and revert and resume operations it is critical to understand\nwhich volume is the source volume, since it will overwrite changes done to the destination volume.","description_kind":"plain","computed":true},"source_volume":{"type":"string","description":"Full resource name of source volume with format: 'projects/{{project}}/locations/{{location}}/volumes/{{volumeId}}'","description_kind":"plain","computed":true},"state":{"type":"string","description":"Indicates the state of replication resource. State of the mirror itself is indicated in mirrorState.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"State details of the replication resource.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"transfer_stats":{"type":["list",["object",{"lag_duration":"string","last_transfer_bytes":"string","last_transfer_duration":"string","last_transfer_end_time":"string","last_transfer_error":"string","total_transfer_duration":"string","transfer_bytes":"string","update_time":"string"}]],"description":"Replication transfer statistics. All statistics are updated every 5 minutes.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the existing source volume.","description_kind":"plain","required":true},"wait_for_mirror":{"type":"bool","description":"Replication resource state is independent of mirror_state. With enough data, it can take many hours\nfor mirror_state to reach MIRRORED. If you want Terraform to wait for the mirror to finish on\ncreate/stop/resume operations, set this parameter to true. Default is false.","description_kind":"plain","optional":true}},"block_types":{"destination_volume_parameters":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description for the destination volume.","description_kind":"plain","optional":true},"share_name":{"type":"string","description":"Share name for destination volume. If not specified, name of source volume's share name will be used.","description_kind":"plain","optional":true,"computed":true},"storage_pool":{"type":"string","description":"Name of an existing storage pool for the destination volume with format: 'projects/{{project}}/locations/{{location}}/storagePools/{{poolId}}'","description_kind":"plain","required":true},"volume_id":{"type":"string","description":"Name for the destination volume to be created. If not specified, the name of the source volume will be used.","description_kind":"plain","optional":true,"computed":true}},"description":"Destination volume parameters.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_netapp_volume_snapshot":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"Description for the snapshot.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs. Example: '{ \"owner\": \"Bob\", \"department\": \"finance\", \"purpose\": \"testing\" }'.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Name of the snapshot location. Snapshots are child resources of volumes and live in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the snapshot.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"used_bytes":{"type":"number","description":"Storage used to store blocks unique to this snapshot.","description_kind":"plain","computed":true},"volume_name":{"type":"string","description":"The name of the volume to create the snapshot in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_hub":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the hub was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the hub.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Immutable. The name of the hub. Hub names must be unique. They use the following form: `projects/{project_number}/locations/global/hubs/{hub_id}`","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"routing_vpcs":{"type":["list",["object",{"uri":"string"}]],"description":"The VPC network associated with this hub's spokes. All of the VPN tunnels, VLAN attachments, and router appliance instances referenced by this hub's spokes must belong to this VPC network. This field is read-only. Network Connectivity Center automatically populates it based on the set of spokes attached to the hub.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this hub. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the hub. This value is unique across all hub resources. If a hub is deleted and another with the same name is created, the new hub is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the hub was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_internal_range":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP range that this internal range defines.","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"overlaps":{"type":["list","string"],"description":"Optional. Types of resources that are allowed to overlap with the current internal range. Possible values: [\"OVERLAP_ROUTE_RANGE\", \"OVERLAP_EXISTING_SUBNET_RANGE\"]","description_kind":"plain","optional":true},"peering":{"type":"string","description":"The type of peering set for this internal range. Possible values: [\"FOR_SELF\", \"FOR_PEER\", \"NOT_SHARED\"]","description_kind":"plain","required":true},"prefix_length":{"type":"number","description":"An alternate to ipCidrRange. Can be set when trying to create a reservation that automatically finds a free range of the given size.\nIf both ipCidrRange and prefixLength are set, there is an error if the range sizes do not match. Can also be used during updates to change the range size.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"target_cidr_range":{"type":["list","string"],"description":"Optional. Can be set to narrow down or pick a different address space while searching for a free range.\nIf not set, defaults to the \"10.0.0.0/8\" address space. This can be used to search in other rfc-1918 address spaces like \"172.16.0.0/12\" and \"192.168.0.0/16\" or non-rfc-1918 address spaces used in the VPC.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"usage":{"type":"string","description":"The type of usage set for this InternalRange. Possible values: [\"FOR_VPC\", \"EXTERNAL_TO_VPC\"]","description_kind":"plain","required":true},"users":{"type":["list","string"],"description":"Output only. The list of resources that refer to this internal range.\nResources that use the internal range for their range allocation are referred to as users of the range.\nOther resources mark themselves as users while doing so by creating a reference to this internal range. Having a user, based on this reference, prevents deletion of the internal range referred to. Can be empty.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_policy_based_route":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kind":{"type":"string","description":"Type of this resource.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the policy based route.","description_kind":"plain","required":true},"network":{"type":"string","description":"Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.","description_kind":"plain","required":true},"next_hop_ilb_ip":{"type":"string","description":"The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.","description_kind":"plain","optional":true},"next_hop_other_routes":{"type":"string","description":"Other routes that will be referenced to determine the next hop of the packet. Possible values: [\"DEFAULT_ROUTING\"]","description_kind":"plain","optional":true},"priority":{"type":"number","description":"The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time when the policy-based route was created.","description_kind":"plain","computed":true},"warnings":{"type":["list",["object",{"code":"string","data":["map","string"],"warning_message":"string"}]],"description":"If potential misconfigurations are detected for this route, this field will be populated with warning messages.","description_kind":"plain","computed":true}},"block_types":{"filter":{"nesting_mode":"list","block":{"attributes":{"dest_range":{"type":"string","description":"The destination IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true},"ip_protocol":{"type":"string","description":"The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.","description_kind":"plain","optional":true},"protocol_version":{"type":"string","description":"Internet protocol versions this policy-based route applies to. Possible values: [\"IPV4\"]","description_kind":"plain","required":true},"src_range":{"type":"string","description":"The source IP range of outgoing packets that this policy-based route applies to. Default is \"0.0.0.0/0\" if protocol version is IPv4.","description_kind":"plain","optional":true}},"description":"The filter to match L4 traffic.","description_kind":"plain"},"min_items":1,"max_items":1},"interconnect_attachment":{"nesting_mode":"list","block":{"attributes":{"region":{"type":"string","description":"Cloud region to install this policy-based route on for Interconnect attachments. Use 'all' to install it on all Interconnect attachments.","description_kind":"plain","required":true}},"description":"The interconnect attachments that this policy-based route applies to.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"tags":{"type":["list","string"],"description":"A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.","description_kind":"plain","required":true}},"description":"VM instances to which this policy-based route applies to.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_connectivity_service_connection_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"infrastructure":{"type":"string","description":"The type of underlying resources used to create the connection.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"User-defined labels.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the ServiceConnectionPolicy.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names","description_kind":"plain","required":true},"network":{"type":"string","description":"The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"consumer_address":"string","consumer_forwarding_rule":"string","consumer_target_project":"string","error":["list",["object",{"code":"number","details":["list",["map","string"]],"message":"string"}]],"error_info":["list",["object",{"domain":"string","metadata":["map","string"],"reason":"string"}]],"error_type":"string","gce_operation":"string","psc_connection_id":"string","state":"string"}]],"description":"Information about each Private Service Connect connection.","description_kind":"plain","computed":true},"service_class":{"type":"string","description":"The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.\nIt is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.","description_kind":"plain","computed":true}},"block_types":{"psc_config":{"nesting_mode":"list","block":{"attributes":{"limit":{"type":"string","description":"Max number of PSC connections for this policy.","description_kind":"plain","optional":true},"subnetworks":{"type":["list","string"],"description":"IDs of the subnetworks or fully qualified identifiers for the subnetworks","description_kind":"plain","required":true}},"description":"Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_connectivity_spoke":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time the spoke was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of the spoke.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"hub":{"type":"string","description":"Immutable. The URI of the hub that this spoke is attached to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional labels in key:value format. For more information about labels, see [Requirements for labels](https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the spoke. Spoke names must be unique.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Output only. The current lifecycle state of this spoke. Possible values: STATE_UNSPECIFIED, CREATING, ACTIVE, DELETING","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"unique_id":{"type":"string","description":"Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time the spoke was last updated.","description_kind":"plain","computed":true}},"block_types":{"linked_interconnect_attachments":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked interconnect attachment resources","description_kind":"plain","required":true}},"description":"A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.","description_kind":"plain"},"max_items":1},"linked_router_appliance_instances":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true}},"block_types":{"instances":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"The IP address on the VM to use for peering.","description_kind":"plain","optional":true},"virtual_machine":{"type":"string","description":"The URI of the virtual machine resource","description_kind":"plain","optional":true}},"description":"The list of router appliance instances","description_kind":"plain"},"min_items":1}},"description":"The URIs of linked Router appliance resources","description_kind":"plain"},"max_items":1},"linked_vpc_network":{"nesting_mode":"list","block":{"attributes":{"exclude_export_ranges":{"type":["list","string"],"description":"IP ranges encompassing the subnets to be excluded from peering.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"The URI of the VPC network resource.","description_kind":"plain","required":true}},"description":"VPC network that is associated with the spoke.","description_kind":"plain"},"max_items":1},"linked_vpn_tunnels":{"nesting_mode":"list","block":{"attributes":{"site_to_site_data_transfer":{"type":"bool","description":"A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.","description_kind":"plain","required":true},"uris":{"type":["list","string"],"description":"The URIs of linked VPN tunnel resources.","description_kind":"plain","required":true}},"description":"The URIs of linked VPN tunnel resources","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_management_connectivity_test":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The user-supplied description of the Connectivity Test.\nMaximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Unique name for the connectivity test.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"IP Protocol of the test. When not provided, \"TCP\" is assumed.","description_kind":"plain","optional":true},"related_projects":{"type":["list","string"],"description":"Other projects that may be relevant for reachability analysis.\nThis is applicable to scenarios where a test can cross project\nboundaries.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"destination":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n1. Only the IP address is specified, and the IP address is within\na GCP project. 2. When you are using Shared VPC and the IP address\nthat you provide is from the service project. In this case, the\nnetwork that the IP address resides in is defined in the host\nproject.","description_kind":"plain","optional":true}},"description":"Required. Destination specification of the Connectivity Test.\n\nYou can use a combination of destination IP address, Compute\nEngine VM instance, or VPC network to uniquely identify the\ndestination location.\n\nEven if the destination IP address is not unique, the source IP\nlocation is unique. Usually, the analysis can infer the destination\nendpoint from route information.\n\nIf the destination you specify is a VM instance and the instance has\nmultiple network interfaces, then you must also specify either a\ndestination IP address or VPC network to identify the destination\ninterface.\n\nA reachability analysis proceeds even if the destination location\nis ambiguous. However, the result can include endpoints that you\ndon't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"source":{"nesting_mode":"list","block":{"attributes":{"instance":{"type":"string","description":"A Compute Engine instance URI.","description_kind":"plain","optional":true},"ip_address":{"type":"string","description":"The IP address of the endpoint, which can be an external or\ninternal IP. An IPv6 address is only allowed when the test's\ndestination is a global load balancer VIP.","description_kind":"plain","optional":true},"network":{"type":"string","description":"A Compute Engine network URI.","description_kind":"plain","optional":true},"network_type":{"type":"string","description":"Type of the network where the endpoint is located. Possible values: [\"GCP_NETWORK\", \"NON_GCP_NETWORK\"]","description_kind":"plain","optional":true},"port":{"type":"number","description":"The IP protocol port of the endpoint. Only applicable when\nprotocol is TCP or UDP.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project ID where the endpoint is located. The Project ID can be\nderived from the URI if you provide a VM instance or network URI.\nThe following are two cases where you must provide the project ID:\n\n1. Only the IP address is specified, and the IP address is\n within a GCP project.\n2. When you are using Shared VPC and the IP address\n that you provide is from the service project. In this case,\n the network that the IP address resides in is defined in the\n host project.","description_kind":"plain","optional":true}},"description":"Required. Source specification of the Connectivity Test.\n\nYou can use a combination of source IP address, virtual machine\n(VM) instance, or Compute Engine network to uniquely identify the\nsource location.\n\nExamples: If the source IP address is an internal IP address within\na Google Cloud Virtual Private Cloud (VPC) network, then you must\nalso specify the VPC network. Otherwise, specify the VM instance,\nwhich already contains its internal IP address and VPC network\ninformation.\n\nIf the source of the test is within an on-premises network, then\nyou must provide the destination VPC network.\n\nIf the source endpoint is a Compute Engine VM instance with multiple\nnetwork interfaces, the instance itself is not sufficient to\nidentify the endpoint. So, you must also specify the source IP\naddress or VPC network.\n\nA reachability analysis proceeds even if the source location is\nambiguous. However, the test result may include endpoints that\nyou don't intend to test.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group":{"version":0,"block":{"attributes":{"capacity":{"type":"number","description":"Capacity of the Address Group.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"items":{"type":["list","string"],"description":"List of items.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the AddressGroup resource.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the AddressGroup resource.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the Address Group. Possible values are \"IPV4\" or \"IPV6\". Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_address_group_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_network_security_gateway_security_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource. Name is of the form projects/{project}/locations/{location}/gatewaySecurityPolicies/{gatewaySecurityPolicy}\ngatewaySecurityPolicy should match the pattern:(^a-z?$).","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_gateway_security_policy_rule":{"version":0,"block":{"attributes":{"application_matcher":{"type":"string","description":"CEL expression for matching on L7/application level criteria.","description_kind":"plain","optional":true},"basic_profile":{"type":"string","description":"Profile which tells what the primitive action should be. Possible values are: * ALLOW * DENY. Possible values: [\"BASIC_PROFILE_UNSPECIFIED\", \"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The timestamp when the resource was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\"","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether the rule is enforced.","description_kind":"plain","required":true},"gateway_security_policy":{"type":"string","description":"The name of the gatewat security policy this rule belongs to.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the gateway security policy.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the resource. ame is the full resource name so projects/{project}/locations/{location}/gatewaySecurityPolicies/{gateway_security_policy}/rules/{rule}\nrule should match the pattern: (^a-z?$).","description_kind":"plain","required":true},"priority":{"type":"number","description":"Priority of the rule. Lower number corresponds to higher precedence.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"session_matcher":{"type":"string","description":"CEL expression for matching on session criteria.","description_kind":"plain","required":true},"tls_inspection_enabled":{"type":"bool","description":"Flag to enable TLS inspection of traffic matching on. Can only be true if the\nparent GatewaySecurityPolicy references a TLSInspectionConfig.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The timestamp when the resource was updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_security_url_lists":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Time when the security policy was created.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'","description_kind":"plain","computed":true},"description":{"type":"string","description":"Free-text description of the resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the url lists.","description_kind":"plain","required":true},"name":{"type":"string","description":"Short name of the UrlList resource to be created.\nThis value should be 1-63 characters long, containing only letters, numbers, hyphens, and underscores, and should not start with a number. E.g. 'urlList'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Output only. Time when the security policy was updated.\nA timestamp in RFC3339 UTC 'Zulu' format, with nanosecond resolution and up to nine fractional digits.\nExamples: '2014-10-02T15:01:23Z' and '2014-10-02T15:01:23.045123456Z'.","description_kind":"plain","computed":true},"values":{"type":["list","string"],"description":"FQDNs and URLs.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_keyset":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the public key. The ID must be 1-63 characters long, and comply with RFC1035.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]*\nwhich means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"managed":{"type":"bool","description":"Set to true to have the CDN automatically manage this public key value.","description_kind":"plain","optional":true},"value":{"type":"string","description":"The base64-encoded value of the Ed25519 public key. The base64 encoding can be padded (44 bytes) or unpadded (43 bytes).\nRepresentations or encodings of the public key other than this will be rejected with an error.","description_kind":"plain","optional":true,"sensitive":true}},"description":"An ordered list of Ed25519 public keys to use for validating signed requests.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.\nYou may specify no more than one Google-managed public key.\nIf you specify 'public_keys', you must specify at least one (1) key and may specify up to three (3) keys.\n\nEd25519 public keys are not secret, and only allow Google to validate a request was signed by your corresponding private key.\nEnsure that the private key is kept secret, and that only authorized users can add public keys to a keyset.","description_kind":"plain"},"max_items":3},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"validation_shared_keys":{"nesting_mode":"list","block":{"attributes":{"secret_version":{"type":"string","description":"The name of the secret version in Secret Manager.\n\nThe resource name of the secret version must be in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the secrets themselves.\nThe secrets must be at least 16 bytes large. The recommended secret size depends on the signature algorithm you are using.\n* If you are using HMAC-SHA1, we suggest 20-byte secrets.\n* If you are using HMAC-SHA256, we suggest 32-byte secrets.\nSee RFC 2104, Section 3 for more details on these recommendations.","description_kind":"plain","required":true}},"description":"An ordered list of shared keys to use for validating signed requests.\nShared keys are secret. Ensure that only authorized users can add 'validation_shared_keys' to a keyset.\nYou can rotate keys by appending (pushing) a new key to the list of 'validation_shared_keys' and removing any superseded keys.\nYou must specify 'public_keys' or 'validation_shared_keys' (or both). The keys in 'public_keys' are checked first.","description_kind":"plain"},"max_items":3}},"description_kind":"plain"}},"google_network_services_edge_cache_origin":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"failover_origin":{"type":"string","description":"The Origin resource to try when the current origin cannot be reached.\nAfter maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.\n\nThe value of timeout.maxAttemptsTimeout dictates the timeout across all origins.\nA reference to a Topic resource.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"max_attempts":{"type":"number","description":"The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.\n\nOnce maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,\nretryConditions and failoverOrigin to control its own cache fill failures.\n\nThe total number of allowed attempts to cache fill across this and failover origins is limited to four.\nThe total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.\n\nThe last valid, non-retried response from all origins will be returned to the client.\nIf no origin returns a valid response, an HTTP 502 will be returned to the client.\n\nDefaults to 1. Must be a value greater than 0 and less than 4.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"origin_address":{"type":"string","description":"A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.\n\nThis address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname\n\nWhen providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.\nIf a Cloud Storage bucket is provided, it must be in the canonical \"gs://bucketname\" format. Other forms, such as \"storage.googleapis.com\", will be rejected.","description_kind":"plain","required":true},"port":{"type":"number","description":"The port to connect to the origin on.\nDefaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"protocol":{"type":"string","description":"The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security \u0026 performance.\n\nWhen using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server. Possible values: [\"HTTP2\", \"HTTPS\", \"HTTP\"]","description_kind":"plain","optional":true,"computed":true},"retry_conditions":{"type":["list","string"],"description":"Specifies one or more retry conditions for the configured origin.\n\nIf the failure mode during a connection attempt to the origin matches the configured retryCondition(s),\nthe origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.\n\nThe default retryCondition is \"CONNECT_FAILURE\".\n\nretryConditions apply to this origin, and not subsequent failoverOrigin(s),\nwhich may specify their own retryConditions and maxAttempts.\n\nValid values are:\n\n- CONNECT_FAILURE: Retry on failures connecting to origins, for example due to connection timeouts.\n- HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.\n- GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.\n- RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)\n- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.\n- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: [\"CONNECT_FAILURE\", \"HTTP_5XX\", \"GATEWAY_ERROR\", \"RETRIABLE_4XX\", \"NOT_FOUND\", \"FORBIDDEN\"]","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"aws_v4_authentication":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"The access key ID your origin uses to identify the key.","description_kind":"plain","required":true},"origin_region":{"type":"string","description":"The name of the AWS region that your origin is in.","description_kind":"plain","required":true},"secret_access_key_version":{"type":"string","description":"The Secret Manager secret version of the secret access key used by your origin.\n\nThis is the resource name of the secret version in the format 'projects/*/secrets/*/versions/*' where the '*' values are replaced by the project, secret, and version you require.","description_kind":"plain","required":true}},"description":"Enable AWS Signature Version 4 origin authentication.","description_kind":"plain"},"max_items":1},"origin_override_action":{"nesting_mode":"list","block":{"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_headers_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.\n\nBy default, added header values are appended\nto the response or request headers with the\nsame field names. The added values are\nseparated by commas.\n\nTo overwrite existing values, set 'replace' to 'true'.","description_kind":"plain","optional":true}},"description":"Describes a header to add.\n\nYou may add a maximum of 25 request headers.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding and removing\nheaders, for request handled by this origin.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected\norigin, the request's host header is replaced with\ncontents of the hostRewrite.\n\nThis value must be between 1 and 255 characters.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for request that are\nhandled by this origin.","description_kind":"plain"},"max_items":1}},"description":"The override actions, including url rewrites and header\nadditions, for requests that use this origin.","description_kind":"plain"},"max_items":1},"origin_redirect":{"nesting_mode":"list","block":{"attributes":{"redirect_conditions":{"type":["list","string"],"description":"The set of redirect response codes that the CDN\nfollows. Values of\n[RedirectConditions](https://cloud.google.com/media-cdn/docs/reference/rest/v1/projects.locations.edgeCacheOrigins#redirectconditions)\nare accepted.","description_kind":"plain","optional":true}},"description":"Follow redirects from this origin.","description_kind":"plain"},"max_items":1},"timeout":{"nesting_mode":"list","block":{"attributes":{"connect_timeout":{"type":"string","description":"The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.\n\nDefaults to 5 seconds. The timeout must be a value between 1s and 15s.\n\nThe connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.","description_kind":"plain","optional":true},"max_attempts_timeout":{"type":"string","description":"The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nIf a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.","description_kind":"plain","optional":true},"read_timeout":{"type":"string","description":"The maximum duration to wait between reads of a single HTTP connection/stream.\n\nDefaults to 15 seconds. The timeout must be a value between 1s and 30s.\n\nThe readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true},"response_timeout":{"type":"string","description":"The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.\n\nDefaults to 30 seconds. The timeout must be a value between 1s and 120s.\n\nThe responseTimeout starts after the connection has been established.\n\nThis also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.\n\nIf the response headers have already been written to the connection, the response will be truncated and logged.","description_kind":"plain","optional":true}},"description":"The connection and HTTP timeout configuration for this origin.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_edge_cache_service":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"disable_http2":{"type":"bool","description":"Disables HTTP/2.\n\nHTTP/2 (h2) is enabled by default and recommended for performance. HTTP/2 improves connection re-use and reduces connection setup overhead by sending multiple streams over the same connection.\n\nSome legacy HTTP clients may have issues with HTTP/2 connections due to broken HTTP/2 implementations. Setting this to true will prevent HTTP/2 from being advertised and negotiated.","description_kind":"plain","optional":true},"disable_quic":{"type":"bool","description":"HTTP/3 (IETF QUIC) and Google QUIC are enabled by default.","description_kind":"plain","optional":true,"computed":true},"edge_security_policy":{"type":"string","description":"Resource URL that points at the Cloud Armor edge security policy that is applied on each request against the EdgeCacheService.","description_kind":"plain","optional":true},"edge_ssl_certificates":{"type":["list","string"],"description":"URLs to sslCertificate resources that are used to authenticate connections between users and the EdgeCacheService.\n\nNote that only \"global\" certificates with a \"scope\" of \"EDGE_CACHE\" can be attached to an EdgeCacheService.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ipv4_addresses":{"type":["list","string"],"description":"The IPv4 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"ipv6_addresses":{"type":["list","string"],"description":"The IPv6 addresses associated with this service. Addresses are static for the lifetime of the service.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the EdgeCache resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,\nand all following characters must be a dash, underscore, letter or digit.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"require_tls":{"type":"bool","description":"Require TLS (HTTPS) for all clients connecting to this service.\n\nClients who connect over HTTP (port 80) will receive a HTTP 301 to the same URL over HTTPS (port 443).\nYou must have at least one (1) edgeSslCertificate specified to enable this.","description_kind":"plain","optional":true,"computed":true},"ssl_policy":{"type":"string","description":"URL of the SslPolicy resource that will be associated with the EdgeCacheService.\n\nIf not set, the EdgeCacheService has no SSL policy configured, and will default to the \"COMPATIBLE\" policy.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"log_config":{"nesting_mode":"list","block":{"attributes":{"enable":{"type":"bool","description":"Specifies whether to enable logging for traffic served by this service.","description_kind":"plain","optional":true,"computed":true},"sample_rate":{"type":"number","description":"Configures the sampling rate of requests, where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0, and the value of the field must be in [0, 1].\n\nThis field can only be specified if logging is enabled for this service.","description_kind":"plain","optional":true}},"description":"Specifies the logging options for the traffic served by this service. If logging is enabled, logs will be exported to Cloud Logging.","description_kind":"plain"},"max_items":1},"routing":{"nesting_mode":"list","block":{"block_types":{"host_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the hostRule.","description_kind":"plain","optional":true},"hosts":{"type":["list","string"],"description":"The list of host patterns to match.\n\nHost patterns must be valid hostnames. Ports are not allowed. Wildcard hosts are supported in the suffix or prefix form. * matches any string of ([a-z0-9-.]*). It does not match the empty string.\n\nWhen multiple hosts are specified, hosts are matched in the following priority:\n\n 1. Exact domain names: ''www.foo.com''.\n 2. Suffix domain wildcards: ''*.foo.com'' or ''*-bar.foo.com''.\n 3. Prefix domain wildcards: ''foo.*'' or ''foo-*''.\n 4. Special wildcard ''*'' matching any domain.\n\n Notes:\n\n The wildcard will not match the empty string. e.g. ''*-bar.foo.com'' will match ''baz-bar.foo.com'' but not ''-bar.foo.com''. The longest wildcards match first. Only a single host in the entire service can match on ''*''. A domain must be unique across all configured hosts within a service.\n\n Hosts are matched against the HTTP Host header, or for HTTP/2 and HTTP/3, the \":authority\" header, from the incoming request.\n\n You may specify up to 10 hosts.","description_kind":"plain","required":true},"path_matcher":{"type":"string","description":"The name of the pathMatcher associated with this hostRule.","description_kind":"plain","required":true}},"description":"The list of hostRules to match against. These rules define which hostnames the EdgeCacheService will match against, and which route configurations apply.","description_kind":"plain"},"min_items":1,"max_items":10},"path_matcher":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name to which this PathMatcher is referred by the HostRule.","description_kind":"plain","required":true}},"block_types":{"route_rule":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"A human-readable description of the routeRule.","description_kind":"plain","optional":true},"origin":{"type":"string","description":"The Origin resource that requests to this route should fetch from when a matching response is not in cache. Origins can be defined as short names (\"my-origin\") or fully-qualified resource URLs - e.g. \"networkservices.googleapis.com/projects/my-project/global/edgecacheorigins/my-origin\"\n\nOnly one of origin or urlRedirect can be set.","description_kind":"plain","optional":true},"priority":{"type":"string","description":"The priority of this route rule, where 1 is the highest priority.\n\nYou cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number between 1 and 999 inclusive.\n\nPriority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers\nto which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.","description_kind":"plain","required":true}},"block_types":{"header_action":{"nesting_mode":"list","block":{"block_types":{"request_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Describes a header to add.","description_kind":"plain"},"max_items":25},"request_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to remove.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25},"response_header_to_add":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"The name of the header to add.","description_kind":"plain","required":true},"header_value":{"type":"string","description":"The value of the header to add.","description_kind":"plain","required":true},"replace":{"type":"bool","description":"Whether to replace all existing headers with the same name.","description_kind":"plain","optional":true,"computed":true}},"description":"Headers to add to the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain"},"max_items":25},"response_header_to_remove":{"nesting_mode":"list","block":{"attributes":{"header_name":{"type":"string","description":"Headers to remove from the response prior to sending it back to the client.\n\nResponse headers are only sent to the client, and do not have an effect on the cache serving the response.","description_kind":"plain","required":true}},"description":"A list of header names for headers that need to be removed from the request prior to forwarding the request to the origin.","description_kind":"plain"},"max_items":25}},"description":"The header actions, including adding \u0026 removing headers, for requests that match this route.","description_kind":"plain"},"max_items":1},"match_rule":{"nesting_mode":"list","block":{"attributes":{"full_path_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL.","description_kind":"plain","optional":true},"ignore_case":{"type":"bool","description":"Specifies that prefixMatch and fullPathMatch matches are case sensitive.","description_kind":"plain","optional":true,"computed":true},"path_template_match":{"type":"string","description":"For satisfying the matchRule condition, the path of the request\nmust match the wildcard pattern specified in pathTemplateMatch\nafter removing any query parameters and anchor that may be part\nof the original URL.\n\npathTemplateMatch must be between 1 and 255 characters\n(inclusive). The pattern specified by pathTemplateMatch may\nhave at most 5 wildcard operators and at most 5 variable\ncaptures in total.","description_kind":"plain","optional":true},"prefix_match":{"type":"string","description":"For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /.","description_kind":"plain","optional":true}},"block_types":{"header_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The value of the header should exactly match contents of exactMatch.","description_kind":"plain","optional":true},"header_name":{"type":"string","description":"The header name to match on.","description_kind":"plain","required":true},"invert_match":{"type":"bool","description":"If set to false (default), the headerMatch is considered a match if the match criteria above are met.\nIf set to true, the headerMatch is considered a match if the match criteria above are NOT met.","description_kind":"plain","optional":true,"computed":true},"prefix_match":{"type":"string","description":"The value of the header must start with the contents of prefixMatch.","description_kind":"plain","optional":true},"present_match":{"type":"bool","description":"A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value.","description_kind":"plain","optional":true},"suffix_match":{"type":"string","description":"The value of the header must end with the contents of suffixMatch.","description_kind":"plain","optional":true}},"description":"Specifies a list of header match criteria, all of which must match corresponding headers in the request.","description_kind":"plain"},"max_items":3},"query_parameter_match":{"nesting_mode":"list","block":{"attributes":{"exact_match":{"type":"string","description":"The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.","description_kind":"plain","required":true},"present_match":{"type":"bool","description":"Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not.","description_kind":"plain","optional":true}},"description":"Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request.","description_kind":"plain"},"max_items":5}},"description":"The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates\nwithin a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.","description_kind":"plain"},"min_items":1,"max_items":5},"route_action":{"nesting_mode":"list","block":{"block_types":{"cdn_policy":{"nesting_mode":"list","block":{"attributes":{"cache_mode":{"type":"string","description":"Cache modes allow users to control the behaviour of the cache, what content it should cache automatically, whether to respect origin headers, or whether to unconditionally cache all responses.\n\nFor all cache modes, Cache-Control headers will be passed to the client. Use clientTtl to override what is sent to the client. Possible values: [\"CACHE_ALL_STATIC\", \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", \"BYPASS_CACHE\"]","description_kind":"plain","optional":true,"computed":true},"client_ttl":{"type":"string","description":"Specifies a separate client (e.g. browser client) TTL, separate from the TTL used by the edge caches. Leaving this empty will use the same cache TTL for both the CDN and the client-facing response.\n\n- The TTL must be \u003e 0 and \u003c= 86400s (1 day)\n- The clientTtl cannot be larger than the defaultTtl (if set)\n- Fractions of a second are not allowed.\n\nOmit this field to use the defaultTtl, or the max-age set by the origin, as the client-facing TTL.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true},"default_ttl":{"type":"string","description":"Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).\n\nDefaults to 3600s (1 hour).\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\" (equivalent to must-revalidate)\n- The value of defaultTTL cannot be set to a value greater than that of maxTTL.\n- Fractions of a second are not allowed.\n- When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses.\n\nNote that infrequently accessed objects may be evicted from the cache before the defined TTL. Objects that expire will be revalidated with the origin.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\" or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"max_ttl":{"type":"string","description":"Specifies the maximum allowed TTL for cached content served by this origin.\n\nDefaults to 86400s (1 day).\n\nCache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTtl seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive.\n\n- The TTL must be \u003e= 0 and \u003c= 31,536,000 seconds (1 year)\n- Setting a TTL of \"0\" means \"always revalidate\"\n- The value of maxTtl must be equal to or greater than defaultTtl.\n- Fractions of a second are not allowed.\n\nWhen the cache mode is set to \"USE_ORIGIN_HEADERS\", \"FORCE_CACHE_ALL\", or \"BYPASS_CACHE\", you must omit this field.\n\nA duration in seconds terminated by 's'. Example: \"3s\".","description_kind":"plain","optional":true,"computed":true},"negative_caching":{"type":"bool","description":"Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency.\n\nBy default, the CDNPolicy will apply the following default TTLs to these status codes:\n\n- HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m\n- HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s\n- HTTP 405 (Method Not Found), 414 (URI Too Long), 501 (Not Implemented): 60s\n\nThese defaults can be overridden in negativeCachingPolicy","description_kind":"plain","optional":true},"negative_caching_policy":{"type":["map","string"],"description":"Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy.\n\n- Omitting the policy and leaving negativeCaching enabled will use the default TTLs for each status code, defined in negativeCaching.\n- TTLs must be \u003e= 0 (where 0 is \"always revalidate\") and \u003c= 86400s (1 day)\n\nNote that when specifying an explicit negativeCachingPolicy, you should take care to specify a cache TTL for all response codes that you wish to cache. The CDNPolicy will not apply any default negative caching when a policy exists.","description_kind":"plain","optional":true},"signed_request_keyset":{"type":"string","description":"The EdgeCacheKeyset containing the set of public keys used to validate signed requests at the edge.","description_kind":"plain","optional":true,"computed":true},"signed_request_maximum_expiration_ttl":{"type":"string","description":"Limit how far into the future the expiration time of a signed request may be.\n\nWhen set, a signed request is rejected if its expiration time is later than now + signedRequestMaximumExpirationTtl, where now is the time at which the signed request is first handled by the CDN.\n\n- The TTL must be \u003e 0.\n- Fractions of a second are not allowed.\n\nBy default, signedRequestMaximumExpirationTtl is not set and the expiration time of a signed request may be arbitrarily far into future.","description_kind":"plain","optional":true},"signed_request_mode":{"type":"string","description":"Whether to enforce signed requests. The default value is DISABLED, which means all content is public, and does not authorize access.\n\nYou must also set a signedRequestKeyset to enable signed requests.\n\nWhen set to REQUIRE_SIGNATURES, all matching requests will have their signature validated. Requests that were not signed with the corresponding private key, or that are otherwise invalid (expired, do not match the signature, IP address, or header) will be rejected with a HTTP 403 and (if enabled) logged. Possible values: [\"DISABLED\", \"REQUIRE_SIGNATURES\", \"REQUIRE_TOKENS\"]","description_kind":"plain","optional":true,"computed":true}},"block_types":{"add_signatures":{"nesting_mode":"list","block":{"attributes":{"actions":{"type":["list","string"],"description":"The actions to take to add signatures to responses. Possible values: [\"GENERATE_COOKIE\", \"GENERATE_TOKEN_HLS_COOKIELESS\", \"PROPAGATE_TOKEN_HLS_COOKIELESS\"]","description_kind":"plain","required":true},"copied_parameters":{"type":["list","string"],"description":"The parameters to copy from the verified token to the generated token.\n\nOnly the following parameters may be copied:\n\n * 'PathGlobs'\n * 'paths'\n * 'acl'\n * 'URLPrefix'\n * 'IPRanges'\n * 'SessionID'\n * 'id'\n * 'Data'\n * 'data'\n * 'payload'\n * 'Headers'\n\nYou may specify up to 6 parameters to copy. A given parameter is be copied only if the parameter exists in the verified token. Parameter names are matched exactly as specified. The order of the parameters does not matter. Duplicates are not allowed.\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"keyset":{"type":"string","description":"The keyset to use for signature generation.\n\nThe following are both valid paths to an EdgeCacheKeyset resource:\n\n * 'projects/project/locations/global/edgeCacheKeysets/yourKeyset'\n * 'yourKeyset'\n\nThis must be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified. This field may not be specified otherwise.","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to put the generated token.\n\nIf not specified, defaults to 'edge-cache-token'.\n\nIf specified, the name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nThis field may only be set when the GENERATE_TOKEN_HLS_COOKIELESS or PROPAGATE_TOKEN_HLS_COOKIELESS actions are specified.","description_kind":"plain","optional":true},"token_ttl":{"type":"string","description":"The duration the token is valid starting from the moment the token is first generated.\n\nDefaults to '86400s' (1 day).\n\nThe TTL must be \u003e= 0 and \u003c= 604,800 seconds (1 week).\n\nThis field may only be specified when the GENERATE_COOKIE or GENERATE_TOKEN_HLS_COOKIELESS actions are specified.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Enable signature generation or propagation on this route.\n\nThis field may only be specified when signedRequestMode is set to REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1},"cache_key_policy":{"nesting_mode":"list","block":{"attributes":{"exclude_host":{"type":"bool","description":"If true, requests to different hosts will be cached separately.\n\nNote: this should only be enabled if hosts share the same origin and content. Removing the host from the cache key may inadvertently result in different objects being cached than intended, depending on which route the first user matched.","description_kind":"plain","optional":true,"computed":true},"exclude_query_string":{"type":"bool","description":"If true, exclude query string parameters from the cache key\n\nIf false (the default), include the query string parameters in\nthe cache key according to includeQueryParameters and\nexcludeQueryParameters. If neither includeQueryParameters nor\nexcludeQueryParameters is set, the entire query string will be\nincluded.","description_kind":"plain","optional":true},"excluded_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to exclude from cache keys. All other parameters will be included.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true},"include_protocol":{"type":"bool","description":"If true, http and https requests will be cached separately.","description_kind":"plain","optional":true,"computed":true},"included_cookie_names":{"type":["list","string"],"description":"Names of Cookies to include in cache keys. The cookie name and cookie value of each cookie named will be used as part of the cache key.\n\nCookie names:\n - must be valid RFC 6265 \"cookie-name\" tokens\n - are case sensitive\n - cannot start with \"Edge-Cache-\" (case insensitive)\n\n Note that specifying several cookies, and/or cookies that have a large range of values (e.g., per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.\n\n You may specify up to three cookie names.","description_kind":"plain","optional":true},"included_header_names":{"type":["list","string"],"description":"Names of HTTP request headers to include in cache keys. The value of the header field will be used as part of the cache key.\n\n- Header names must be valid HTTP RFC 7230 header field values.\n- Header field names are case insensitive\n- To include the HTTP method, use \":method\"\n\nNote that specifying several headers, and/or headers that have a large range of values (e.g. per-user) will dramatically impact the cache hit rate, and may result in a higher eviction rate and reduced performance.","description_kind":"plain","optional":true},"included_query_parameters":{"type":["list","string"],"description":"Names of query string parameters to include in cache keys. All other parameters will be excluded.\n\nEither specify includedQueryParameters or excludedQueryParameters, not both. '\u0026' and '=' will be percent encoded and not treated as delimiters.","description_kind":"plain","optional":true}},"description":"Defines the request parameters that contribute to the cache key.","description_kind":"plain"},"max_items":1},"signed_token_options":{"nesting_mode":"list","block":{"attributes":{"allowed_signature_algorithms":{"type":["list","string"],"description":"The allowed signature algorithms to use.\n\nDefaults to using only ED25519.\n\nYou may specify up to 3 signature algorithms to use. Possible values: [\"ED25519\", \"HMAC_SHA_256\", \"HMAC_SHA1\"]","description_kind":"plain","optional":true},"token_query_parameter":{"type":"string","description":"The query parameter in which to find the token.\n\nThe name must be 1-64 characters long and match the regular expression '[a-zA-Z]([a-zA-Z0-9_-])*' which means the first character must be a letter, and all following characters must be a dash, underscore, letter or digit.\n\nDefaults to 'edge-cache-token'.","description_kind":"plain","optional":true}},"description":"Additional options for signed tokens.\n\nsignedTokenOptions may only be specified when signedRequestMode is REQUIRE_TOKENS.","description_kind":"plain"},"max_items":1}},"description":"The policy to use for defining caching and signed request behaviour for requests that match this route.","description_kind":"plain"},"max_items":1},"cors_policy":{"nesting_mode":"list","block":{"attributes":{"allow_credentials":{"type":"bool","description":"In response to a preflight request, setting this to true indicates that the actual request can include user credentials.\n\nThis translates to the Access-Control-Allow-Credentials response header.","description_kind":"plain","optional":true},"allow_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"allow_methods":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Methods response header.","description_kind":"plain","optional":true},"allow_origins":{"type":["list","string"],"description":"Specifies the list of origins that will be allowed to do CORS requests.\n\nThis translates to the Access-Control-Allow-Origin response header.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"If true, specifies the CORS policy is disabled. The default value is false, which indicates that the CORS policy is in effect.","description_kind":"plain","optional":true},"expose_headers":{"type":["list","string"],"description":"Specifies the content for the Access-Control-Allow-Headers response header.","description_kind":"plain","optional":true},"max_age":{"type":"string","description":"Specifies how long results of a preflight request can be cached by a client in seconds. Note that many browser clients enforce a maximum TTL of 600s (10 minutes).\n\n- Setting the value to -1 forces a pre-flight check for all requests (not recommended)\n- A maximum TTL of 86400s can be set, but note that (as above) some clients may force pre-flight checks at a more regular interval.\n- This translates to the Access-Control-Max-Age header.\n\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","required":true}},"description":"CORSPolicy defines Cross-Origin-Resource-Sharing configuration, including which CORS response headers will be set.","description_kind":"plain"},"max_items":1},"url_rewrite":{"nesting_mode":"list","block":{"attributes":{"host_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the request's host header is replaced with contents of hostRewrite.","description_kind":"plain","optional":true},"path_prefix_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, the matching portion of the request's path is replaced by pathPrefixRewrite.","description_kind":"plain","optional":true},"path_template_rewrite":{"type":"string","description":"Prior to forwarding the request to the selected origin, if the\nrequest matched a pathTemplateMatch, the matching portion of the\nrequest's path is replaced re-written using the pattern specified\nby pathTemplateRewrite.\n\npathTemplateRewrite must be between 1 and 255 characters\n(inclusive), must start with a '/', and must only use variables\ncaptured by the route's pathTemplate matchers.\n\npathTemplateRewrite may only be used when all of a route's\nMatchRules specify pathTemplate.\n\nOnly one of pathPrefixRewrite and pathTemplateRewrite may be\nspecified.","description_kind":"plain","optional":true}},"description":"The URL rewrite configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"In response to a matching path, the routeAction performs advanced routing actions like URL rewrites, header transformations, etc. prior to forwarding the request to the selected origin.","description_kind":"plain"},"max_items":1},"url_redirect":{"nesting_mode":"list","block":{"attributes":{"host_redirect":{"type":"string","description":"The host that will be used in the redirect response instead of the one that was supplied in the request.","description_kind":"plain","optional":true},"https_redirect":{"type":"bool","description":"If set to true, the URL scheme in the redirected request is set to https. If set to false, the URL scheme of the redirected request will remain the same as that of the request.\n\nThis can only be set if there is at least one (1) edgeSslCertificate set on the service.","description_kind":"plain","optional":true,"computed":true},"path_redirect":{"type":"string","description":"The path that will be used in the redirect response instead of the one that was supplied in the request.\n\npathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.\n\nThe path value must be between 1 and 1024 characters.","description_kind":"plain","optional":true},"prefix_redirect":{"type":"string","description":"The prefix that replaces the prefixMatch specified in the routeRule, retaining the remaining portion of the URL before redirecting the request.\n\nprefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request will be used for the redirect.","description_kind":"plain","optional":true},"redirect_response_code":{"type":"string","description":"The HTTP Status code to use for this RedirectAction.\n\nThe supported values are:\n\n- 'MOVED_PERMANENTLY_DEFAULT', which is the default value and corresponds to 301.\n- 'FOUND', which corresponds to 302.\n- 'SEE_OTHER' which corresponds to 303.\n- 'TEMPORARY_REDIRECT', which corresponds to 307. in this case, the request method will be retained.\n- 'PERMANENT_REDIRECT', which corresponds to 308. in this case, the request method will be retained. Possible values: [\"MOVED_PERMANENTLY_DEFAULT\", \"FOUND\", \"SEE_OTHER\", \"TEMPORARY_REDIRECT\", \"PERMANENT_REDIRECT\"]","description_kind":"plain","optional":true,"computed":true},"strip_query":{"type":"bool","description":"If set to true, any accompanying query portion of the original URL is removed prior to redirecting the request. If set to false, the query portion of the original URL is retained.","description_kind":"plain","optional":true,"computed":true}},"description":"The URL redirect configuration for requests that match this route.","description_kind":"plain"},"max_items":1}},"description":"The routeRules to match against. routeRules support advanced routing behaviour, and can match on paths, headers and query parameters, as well as status codes and HTTP methods.","description_kind":"plain"},"min_items":1,"max_items":200}},"description":"The list of pathMatchers referenced via name by hostRules. PathMatcher is used to match the path portion of the URL when a HostRule matches the URL's host portion.","description_kind":"plain"},"min_items":1,"max_items":10}},"description":"Defines how requests are routed, modified, cached and/or which origin content is filled from.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_network_services_gateway":{"version":0,"block":{"attributes":{"addresses":{"type":["list","string"],"description":"Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,\nan IP from the subnetwork is allocated This field only applies to gateways of type 'SECURE_WEB_GATEWAY'.\nGateways of type 'OPEN_MESH' listen on 0.0.0.0.","description_kind":"plain","optional":true,"computed":true},"certificate_urls":{"type":["list","string"],"description":"A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.\nThis feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Time the AccessPolicy was created in UTC.","description_kind":"plain","computed":true},"delete_swg_autogen_router_on_destroy":{"type":"bool","description":"When deleting a gateway of type 'SECURE_WEB_GATEWAY', this boolean option will also delete auto generated router by the gateway creation.\nIf there is no other gateway of type 'SECURE_WEB_GATEWAY' remaining for that region and network it will be deleted.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A free-text description of the resource. Max length 1024 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway_security_policy":{"type":"string","description":"A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.\nFor example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.\nThis policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of label tags associated with the Gateway resource.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location of the gateway.\nThe default value is 'global'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Short name of the Gateway resource to be created.","description_kind":"plain","required":true},"network":{"type":"string","description":"The relative resource name identifying the VPC network that is using this configuration.\nFor example: 'projects/*/global/networks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.","description_kind":"plain","optional":true},"ports":{"type":["list","number"],"description":"One or more port numbers (1-65535), on which the Gateway will receive traffic.\nThe proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are\nlimited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope":{"type":"string","description":"Immutable. Scope determines how configuration across multiple Gateway instances are merged.\nThe configuration for multiple Gateway instances with the same scope will be merged as presented as\na single coniguration to the proxy/load balancer.\nMax length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"Server-defined URL of this resource.","description_kind":"plain","computed":true},"server_tls_policy":{"type":"string","description":"A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.\nIf empty, TLS termination is disabled.","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"The relative resource name identifying the subnetwork in which this SWG is allocated.\nFor example: 'projects/*/regions/us-central1/subnetworks/network-1'.\nCurrently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Immutable. The type of the customer-managed gateway. Possible values are: * OPEN_MESH * SECURE_WEB_GATEWAY. Possible values: [\"TYPE_UNSPECIFIED\", \"OPEN_MESH\", \"SECURE_WEB_GATEWAY\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the AccessPolicy was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_environment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this environment.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Display name of this environment for the UI.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name specified for the Environment instance.\nFormat: projects/{project_id}/locations/{location}/environments/{environmentId}","description_kind":"plain","required":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance fully boots up.\nThe path must be a URL or Cloud Storage path. Example: \"gs://path-to-file/file-name\"","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance":{"version":1,"block":{"attributes":{"boot_disk_size_gb":{"type":"number","description":"The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). The minimum recommended value is 100 GB.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"boot_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"Instance creation time","description_kind":"plain","optional":true,"computed":true},"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"data_disk_size_gb":{"type":"number","description":"The size of the data disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB).\nYou can choose the size of the data disk based on how big your notebooks and data are.\nIf not specified, this defaults to 100.","description_kind":"plain","optional":true},"data_disk_type":{"type":"string","description":"Possible disk types for notebook instances. Possible values: [\"DISK_TYPE_UNSPECIFIED\", \"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the Notebook Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disk_encryption":{"type":"string","description":"Disk encryption method used on the boot and data disks, defaults to GMEK. Possible values: [\"DISK_ENCRYPTION_UNSPECIFIED\", \"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"install_gpu_driver":{"type":"bool","description":"Whether the end user authorizes Google Cloud to install GPU driver\non this instance. If this field is empty or set to false, the GPU driver\nwon't be installed. Only applicable to instances with GPUs.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"The list of owners of this instance after creation.\nFormat: alias@example.com.\nCurrently supports one owner only.\nIf not specified, all of the service account users of\nyour VM instance's service account can use the instance.","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"The KMS key used to encrypt the disks, only applicable if diskEncryption is CMEK.\nFormat: projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this instance. These can be later modified by the setLabels method.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"machine_type":{"type":"string","description":"A reference to a machine type which defines VM kind.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"Custom metadata to apply to this instance.\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name specified for the Notebook instance.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of the VPC that this instance is in.\nFormat: projects/{project_id}/global/networks/{network_id}","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"The type of vNIC driver. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"no_proxy_access":{"type":"bool","description":"The notebook instance will not register with the proxy..","description_kind":"plain","optional":true},"no_public_ip":{"type":"bool","description":"No public IP will be assigned to this instance.","description_kind":"plain","optional":true},"no_remove_data_disk":{"type":"bool","description":"If true, the data disk will not be auto deleted when deleting the instance.","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a\nnotebook instance fully boots up. The path must be a URL\nor Cloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the Jupyter notebook.\nOnly returned when the resource is in a 'PROVISIONED' state. If\nneeded you can utilize 'terraform apply -refresh-only' to await\nthe population of this value.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account on this instance, giving access to other\nGoogle Cloud services. You can use any service account within\nthe same project, but you must have the service account user\npermission to use the instance. If not specified,\nthe Compute Engine default service account is used.","description_kind":"plain","optional":true,"computed":true},"service_account_scopes":{"type":["list","string"],"description":"Optional. The URIs of service account scopes to be included in Compute Engine instances.\nIf not specified, the following scopes are defined:\n- https://www.googleapis.com/auth/cloud-platform\n- https://www.googleapis.com/auth/userinfo.email","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this instance.","description_kind":"plain","computed":true},"subnet":{"type":"string","description":"The name of the subnet that this instance is in.\nFormat: projects/{project_id}/regions/{region}/subnetworks/{subnetwork_id}","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to instance.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Instance update time.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","required":true},"type":{"type":"string","description":"Type of this accelerator. Possible values: [\"ACCELERATOR_TYPE_UNSPECIFIED\", \"NVIDIA_TESLA_K80\", \"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\", \"NVIDIA_TESLA_A100\", \"TPU_V2\", \"TPU_V3\"]","description_kind":"plain","required":true}},"description":"The hardware accelerator used on this instance. If you use accelerators,\nmake sure that your configuration has enough vCPUs and memory to support the\nmachineType you have selected.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the notebook instance.","description_kind":"plain"},"max_items":1},"reservation_affinity":{"nesting_mode":"list","block":{"attributes":{"consume_reservation_type":{"type":"string","description":"The type of Compute Reservation. Possible values: [\"NO_RESERVATION\", \"ANY_RESERVATION\", \"SPECIFIC_RESERVATION\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Corresponds to the label key of reservation resource.","description_kind":"plain","optional":true},"values":{"type":["list","string"],"description":"Corresponds to the label values of reservation resource.","description_kind":"plain","optional":true}},"description":"Reservation Affinity for consuming Zonal reservation.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled. Enables monitoring and attestation of the\nboot integrity of the instance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image when the instance is created.\nEnabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled. Secure Boot helps ensure that the system only runs\nauthentic software by verifying the digital signature of all boot components, and halting the boot process\nif signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. Check [Images using supported Shielded VM features]\nNot all combinations are valid","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"vm_image":{"nesting_mode":"list","block":{"attributes":{"image_family":{"type":"string","description":"Use this VM image family to find the image; the newest image in this family will be used.","description_kind":"plain","optional":true},"image_name":{"type":"string","description":"Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: projects/{project_id}","description_kind":"plain","required":true}},"description":"Use a Compute Engine VM image to start the notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain","deprecated":true}},"google_notebooks_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_location":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the Location resource.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_notebooks_runtime":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"The health state of this runtime. For a list of possible output\nvalues, see 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#healthstate'.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"A reference to the zone where the machine resides.","description_kind":"plain","required":true},"metrics":{"type":["list",["object",{"system_metrics":["map","string"]}]],"description":"Contains Runtime daemon metrics such as Service status and JupyterLab\nstatus","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name specified for the Notebook runtime.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of this runtime.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"access_config":{"nesting_mode":"list","block":{"attributes":{"access_type":{"type":"string","description":"The type of access mode this instance. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#RuntimeAccessType'.","description_kind":"plain","optional":true},"proxy_uri":{"type":"string","description":"The proxy endpoint that is used to access the runtime.","description_kind":"plain","computed":true},"runtime_owner":{"type":"string","description":"The owner of this runtime after creation. Format: 'alias@example.com'.\nCurrently supports one owner only.","description_kind":"plain","optional":true}},"description":"The config settings for accessing runtime.","description_kind":"plain"},"max_items":1},"software_config":{"nesting_mode":"list","block":{"attributes":{"custom_gpu_driver_path":{"type":"string","description":"Specify a custom Cloud Storage path where the GPU driver is stored.\nIf not specified, we'll automatically choose from official GPU drivers.","description_kind":"plain","optional":true},"enable_health_monitoring":{"type":"bool","description":"Verifies core internal services are running. Default: True.","description_kind":"plain","optional":true},"idle_shutdown":{"type":"bool","description":"Runtime will automatically shutdown after idle_shutdown_time.\nDefault: True","description_kind":"plain","optional":true},"idle_shutdown_timeout":{"type":"number","description":"Time in minutes to wait before shuting down runtime.\nDefault: 180 minutes","description_kind":"plain","optional":true},"install_gpu_driver":{"type":"bool","description":"Install Nvidia Driver automatically.","description_kind":"plain","optional":true},"notebook_upgrade_schedule":{"type":"string","description":"Cron expression in UTC timezone for schedule instance auto upgrade.\nPlease follow the [cron format](https://en.wikipedia.org/wiki/Cron).","description_kind":"plain","optional":true},"post_startup_script":{"type":"string","description":"Path to a Bash script that automatically runs after a notebook instance\nfully boots up. The path must be a URL or\nCloud Storage path (gs://path-to-file/file-name).","description_kind":"plain","optional":true},"post_startup_script_behavior":{"type":"string","description":"Behavior for the post startup script. Possible values: [\"POST_STARTUP_SCRIPT_BEHAVIOR_UNSPECIFIED\", \"RUN_EVERY_START\", \"DOWNLOAD_AND_RUN_EVERY_START\"]","description_kind":"plain","optional":true},"upgradeable":{"type":"bool","description":"Bool indicating whether an newer image is available in an image family.","description_kind":"plain","computed":true}},"block_types":{"kernels":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to use as Kernels in the notebook instance.","description_kind":"plain"}}},"description":"The config settings for software inside the runtime.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"virtual_machine":{"nesting_mode":"list","block":{"attributes":{"instance_id":{"type":"string","description":"The unique identifier of the Managed Compute Engine instance.","description_kind":"plain","computed":true},"instance_name":{"type":"string","description":"The user-friendly name of the Managed Compute Engine instance.","description_kind":"plain","computed":true}},"block_types":{"virtual_machine_config":{"nesting_mode":"list","block":{"attributes":{"guest_attributes":{"type":["map","string"],"description":"The Compute Engine guest attributes. (see [Project and instance\nguest attributes](https://cloud.google.com/compute/docs/\nstoring-retrieving-metadata#guest_attributes)).","description_kind":"plain","computed":true},"internal_ip_only":{"type":"bool","description":"If true, runtime will only have internal IP addresses. By default,\nruntimes are not restricted to internal IP addresses, and will\nhave ephemeral external IP addresses assigned to each vm. This\n'internal_ip_only' restriction can only be enabled for subnetwork\nenabled networks, and all dependencies must be configured to be\naccessible without external IP addresses.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels to associate with this runtime. Label **keys** must\ncontain 1 to 63 characters, and must conform to [RFC 1035]\n(https://www.ietf.org/rfc/rfc1035.txt). Label **values** may be\nempty, but, if present, must contain 1 to 63 characters, and must\nconform to [RFC 1035](https://www.ietf.org/rfc/rfc1035.txt). No\nmore than 32 labels can be associated with a cluster.","description_kind":"plain","optional":true,"computed":true},"machine_type":{"type":"string","description":"The Compute Engine machine type used for runtimes.","description_kind":"plain","required":true},"metadata":{"type":["map","string"],"description":"The Compute Engine metadata entries to add to virtual machine.\n(see [Project and instance metadata](https://cloud.google.com\n/compute/docs/storing-retrieving-metadata#project_and_instance\n_metadata)).","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"The Compute Engine network to be used for machine communications.\nCannot be specified with subnetwork. If neither 'network' nor\n'subnet' is specified, the \"default\" network of the project is\nused, if it exists. A full URL or partial URI. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/global/default'\n * 'projects/[project_id]/regions/global/default'\nRuntimes are managed resources inside Google Infrastructure.\nRuntimes support the following network configurations:\n * Google Managed Network (Network \u0026 subnet are empty)\n * Consumer Project VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.\n * Shared VPC (network \u0026 subnet are required). Requires\n configuring Private Service Access.","description_kind":"plain","optional":true},"nic_type":{"type":"string","description":"The type of vNIC to be used on this interface. This may be gVNIC\nor VirtioNet. Possible values: [\"UNSPECIFIED_NIC_TYPE\", \"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"reserved_ip_range":{"type":"string","description":"Reserved IP Range name is used for VPC Peering. The\nsubnetwork allocation will use the range *name* if it's assigned.","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"The Compute Engine subnetwork to be used for machine\ncommunications. Cannot be specified with network. A full URL or\npartial URI are valid. Examples:\n * 'https://www.googleapis.com/compute/v1/projects/[project_id]/\n regions/us-east1/subnetworks/sub0'\n * 'projects/[project_id]/regions/us-east1/subnetworks/sub0'","description_kind":"plain","optional":true},"tags":{"type":["list","string"],"description":"The Compute Engine tags to add to runtime (see [Tagging instances]\n(https://cloud.google.com/compute/docs/\nlabel-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The zone where the virtual machine is located.","description_kind":"plain","computed":true}},"block_types":{"accelerator_config":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"number","description":"Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Accelerator model. For valid values, see\n'https://cloud.google.com/vertex-ai/docs/workbench/reference/\nrest/v1/projects.locations.runtimes#AcceleratorType'","description_kind":"plain","optional":true}},"description":"The Compute Engine accelerator configuration for this runtime.","description_kind":"plain"},"max_items":1},"container_images":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a list of container images to start the notebook instance.","description_kind":"plain"}},"data_disk":{"nesting_mode":"list","block":{"attributes":{"auto_delete":{"type":"bool","description":"Optional. Specifies whether the disk will be auto-deleted\nwhen the instance is deleted (but not when the disk is\ndetached from the instance).","description_kind":"plain","computed":true},"boot":{"type":"bool","description":"Optional. Indicates that this is a boot disk. The virtual\nmachine will use the first partition of the disk for its\nroot filesystem.","description_kind":"plain","computed":true},"device_name":{"type":"string","description":"Optional. Specifies a unique device name of your choice\nthat is reflected into the /dev/disk/by-id/google-* tree\nof a Linux operating system running within the instance.\nThis name can be used to reference the device for mounting,\nresizing, and so on, from within the instance.\nIf not specified, the server chooses a default device name\nto apply to this disk, in the form persistent-disk-x, where\nx is a number assigned by Google Compute Engine. This field\nis only applicable for persistent disks.","description_kind":"plain","computed":true},"guest_os_features":{"type":["list","string"],"description":"Indicates a list of features to enable on the guest operating\nsystem. Applicable only for bootable images. To see a list of\navailable features, read 'https://cloud.google.com/compute/docs/\nimages/create-delete-deprecate-private-images#guest-os-features'\noptions. ''","description_kind":"plain","computed":true},"index":{"type":"number","description":"Output only. A zero-based index to this disk, where 0 is\nreserved for the boot disk. If you have many disks attached\nto an instance, each disk would have a unique index number.","description_kind":"plain","computed":true},"interface":{"type":"string","description":"\"Specifies the disk interface to use for attaching this disk,\nwhich is either SCSI or NVME. The default is SCSI. Persistent\ndisks must always use SCSI and the request will fail if you attempt\nto attach a persistent disk in any other format than SCSI. Local SSDs\ncan use either NVME or SCSI. For performance characteristics of SCSI\nover NVMe, see Local SSD performance. Valid values: * NVME * SCSI\".","description_kind":"plain","optional":true},"kind":{"type":"string","description":"Type of the resource. Always compute#attachedDisk for attached\ndisks.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Output only. Any valid publicly visible licenses.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode in which to attach this disk, either READ_WRITE\nor READ_ONLY. If not specified, the default is to attach\nthe disk in READ_WRITE mode.","description_kind":"plain","optional":true},"source":{"type":"string","description":"Specifies a valid partial or full URL to an existing\nPersistent Disk resource.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Specifies the type of the disk, either SCRATCH or PERSISTENT.\nIf not specified, the default is PERSISTENT.","description_kind":"plain","optional":true}},"block_types":{"initialize_params":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Provide this property when creating the disk.","description_kind":"plain","optional":true},"disk_name":{"type":"string","description":"Specifies the disk name. If not specified, the default is\nto use the name of the instance. If the disk with the\ninstance name exists already in the given zone/region, a\nnew name will be automatically generated.","description_kind":"plain","optional":true},"disk_size_gb":{"type":"number","description":"Specifies the size of the disk in base-2 GB. If not\nspecified, the disk will be the same size as the image\n(usually 10GB). If specified, the size must be equal to\nor larger than 10GB. Default 100 GB.","description_kind":"plain","optional":true},"disk_type":{"type":"string","description":"The type of the boot disk attached to this runtime,\ndefaults to standard persistent disk. For valid values,\nsee 'https://cloud.google.com/vertex-ai/docs/workbench/\nreference/rest/v1/projects.locations.runtimes#disktype'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. These can be later modified\nby the disks.setLabels method. This field is only\napplicable for persistent disks.","description_kind":"plain","optional":true,"computed":true}},"description":"Input only. Specifies the parameters for a new disk that will\nbe created alongside the new instance. Use initialization\nparameters to create boot disks or local SSDs attached to the\nnew instance. This property is mutually exclusive with the\nsource property; you can only define one or the other, but not\nboth.","description_kind":"plain"},"max_items":1}},"description":"Data disk option configuration settings.","description_kind":"plain"},"min_items":1,"max_items":1},"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key":{"type":"string","description":"The Cloud KMS resource identifier of the customer-managed\nencryption key used to protect a resource, such as a disks.\nIt has the following format:\n'projects/{PROJECT_ID}/locations/{REGION}/keyRings/\n{KEY_RING_NAME}/cryptoKeys/{KEY_NAME}'","description_kind":"plain","optional":true}},"description":"Encryption settings for virtual machine data disk.","description_kind":"plain"},"max_items":1},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Defines whether the instance has integrity monitoring enabled.\nEnables monitoring and attestation of the boot integrity of\nthe instance. The attestation is performed against the\nintegrity policy baseline. This baseline is initially derived\nfrom the implicitly trusted boot image when the instance is\ncreated. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Defines whether the instance has Secure Boot enabled.Secure\nBoot helps ensure that the system only runs authentic software\nby verifying the digital signature of all boot components, and\nhalting the boot process if signature verification fails.\nDisabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Defines whether the instance has the vTPM enabled. Enabled by\ndefault.","description_kind":"plain","optional":true}},"description":"Shielded VM Instance configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Virtual Machine configuration settings.","description_kind":"plain"},"max_items":1}},"description":"Use a Compute Engine VM image to start the managed notebook instance.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_org_policy_custom_constraint":{"version":0,"block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The timestamp representing when the constraint was last updated.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_org_policy_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"Optional. An opaque tag indicating the current state of the policy, used for concurrency control. This 'etag' is computed by the server based on the value of other fields, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Immutable. The resource name of the Policy. Must be one of the following forms, where constraint_name is the name of the constraint which this Policy configures: * `projects/{project_number}/policies/{constraint_name}` * `folders/{folder_id}/policies/{constraint_name}` * `organizations/{organization_id}/policies/{constraint_name}` For example, \"projects/123/policies/compute.disableSerialPortAccess\". Note: `projects/{project_id}/policies/{constraint_name}` is also an acceptable name for API requests, but responses will return the name using the equivalent project number.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The parent of the resource.","description_kind":"plain","required":true}},"block_types":{"dry_run_spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the policy, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current policy to use when executing a read-modify-write loop. When the policy is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this policy. If `inherit_from_parent` is true, policy rules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this policy becomes the new root for evaluation. This field can be set only for policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific constraint at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that policy.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the policy is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"In policies for boolean constraints, the following requirements apply: - There must be one and only one policy rule where condition is unset. - Boolean policy rules with conditions must set `enforced` to the opposite of the policy rule without a condition. - During policy evaluation, policy rules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Dry-run policy. Audit-only policy, can be used to monitor how the policy would have impacted the existing and future resources if it's enforced.","description_kind":"plain"},"max_items":1},"spec":{"nesting_mode":"list","block":{"attributes":{"etag":{"type":"string","description":"An opaque tag indicating the current version of the `Policy`, used for concurrency control. This field is ignored if used in a `CreatePolicy` request. When the `Policy` is returned from either a `GetPolicy` or a `ListPolicies` request, this `etag` indicates the version of the current `Policy` to use when executing a read-modify-write loop. When the `Policy` is returned from a `GetEffectivePolicy` request, the `etag` will be unset.","description_kind":"plain","computed":true},"inherit_from_parent":{"type":"bool","description":"Determines the inheritance behavior for this `Policy`. If `inherit_from_parent` is true, PolicyRules set higher up in the hierarchy (up to the closest root) are inherited and present in the effective policy. If it is false, then no rules are inherited, and this Policy becomes the new root for evaluation. This field can be set only for Policies which configure list constraints.","description_kind":"plain","optional":true},"reset":{"type":"bool","description":"Ignores policies set above this resource and restores the `constraint_default` enforcement behavior of the specific `Constraint` at this resource. This field can be set in policies for either list or boolean constraints. If set, `rules` must be empty and `inherit_from_parent` must be set to false.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time stamp this was previously updated. This represents the last time a call to `CreatePolicy` or `UpdatePolicy` was made for that `Policy`.","description_kind":"plain","computed":true}},"block_types":{"rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are allowed. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"string","description":"Setting this to `\"TRUE\"` means that all values are denied. This field can be set only in Policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"string","description":"If `\"TRUE\"`, then the `Policy` is enforced. If `\"FALSE\"`, then any configuration is acceptable. This field can be set only in Policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A condition which determines whether this rule is used in the evaluation of the policy. When set, the `expression` field in the `Expr' must include from 1 to 10 subexpressions, joined by the \"||\" or \"\u0026\u0026\" operators. Each subexpression must be of the form \"resource.matchTag('/tag_key_short_name, 'tag_value_short_name')\". or \"resource.matchTagId('tagKeys/key_id', 'tagValues/value_id')\". where key_name and value_name are the resource names for Label Keys and Values. These names are available from the Tag Manager Service. An example expression is: \"resource.matchTag('123456789/environment, 'prod')\". or \"resource.matchTagId('tagKeys/123', 'tagValues/456')\".","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this PolicyRule. This field can be set only in Policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Up to 10 PolicyRules are allowed. In Policies for boolean constraints, the following requirements apply: - There must be one and only one PolicyRule where condition is unset. - BooleanPolicyRules with conditions must set `enforced` to the opposite of the PolicyRule without a condition. - During policy evaluation, PolicyRules with conditions that are true for a target resource take precedence.","description_kind":"plain"}}},"description":"Basic information about the Organization Policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"This field will always be unset for the organization since organizations do not have ancestors.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Organization (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.).","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"organizations/{organization_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"organization_id":{"type":"string","description":"ID of the organization of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can be done for individual services.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_organization_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_organization_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format organizations/{{org_id}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to create a custom role.","description_kind":"plain","required":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"role_id":{"type":"string","description":"The role id to use for this role.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_os_policy_assignment":{"version":0,"block":{"attributes":{"baseline":{"type":"bool","description":"Output only. Indicates that this revision has been successfully rolled out in this zone and new VMs will be assigned OS policies from this revision.\nFor a given OS policy assignment, there is only one revision with a value of 'true' for this field.","description_kind":"plain","computed":true},"deleted":{"type":"bool","description":"Output only. Indicates that this revision deletes the OS policy assignment.","description_kind":"plain","computed":true},"description":{"type":"string","description":"OS policy assignment description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"The etag for this OS policy assignment. If this is provided on update, it must match the server's etag.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"Resource name.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"reconciling":{"type":"bool","description":"Output only. Indicates that reconciliation is in progress for the revision. This value is 'true' when the 'rollout_state' is one of:\n* IN_PROGRESS\n* CANCELLING","description_kind":"plain","computed":true},"revision_create_time":{"type":"string","description":"Output only. The timestamp that the revision was created.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Output only. The assignment revision ID A new revision is committed whenever a rollout is triggered for a OS policy assignment","description_kind":"plain","computed":true},"rollout_state":{"type":"string","description":"Output only. OS policy assignment rollout state","description_kind":"plain","computed":true},"skip_await_rollout":{"type":"bool","description":"Set to true to skip awaiting rollout during resource creation and update.","description_kind":"plain","optional":true},"uid":{"type":"string","description":"Output only. Server generated unique id for the OS policy assignment resource.","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VMs in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true}},"block_types":{"exclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM exclusion.\nIf the list has more than one label set, the VM is excluded if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inclusion_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Labels are identified by key/value pairs in this map. A VM should contain all the key/value pairs specified in this map to be selected.","description_kind":"plain","optional":true}},"description":"List of label sets used for VM inclusion.\nIf the list has more than one 'LabelSet', the VM is included if any of the label sets are applicable for the VM.","description_kind":"plain"}},"inventories":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version Prefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*' An empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventories to select VMs.\nA VM is selected if its inventory data matches at least one of the following inventories.","description_kind":"plain"}}},"description":"Filter to select VMs.","description_kind":"plain"},"min_items":1,"max_items":1},"os_policies":{"nesting_mode":"list","block":{"attributes":{"allow_no_resource_group_match":{"type":"bool","description":"This flag determines the OS policy compliance status when none of the resource groups within the policy are applicable for a VM. Set this value to 'true' if the policy needs to be reported as compliant even if the policy has nothing to validate or enforce.","description_kind":"plain","optional":true},"description":{"type":"string","description":"Policy description. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description":"The id of the OS policy with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the assignment.","description_kind":"plain","required":true},"mode":{"type":"string","description":"Policy mode Possible values: [\"MODE_UNSPECIFIED\", \"VALIDATION\", \"ENFORCEMENT\"]","description_kind":"plain","required":true}},"block_types":{"resource_groups":{"nesting_mode":"list","block":{"block_types":{"inventory_filters":{"nesting_mode":"list","block":{"attributes":{"os_short_name":{"type":"string","description":"The OS short name","description_kind":"plain","required":true},"os_version":{"type":"string","description":"The OS version\nPrefix matches are supported if asterisk(*) is provided as the last character. For example, to match all versions with a major version of '7', specify the following value for this field '7.*'\nAn empty string matches all OS versions.","description_kind":"plain","optional":true}},"description":"List of inventory filters for the resource group.\nThe resources in this resource group are applied to the target VM if it satisfies at least one of the following inventory filters.\nFor example, to apply this resource group to VMs running either 'RHEL' or 'CentOS' operating systems, specify 2 items for the list with following values: inventory_filters[0].os_short_name='rhel' and inventory_filters[1].os_short_name='centos'\nIf the list is empty, this resource group will be applied to the target VM unconditionally.","description_kind":"plain"}},"resources":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The id of the resource with the following restrictions:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the OS policy.","description_kind":"plain","required":true}},"block_types":{"exec":{"nesting_mode":"list","block":{"block_types":{"enforce":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to bring this resource into the desired state. An exit code of 100 indicates \"success\", any other exit code indicates a failure running enforce.","description_kind":"plain"},"max_items":1},"validate":{"nesting_mode":"list","block":{"attributes":{"args":{"type":["list","string"],"description":"Optional arguments to pass to the source during execution.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use. Possible values: [\"INTERPRETER_UNSPECIFIED\", \"NONE\", \"SHELL\", \"POWERSHELL\"]","description_kind":"plain","required":true},"output_file_path":{"type":"string","description":"Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.","description_kind":"plain","optional":true},"script":{"type":"string","description":"An inline script. The size of the script is limited to 1024 characters.","description_kind":"plain","optional":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local file.","description_kind":"plain"},"max_items":1}},"description":"What to run to validate this resource is in the desired state. An exit code of 100 indicates \"in desired state\", and exit code of 101 indicates \"not in desired state\". Any other exit code indicates a failure running validate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Exec resource","description_kind":"plain"},"max_items":1},"file":{"nesting_mode":"list","block":{"attributes":{"content":{"type":"string","description":"A a file with this content. The size of the content is limited to 1024 characters.","description_kind":"plain","optional":true},"path":{"type":"string","description":"The absolute path of the file within the VM.","description_kind":"plain","required":true},"permissions":{"type":"string","description":"Consists of three octal digits which represent, in order, the permissions of the owner, group, and other users for the file (similarly to the numeric mode used in the linux chmod utility). Each digit represents a three bit number with the 4 bit corresponding to the read permissions, the 2 bit corresponds to the write bit, and the one bit corresponds to the execute permission. Default behavior is 755.\nBelow are some examples of permissions and their associated values: read, write, and execute: 7 read and execute: 5 read and write: 6 read only: 4","description_kind":"plain","computed":true},"state":{"type":"string","description":"Desired state of the file. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"PRESENT\", \"ABSENT\", \"CONTENTS_MATCH\"]","description_kind":"plain","required":true}},"block_types":{"file":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A remote or local source.","description_kind":"plain"},"max_items":1}},"description":"File resource","description_kind":"plain"},"max_items":1},"pkg":{"nesting_mode":"list","block":{"attributes":{"desired_state":{"type":"string","description":"The desired state the agent should maintain for this package. Possible values: [\"DESIRED_STATE_UNSPECIFIED\", \"INSTALLED\", \"REMOVED\"]","description_kind":"plain","required":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Apt.","description_kind":"plain"},"max_items":1},"deb":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'dpkg -i package' - install when true: 'apt-get update \u0026\u0026 apt-get -y install package.deb'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"A deb package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"A deb package file.","description_kind":"plain"},"max_items":1},"googet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by GooGet.","description_kind":"plain"},"max_items":1},"msi":{"nesting_mode":"list","block":{"attributes":{"properties":{"type":["list","string"],"description":"Additional properties to use during installation. This should be in the format of Property=Setting. Appended to the defaults of 'ACTION=INSTALL REBOOT=ReallySuppress'.","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"The MSI package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An MSI package.","description_kind":"plain"},"max_items":1},"rpm":{"nesting_mode":"list","block":{"attributes":{"pull_deps":{"type":"bool","description":"Whether dependencies should also be installed. - install when false: 'rpm --upgrade --replacepkgs package.rpm' - install when true: 'yum -y install package.rpm' or 'zypper -y install package.rpm'","description_kind":"plain","optional":true}},"block_types":{"source":{"nesting_mode":"list","block":{"attributes":{"allow_insecure":{"type":"bool","description":"Defaults to false. When false, files are subject to validations based on the file type:\nRemote: A checksum must be specified. Cloud Storage: An object generation number must be specified.","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"A local path within the VM to use.","description_kind":"plain","optional":true}},"block_types":{"gcs":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation":{"type":"number","description":"Generation number of the Cloud Storage object.","description_kind":"plain","optional":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object.","description_kind":"plain"},"max_items":1},"remote":{"nesting_mode":"list","block":{"attributes":{"sha256_checksum":{"type":"string","description":"SHA256 checksum of the remote file.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI from which to fetch the object. It should contain both the protocol and path following the format '{protocol}://{location}'.","description_kind":"plain","required":true}},"description":"A generic remote file.","description_kind":"plain"},"max_items":1}},"description":"An rpm package.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An rpm package file.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by YUM.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Package name.","description_kind":"plain","required":true}},"description":"A package managed by Zypper.","description_kind":"plain"},"max_items":1}},"description":"Package resource","description_kind":"plain"},"max_items":1},"repository":{"nesting_mode":"list","block":{"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"archive_type":{"type":"string","description":"Type of archive files in this repository. Possible values: [\"ARCHIVE_TYPE_UNSPECIFIED\", \"DEB\", \"DEB_SRC\"]","description_kind":"plain","required":true},"components":{"type":["list","string"],"description":"List of components for this repository. Must contain at least one item.","description_kind":"plain","required":true},"distribution":{"type":"string","description":"Distribution of this repository.","description_kind":"plain","required":true},"gpg_key":{"type":"string","description":"URI of the key file for this repository. The agent maintains a keyring at '/etc/apt/trusted.gpg.d/osconfig_agent_managed.gpg'.","description_kind":"plain","optional":true},"uri":{"type":"string","description":"URI for this repository.","description_kind":"plain","required":true}},"description":"An Apt Repository.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The name of the repository.","description_kind":"plain","required":true},"url":{"type":"string","description":"The url of the repository.","description_kind":"plain","required":true}},"description":"A Goo Repository.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the yum config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for resource conflicts.","description_kind":"plain","required":true}},"description":"A Yum Repository.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"base_url":{"type":"string","description":"The location of the repository directory.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The display name of the repository.","description_kind":"plain","optional":true},"gpg_keys":{"type":["list","string"],"description":"URIs of GPG keys.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A one word, unique name for this repository. This is the 'repo id' in the zypper config file and also the 'display_name' if 'display_name' is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.","description_kind":"plain","required":true}},"description":"A Zypper Repository.","description_kind":"plain"},"max_items":1}},"description":"Package repository resource","description_kind":"plain"},"max_items":1}},"description":"List of resources configured for this resource group. The resources are executed in the exact order specified here.","description_kind":"plain"},"min_items":1}},"description":"List of resource groups for the policy. For a particular VM, resource groups are evaluated in the order specified and the first resource group that is applicable is selected and the rest are ignored.\nIf none of the resource groups are applicable for a VM, the VM is considered to be non-compliant w.r.t this policy. This behavior can be toggled by the flag 'allow_no_resource_group_match'","description_kind":"plain"},"min_items":1}},"description":"List of OS policies to be applied to the VMs.","description_kind":"plain"},"min_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"min_wait_duration":{"type":"string","description":"This determines the minimum duration of time to wait after the configuration changes are applied through the current rollout. A VM continues to count towards the 'disruption_budget' at least until this duration of time has passed after configuration changes are applied.","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percent":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout to deploy the OS policy assignment. A rollout is triggered in the following situations: 1) OSPolicyAssignment is created. 2) OSPolicyAssignment is updated and the update contains changes to one of the following fields: - instance_filter - os_policies 3) OSPolicyAssignment is deleted.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_config_patch_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the patch deployment was created. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the patch deployment. Length of the description is limited to 1024 characters.","description_kind":"plain","optional":true},"duration":{"type":"string","description":"Duration of the patch. After the duration ends, the patch times out.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_execute_time":{"type":"string","description":"The last time a patch job was started by this deployment. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"name":{"type":"string","description":"Unique name for the patch deployment resource in a project.\nThe patch deployment name is in the form: projects/{project_id}/patchDeployments/{patchDeploymentId}.","description_kind":"plain","computed":true},"patch_deployment_id":{"type":"string","description":"A name for the patch deployment in the project. When creating a name the following rules apply:\n* Must contain only lowercase letters, numbers, and hyphens.\n* Must start with a letter.\n* Must be between 1-63 characters.\n* Must end with a number or a letter.\n* Must be unique within the project.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"Time the patch deployment was last updated. Timestamp is in RFC3339 text format.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"instance_filter":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"Target all VM instances in the project. If true, no other criteria is permitted.","description_kind":"plain","optional":true},"instance_name_prefixes":{"type":["list","string"],"description":"Targets VMs whose name starts with one of these prefixes. Similar to labels, this is another way to group\nVMs when targeting configs, for example prefix=\"prod-\".","description_kind":"plain","optional":true},"instances":{"type":["list","string"],"description":"Targets any of the VM instances specified. Instances are specified by their URI in the 'form zones/{{zone}}/instances/{{instance_name}}',\n'projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}', or\n'https://www.googleapis.com/compute/v1/projects/{{project_id}}/zones/{{zone}}/instances/{{instance_name}}'","description_kind":"plain","optional":true},"zones":{"type":["list","string"],"description":"Targets VM instances in ANY of these zones. Leave empty to target VM instances in any zone.","description_kind":"plain","optional":true}},"block_types":{"group_labels":{"nesting_mode":"list","block":{"attributes":{"labels":{"type":["map","string"],"description":"Compute Engine instance labels that must be present for a VM instance to be targeted by this filter","description_kind":"plain","required":true}},"description":"Targets VM instances matching ANY of these GroupLabels. This allows targeting of disparate groups of VM instances.","description_kind":"plain"}}},"description":"VM instances to patch.","description_kind":"plain"},"min_items":1,"max_items":1},"one_time_schedule":{"nesting_mode":"list","block":{"attributes":{"execute_time":{"type":"string","description":"The desired patch job execution time. A timestamp in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","required":true}},"description":"Schedule a one-time execution.","description_kind":"plain"},"max_items":1},"patch_config":{"nesting_mode":"list","block":{"attributes":{"mig_instances_allowed":{"type":"bool","description":"Allows the patch job to run on Managed instance groups (MIGs).","description_kind":"plain","optional":true},"reboot_config":{"type":"string","description":"Post-patch reboot settings. Possible values: [\"DEFAULT\", \"ALWAYS\", \"NEVER\"]","description_kind":"plain","optional":true}},"block_types":{"apt":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"type":{"type":"string","description":"By changing the type to DIST, the patching is performed using apt-get dist-upgrade instead. Possible values: [\"DIST\", \"UPGRADE\"]","description_kind":"plain","optional":true}},"description":"Apt update settings. Use this setting to override the default apt patch rules.","description_kind":"plain"},"max_items":1},"goo":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain","required":true}},"description":"goo update settings. Use this setting to override the default goo patch rules.","description_kind":"plain"},"max_items":1},"post_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run after the patch update.","description_kind":"plain"},"max_items":1},"pre_step":{"nesting_mode":"list","block":{"block_types":{"linux_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Linux VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1},"windows_exec_step_config":{"nesting_mode":"list","block":{"attributes":{"allowed_success_codes":{"type":["list","number"],"description":"Defaults to [0]. A list of possible return values that the execution can return to indicate a success.","description_kind":"plain","optional":true},"interpreter":{"type":"string","description":"The script interpreter to use to run the script. If no interpreter is specified the script will\nbe executed directly, which will likely only succeed for scripts with shebang lines. Possible values: [\"SHELL\", \"POWERSHELL\"]","description_kind":"plain","optional":true},"local_path":{"type":"string","description":"An absolute path to the executable on the VM.","description_kind":"plain","optional":true}},"block_types":{"gcs_object":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"Bucket of the Cloud Storage object.","description_kind":"plain","required":true},"generation_number":{"type":"string","description":"Generation number of the Cloud Storage object. This is used to ensure that the ExecStep specified by this PatchJob does not change.","description_kind":"plain","required":true},"object":{"type":"string","description":"Name of the Cloud Storage object.","description_kind":"plain","required":true}},"description":"A Cloud Storage object containing the executable.","description_kind":"plain"},"max_items":1}},"description":"The ExecStepConfig for all Windows VMs targeted by the PatchJob.","description_kind":"plain"},"max_items":1}},"description":"The ExecStep to run before the patch update.","description_kind":"plain"},"max_items":1},"windows_update":{"nesting_mode":"list","block":{"attributes":{"classifications":{"type":["list","string"],"description":"Only apply updates of these windows update classifications. If empty, all updates are applied. Possible values: [\"CRITICAL\", \"SECURITY\", \"DEFINITION\", \"DRIVER\", \"FEATURE_PACK\", \"SERVICE_PACK\", \"TOOL\", \"UPDATE_ROLLUP\", \"UPDATE\"]","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of KBs to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of kbs to be updated. These are the only patches that will be updated.\nThis field must not be used with other patch configurations.","description_kind":"plain","optional":true}},"description":"Windows update settings. Use this setting to override the default Windows patch rules.","description_kind":"plain"},"max_items":1},"yum":{"nesting_mode":"list","block":{"attributes":{"excludes":{"type":["list","string"],"description":"List of packages to exclude from update. These packages will be excluded.","description_kind":"plain","optional":true},"exclusive_packages":{"type":["list","string"],"description":"An exclusive list of packages to be updated. These are the only packages that will be updated.\nIf these packages are not installed, they will be ignored. This field cannot be specified with\nany other patch configuration fields.","description_kind":"plain","optional":true},"minimal":{"type":"bool","description":"Will cause patch to run yum update-minimal instead.","description_kind":"plain","optional":true},"security":{"type":"bool","description":"Adds the --security flag to yum update. Not supported on all platforms.","description_kind":"plain","optional":true}},"description":"Yum update settings. Use this setting to override the default yum patch rules.","description_kind":"plain"},"max_items":1},"zypper":{"nesting_mode":"list","block":{"attributes":{"categories":{"type":["list","string"],"description":"Install only patches with these categories. Common categories include security, recommended, and feature.","description_kind":"plain","optional":true},"excludes":{"type":["list","string"],"description":"List of packages to exclude from update.","description_kind":"plain","optional":true},"exclusive_patches":{"type":["list","string"],"description":"An exclusive list of patches to be updated. These are the only patches that will be installed using 'zypper patch patch:' command.\nThis field must not be used with any other patch configuration fields.","description_kind":"plain","optional":true},"severities":{"type":["list","string"],"description":"Install only patches with these severities. Common severities include critical, important, moderate, and low.","description_kind":"plain","optional":true},"with_optional":{"type":"bool","description":"Adds the --with-optional flag to zypper patch.","description_kind":"plain","optional":true},"with_update":{"type":"bool","description":"Adds the --with-update flag, to zypper patch.","description_kind":"plain","optional":true}},"description":"zypper update settings. Use this setting to override the default zypper patch rules.","description_kind":"plain"},"max_items":1}},"description":"Patch configuration that is applied.","description_kind":"plain"},"max_items":1},"recurring_schedule":{"nesting_mode":"list","block":{"attributes":{"end_time":{"type":"string","description":"The end time at which a recurring patch deployment schedule is no longer active.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_execute_time":{"type":"string","description":"The time the last patch job ran successfully.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"next_execute_time":{"type":"string","description":"The time the next patch job is scheduled to run.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"start_time":{"type":"string","description":"The time that the recurring schedule becomes effective. Defaults to createTime of the patch deployment.\nA timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true}},"block_types":{"monthly":{"nesting_mode":"list","block":{"attributes":{"month_day":{"type":"number","description":"One day of the month. 1-31 indicates the 1st to the 31st day. -1 indicates the last day of the month.\nMonths without the target day will be skipped. For example, a schedule to run \"every month on the 31st\"\nwill not run in February, April, June, etc.","description_kind":"plain","optional":true}},"block_types":{"week_day_of_month":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"A day of the week. Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"day_offset":{"type":"number","description":"Represents the number of days before or after the given week day of month that the patch deployment is scheduled for.","description_kind":"plain","optional":true},"week_ordinal":{"type":"number","description":"Week number in a month. 1-4 indicates the 1st to 4th week of the month. -1 indicates the last week of the month.","description_kind":"plain","required":true}},"description":"Week day in a month.","description_kind":"plain"},"max_items":1}},"description":"Schedule with monthly executions.","description_kind":"plain"},"max_items":1},"time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59. An API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Time of the day to run a recurring deployment.","description_kind":"plain"},"min_items":1,"max_items":1},"time_zone":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\".","description_kind":"plain","required":true},"version":{"type":"string","description":"IANA Time Zone Database version number, e.g. \"2019a\".","description_kind":"plain","optional":true}},"description":"Defines the time zone that timeOfDay is relative to. The rules for daylight saving time are\ndetermined by the chosen time zone.","description_kind":"plain"},"min_items":1,"max_items":1},"weekly":{"nesting_mode":"list","block":{"attributes":{"day_of_week":{"type":"string","description":"IANA Time Zone Database time zone, e.g. \"America/New_York\". Possible values: [\"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true}},"description":"Schedule with weekly executions.","description_kind":"plain"},"max_items":1}},"description":"Schedule recurring executions.","description_kind":"plain"},"max_items":1},"rollout":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"Mode of the patch rollout. Possible values: [\"ZONE_BY_ZONE\", \"CONCURRENT_ZONES\"]","description_kind":"plain","required":true}},"block_types":{"disruption_budget":{"nesting_mode":"list","block":{"attributes":{"fixed":{"type":"number","description":"Specifies a fixed value.","description_kind":"plain","optional":true},"percentage":{"type":"number","description":"Specifies the relative value defined as a percentage, which will be multiplied by a reference value.","description_kind":"plain","optional":true}},"description":"The maximum number (or percentage) of VMs per zone to disrupt at any given moment. The number of VMs calculated from multiplying the percentage by the total number of VMs in a zone is rounded up.\nDuring patching, a VM is considered disrupted from the time the agent is notified to begin until patching has completed. This disruption time includes the time to complete reboot and any post-patch steps.\nA VM contributes to the disruption budget if its patching operation fails either when applying the patches, running pre or post patch steps, or if it fails to respond with a success notification before timing out. VMs that are not running or do not have an active agent do not count toward this disruption budget.\nFor zone-by-zone rollouts, if the disruption budget in a zone is exceeded, the patch job stops, because continuing to the next zone requires completion of the patch process in the previous zone.\nFor example, if the disruption budget has a fixed value of 10, and 8 VMs fail to patch in the current zone, the patch job continues to patch 2 VMs at a time until the zone is completed. When that zone is completed successfully, patching begins with 10 VMs at a time in the next zone. If 10 VMs in the next zone fail to patch, the patch job stops.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Rollout strategy of the patch job.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_os_login_ssh_public_key":{"version":0,"block":{"attributes":{"expiration_time_usec":{"type":"string","description":"An expiration time in microseconds since epoch.","description_kind":"plain","optional":true},"fingerprint":{"type":"string","description":"The SHA-256 fingerprint of the SSH public key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key":{"type":"string","description":"Public key text in SSH format, defined by RFC4253 section 6.6.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project ID of the Google Cloud Platform project.","description_kind":"plain","optional":true},"user":{"type":"string","description":"The user email.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CaPool. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this CaPool.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The Tier of this CaPool. Possible values: [\"ENTERPRISE\", \"DEVOPS\"]","description_kind":"plain","required":true}},"block_types":{"issuance_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_lifetime":{"type":"string","description":"The maximum lifetime allowed for issued Certificates. Note that if the issuing CertificateAuthority\nexpires before a Certificate's requested maximumLifetime, the effective lifetime will be explicitly truncated to match it.","description_kind":"plain","optional":true}},"block_types":{"allowed_issuance_modes":{"nesting_mode":"list","block":{"attributes":{"allow_config_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CertificateConfig.","description_kind":"plain","required":true},"allow_csr_based_issuance":{"type":"bool","description":"When true, allows callers to create Certificates by specifying a CSR.","description_kind":"plain","required":true}},"description":"IssuanceModes specifies the allowed ways in which Certificates may be requested from this CaPool.","description_kind":"plain"},"max_items":1},"allowed_key_types":{"nesting_mode":"list","block":{"block_types":{"elliptic_curve":{"nesting_mode":"list","block":{"attributes":{"signature_algorithm":{"type":"string","description":"The algorithm used. Possible values: [\"ECDSA_P256\", \"ECDSA_P384\", \"EDDSA_25519\"]","description_kind":"plain","required":true}},"description":"Represents an allowed Elliptic Curve key type.","description_kind":"plain"},"max_items":1},"rsa":{"nesting_mode":"list","block":{"attributes":{"max_modulus_size":{"type":"string","description":"The maximum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice will not enforce an explicit upper bound on RSA modulus sizes.","description_kind":"plain","optional":true},"min_modulus_size":{"type":"string","description":"The minimum allowed RSA modulus size, in bits. If this is not set, or if set to zero, the\nservice-level min RSA modulus size will continue to apply.","description_kind":"plain","optional":true}},"description":"Describes an RSA key that may be used in a Certificate issued from a CaPool.","description_kind":"plain"},"max_items":1}},"description":"If any AllowedKeyType is specified, then the certificate request's public key must match one of the key types listed here.\nOtherwise, any key may be used.","description_kind":"plain"}},"baseline_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"A set of X.509 values that will be applied to all certificates issued through this CaPool. If a certificate request\nincludes conflicting values for the same properties, they will be overwritten by the values defined here. If a certificate\nrequest uses a CertificateTemplate that defines conflicting predefinedValues for the same properties, the certificate\nissuance request will fail.","description_kind":"plain"},"max_items":1},"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"If this is set, the SubjectAltNames extension may be copied from a certificate request into the signed certificate.\nOtherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"If this is set, the Subject field may be copied from a certificate request into the signed certificate.\nOtherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a\ncertificate is signed. To see the full allowed syntax and some examples,\nsee https://cloud.google.com/certificate-authority-service/docs/cel-guide","description_kind":"plain"},"max_items":1}},"description":"Describes constraints on identities that may appear in Certificates issued through this CaPool.\nIf this is omitted, then this CaPool will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1}},"description":"The IssuancePolicy to control how Certificates will be issued from this CaPool.","description_kind":"plain"},"max_items":1},"publishing_options":{"nesting_mode":"list","block":{"attributes":{"encoding_format":{"type":"string","description":"Specifies the encoding format of each CertificateAuthority's CA\ncertificate and CRLs. If this is omitted, CA certificates and CRLs\nwill be published in PEM. Possible values: [\"PEM\", \"DER\"]","description_kind":"plain","optional":true},"publish_ca_cert":{"type":"bool","description":"When true, publishes each CertificateAuthority's CA certificate and includes its URL in the \"Authority Information Access\"\nX.509 extension in all issued Certificates. If this is false, the CA certificate will not be published and the corresponding\nX.509 extension will not be written in issued certificates.","description_kind":"plain","required":true},"publish_crl":{"type":"bool","description":"When true, publishes each CertificateAuthority's CRL and includes its URL in the \"CRL Distribution Points\" X.509 extension\nin all issued Certificates. If this is false, CRLs will not be published and the corresponding X.509 extension will not\nbe written in issued certificates. CRLs will expire 7 days from their creation. However, we will rebuild daily. CRLs are\nalso rebuilt shortly after a certificate is revoked.","description_kind":"plain","required":true}},"description":"The PublishingOptions to follow when issuing Certificates from any CertificateAuthority in this CaPool.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_binding":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_member":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate":{"version":0,"block":{"attributes":{"certificate_authority":{"type":"string","description":"The Certificate Authority ID that should issue the certificate. For example, to issue a Certificate from\na Certificate Authority with resource name 'projects/my-project/locations/us-central1/caPools/my-pool/certificateAuthorities/my-ca',\nargument 'pool' should be set to 'projects/my-project/locations/us-central1/caPools/my-pool', argument 'certificate_authority'\nshould be set to 'my-ca'.","description_kind":"plain","optional":true},"certificate_description":{"type":["list",["object",{"aia_issuing_certificate_urls":["list","string"],"authority_key_id":["list",["object",{"key_id":"string"}]],"cert_fingerprint":["list",["object",{"sha256_hash":"string"}]],"crl_distribution_points":["list","string"],"public_key":["list",["object",{"format":"string","key":"string"}]],"subject_description":["list",["object",{"hex_serial_number":"string","lifetime":"string","not_after_time":"string","not_before_time":"string","subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"custom_sans":["list",["object",{"critical":"bool","obect_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_description":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is considered revoked if and only if this field is present.","description_kind":"plain","computed":true},"certificate_template":{"type":"string","description":"The resource name for a CertificateTemplate used to issue this certificate,\nin the format 'projects/*/locations/*/certificateTemplates/*'. If this is specified,\nthe caller must have the necessary permission to use this template. If this is\nomitted, no template will be used. This template must be in the same location\nas the Certificate.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time that this resource was created on the server.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"issuer_certificate_authority":{"type":"string","description":"The resource name of the issuing CertificateAuthority in the format 'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the Certificate. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name for this Certificate.","description_kind":"plain","required":true},"pem_certificate":{"type":"string","description":"Output only. The pem-encoded, signed X.509 certificate.","description_kind":"plain","computed":true},"pem_certificate_chain":{"type":["list","string"],"description":"The chain that may be used to verify the X.509 certificate. Expected to be in issuer-to-root order according to RFC 5246.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description":"Immutable. A pem-encoded X.509 certificate signing request (CSR).","description_kind":"plain","optional":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"revocation_details":{"type":["list",["object",{"revocation_state":"string","revocation_time":"string"}]],"description":"Output only. Details regarding the revocation of this Certificate. This Certificate is\nconsidered revoked if and only if this field is present.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateAuthority was updated.\nThis is in RFC3339 text format.","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"public_key":{"nesting_mode":"list","block":{"attributes":{"format":{"type":"string","description":"The format of the public key. Currently, only PEM format is supported. Possible values: [\"KEY_TYPE_UNSPECIFIED\", \"PEM\"]","description_kind":"plain","required":true},"key":{"type":"string","description":"Required. A public key. When this is specified in a request, the padding and encoding can be any of the options described by the respective 'KeyType' value. When this is generated by the service, it will always be an RFC 5280 SubjectPublicKeyInfo structure containing an algorithm identifier and a key. A base64-encoded string.","description_kind":"plain","optional":true}},"description":"A PublicKey describes a public key.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexidecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nif both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","optional":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","optional":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","optional":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"config":{"nesting_mode":"list","block":{"block_types":{"subject_config":{"nesting_mode":"list","block":{"block_types":{"subject":{"nesting_mode":"list","block":{"attributes":{"common_name":{"type":"string","description":"The common name of the distinguished name.","description_kind":"plain","required":true},"country_code":{"type":"string","description":"The country code of the subject.","description_kind":"plain","optional":true},"locality":{"type":"string","description":"The locality or city of the subject.","description_kind":"plain","optional":true},"organization":{"type":"string","description":"The organization of the subject.","description_kind":"plain","required":true},"organizational_unit":{"type":"string","description":"The organizational unit of the subject.","description_kind":"plain","optional":true},"postal_code":{"type":"string","description":"The postal code of the subject.","description_kind":"plain","optional":true},"province":{"type":"string","description":"The province, territory, or regional state of the subject.","description_kind":"plain","optional":true},"street_address":{"type":"string","description":"The street address of the subject.","description_kind":"plain","optional":true}},"description":"Contains distinguished name fields such as the location and organization.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_alt_name":{"nesting_mode":"list","block":{"attributes":{"dns_names":{"type":["list","string"],"description":"Contains only valid, fully-qualified host names.","description_kind":"plain","optional":true},"email_addresses":{"type":["list","string"],"description":"Contains only valid RFC 2822 E-mail addresses.","description_kind":"plain","optional":true},"ip_addresses":{"type":["list","string"],"description":"Contains only valid 32-bit IPv4 addresses or RFC 4291 IPv6 addresses.","description_kind":"plain","optional":true},"uris":{"type":["list","string"],"description":"Contains only valid RFC 3986 URIs.","description_kind":"plain","optional":true}},"description":"The subject alternative name fields.","description_kind":"plain"},"max_items":1}},"description":"Specifies some of the values in a certificate that are related to the subject.","description_kind":"plain"},"min_items":1,"max_items":1},"subject_key_id":{"nesting_mode":"list","block":{"attributes":{"key_id":{"type":"string","description":"The value of the KeyId in lowercase hexidecimal.","description_kind":"plain","optional":true}},"description":"When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2..","description_kind":"plain"},"max_items":1},"x509_config":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the\n\"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not this extension is critical (i.e., if the client does not know how to\nhandle this extension, the client should consider this to be an error).","description_kind":"plain","required":true},"value":{"type":"string","description":"The value of this X.509 extension. A base64-encoded string.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Specifies an X.509 extension, which may be used in different parts of X.509 objects like certificates, CSRs, and CRLs.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to true.","description_kind":"plain","required":true},"max_issuer_path_length":{"type":"number","description":"Refers to the \"path length constraint\" in Basic Constraints extension. For a CA certificate, this value describes the depth of\nsubordinate CA certificates that are allowed. If this value is less than 0, the request will fail. Setting the value to 0\nrequires setting 'zero_max_issuer_path_length = true'.","description_kind":"plain","optional":true},"non_ca":{"type":"bool","description":"When true, the \"CA\" in Basic Constraints extension will be set to false.\nIf both 'is_ca' and 'non_ca' are unset, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"zero_max_issuer_path_length":{"type":"bool","description":"When true, the \"path length constraint\" in Basic Constraints extension will be set to 0.\nIf both 'max_issuer_path_length' and 'zero_max_issuer_path_length' are unset,\nthe max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Describes values that are relevant in a CA certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"min_items":1,"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain"}}},"description":"Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"min_items":1,"max_items":1},"name_constraints":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Indicates whether or not the name constraints are marked critical.","description_kind":"plain","required":true},"excluded_dns_names":{"type":["list","string"],"description":"Contains excluded DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"excluded_email_addresses":{"type":["list","string"],"description":"Contains the excluded email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"excluded_ip_ranges":{"type":["list","string"],"description":"Contains the excluded IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"excluded_uris":{"type":["list","string"],"description":"Contains the excluded URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true},"permitted_dns_names":{"type":["list","string"],"description":"Contains permitted DNS names. Any DNS name that can be\nconstructed by simply adding zero or more labels to\nthe left-hand side of the name satisfies the name constraint.\nFor example, 'example.com', 'www.example.com', 'www.sub.example.com'\nwould satisfy 'example.com' while 'example1.com' does not.","description_kind":"plain","optional":true},"permitted_email_addresses":{"type":["list","string"],"description":"Contains the permitted email addresses. The value can be a particular\nemail address, a hostname to indicate all email addresses on that host or\na domain with a leading period (e.g. '.example.com') to indicate\nall email addresses in that domain.","description_kind":"plain","optional":true},"permitted_ip_ranges":{"type":["list","string"],"description":"Contains the permitted IP ranges. For IPv4 addresses, the ranges\nare expressed using CIDR notation as specified in RFC 4632.\nFor IPv6 addresses, the ranges are expressed in similar encoding as IPv4\naddresses.","description_kind":"plain","optional":true},"permitted_uris":{"type":["list","string"],"description":"Contains the permitted URIs that apply to the host part of the name.\nThe value can be a hostname or a domain with a\nleading period (like '.example.com')","description_kind":"plain","optional":true}},"description":"Describes the X.509 name constraints extension.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"An ObjectId specifies an object identifier (OID). These provide context and describe types in ASN.1 messages.","description_kind":"plain","required":true}},"description":"Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Describes how some of the technical X.509 fields in a certificate should be populated.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"key_spec":{"nesting_mode":"list","block":{"attributes":{"algorithm":{"type":"string","description":"The algorithm to use for creating a managed Cloud KMS key for a for a simplified\nexperience. All managed keys will be have their ProtectionLevel as HSM. Possible values: [\"SIGN_HASH_ALGORITHM_UNSPECIFIED\", \"RSA_PSS_2048_SHA256\", \"RSA_PSS_3072_SHA256\", \"RSA_PSS_4096_SHA256\", \"RSA_PKCS1_2048_SHA256\", \"RSA_PKCS1_3072_SHA256\", \"RSA_PKCS1_4096_SHA256\", \"EC_P256_SHA256\", \"EC_P384_SHA384\"]","description_kind":"plain","optional":true},"cloud_kms_key_version":{"type":"string","description":"The resource name for an existing Cloud KMS CryptoKeyVersion in the format\n'projects/*/locations/*/keyRings/*/cryptoKeys/*/cryptoKeyVersions/*'.","description_kind":"plain","optional":true}},"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain"},"min_items":1,"max_items":1},"subordinate_config":{"nesting_mode":"list","block":{"attributes":{"certificate_authority":{"type":"string","description":"This can refer to a CertificateAuthority that was used to create a\nsubordinate CertificateAuthority. This field is used for information\nand usability purposes only. The resource name is in the format\n'projects/*/locations/*/caPools/*/certificateAuthorities/*'.","description_kind":"plain","optional":true}},"block_types":{"pem_issuer_chain":{"nesting_mode":"list","block":{"attributes":{"pem_certificates":{"type":["list","string"],"description":"Expected to be in leaf-to-root order according to RFC 5246.","description_kind":"plain","optional":true}},"description":"Contains the PEM certificate chain for the issuers of this CertificateAuthority,\nbut not pem certificate for this CA itself.","description_kind":"plain"},"max_items":1}},"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. A human-readable description of scenarios this template is intended for.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Optional. Labels with user-defined metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for this CertificateTemplate in the format `projects/*/locations/*/certificateTemplates/*`.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. The time at which this CertificateTemplate was updated.","description_kind":"plain","computed":true}},"block_types":{"identity_constraints":{"nesting_mode":"list","block":{"attributes":{"allow_subject_alt_names_passthrough":{"type":"bool","description":"Required. If this is true, the SubjectAltNames extension may be copied from a certificate request into the signed certificate. Otherwise, the requested SubjectAltNames will be discarded.","description_kind":"plain","required":true},"allow_subject_passthrough":{"type":"bool","description":"Required. If this is true, the Subject field may be copied from a certificate request into the signed certificate. Otherwise, the requested Subject will be discarded.","description_kind":"plain","required":true}},"block_types":{"cel_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"Optional. A CEL expression that may be used to validate the resolved X.509 Subject and/or Subject Alternative Name before a certificate is signed. To see the full allowed syntax and some examples, see https://cloud.google.com/certificate-authority-service/docs/using-cel","description_kind":"plain"},"max_items":1}},"description":"Optional. Describes constraints on identities that may be appear in Certificates issued using this template. If this is omitted, then this template will not add restrictions on a certificate's identity.","description_kind":"plain"},"max_items":1},"passthrough_extensions":{"nesting_mode":"list","block":{"attributes":{"known_extensions":{"type":["list","string"],"description":"Optional. A set of named X.509 extensions. Will be combined with additional_extensions to determine the full set of X.509 extensions.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. A set of ObjectIds identifying custom X.509 extensions. Will be combined with known_extensions to determine the full set of X.509 extensions.","description_kind":"plain"}}},"description":"Optional. Describes the set of X.509 extensions that may appear in a Certificate issued using this CertificateTemplate. If a certificate request sets extensions that don't appear in the passthrough_extensions, those extensions will be dropped. If the issuing CaPool's IssuancePolicy defines baseline_values that don't appear here, the certificate issuance request will fail. If this is omitted, then this template will not add restrictions on a certificate's X.509 extensions. These constraints do not apply to X.509 extensions set in this CertificateTemplate's predefined_values.","description_kind":"plain"},"max_items":1},"predefined_values":{"nesting_mode":"list","block":{"attributes":{"aia_ocsp_servers":{"type":["list","string"],"description":"Optional. Describes Online Certificate Status Protocol (OCSP) endpoint addresses that appear in the \"Authority Information Access\" extension in the certificate.","description_kind":"plain","optional":true}},"block_types":{"additional_extensions":{"nesting_mode":"list","block":{"attributes":{"critical":{"type":"bool","description":"Optional. Indicates whether or not this extension is critical (i.e., if the client does not know how to handle this extension, the client should consider this to be an error).","description_kind":"plain","optional":true},"value":{"type":"string","description":"Required. The value of this X.509 extension.","description_kind":"plain","required":true}},"block_types":{"object_id":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Required. The OID for this X.509 extension.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Describes custom X.509 extensions.","description_kind":"plain"}},"ca_options":{"nesting_mode":"list","block":{"attributes":{"is_ca":{"type":"bool","description":"Optional. Refers to the \"CA\" X.509 extension, which is a boolean value. When this value is missing, the extension will be omitted from the CA certificate.","description_kind":"plain","optional":true},"max_issuer_path_length":{"type":"number","description":"Optional. Refers to the path length restriction X.509 extension. For a CA certificate, this value describes the depth of subordinate CA certificates that are allowed. If this value is less than 0, the request will fail. If this value is missing, the max path length will be omitted from the CA certificate.","description_kind":"plain","optional":true}},"description":"Optional. Describes options in this X509Parameters that are relevant in a CA certificate.","description_kind":"plain"},"max_items":1},"key_usage":{"nesting_mode":"list","block":{"block_types":{"base_key_usage":{"nesting_mode":"list","block":{"attributes":{"cert_sign":{"type":"bool","description":"The key may be used to sign certificates.","description_kind":"plain","optional":true},"content_commitment":{"type":"bool","description":"The key may be used for cryptographic commitments. Note that this may also be referred to as \"non-repudiation\".","description_kind":"plain","optional":true},"crl_sign":{"type":"bool","description":"The key may be used sign certificate revocation lists.","description_kind":"plain","optional":true},"data_encipherment":{"type":"bool","description":"The key may be used to encipher data.","description_kind":"plain","optional":true},"decipher_only":{"type":"bool","description":"The key may be used to decipher only.","description_kind":"plain","optional":true},"digital_signature":{"type":"bool","description":"The key may be used for digital signatures.","description_kind":"plain","optional":true},"encipher_only":{"type":"bool","description":"The key may be used to encipher only.","description_kind":"plain","optional":true},"key_agreement":{"type":"bool","description":"The key may be used in a key agreement protocol.","description_kind":"plain","optional":true},"key_encipherment":{"type":"bool","description":"The key may be used to encipher other keys.","description_kind":"plain","optional":true}},"description":"Describes high-level ways in which a key may be used.","description_kind":"plain"},"max_items":1},"extended_key_usage":{"nesting_mode":"list","block":{"attributes":{"client_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.2. Officially described as \"TLS WWW client authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"code_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.3. Officially described as \"Signing of downloadable executable code client authentication\".","description_kind":"plain","optional":true},"email_protection":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.4. Officially described as \"Email protection\".","description_kind":"plain","optional":true},"ocsp_signing":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.9. Officially described as \"Signing OCSP responses\".","description_kind":"plain","optional":true},"server_auth":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.1. Officially described as \"TLS WWW server authentication\", though regularly used for non-WWW TLS.","description_kind":"plain","optional":true},"time_stamping":{"type":"bool","description":"Corresponds to OID 1.3.6.1.5.5.7.3.8. Officially described as \"Binding the hash of an object to a time\".","description_kind":"plain","optional":true}},"description":"Detailed scenarios in which a key may be used.","description_kind":"plain"},"max_items":1},"unknown_extended_key_usages":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Used to describe extended key usages that are not listed in the KeyUsage.ExtendedKeyUsageOptions message.","description_kind":"plain"}}},"description":"Optional. Indicates the intended use for keys that correspond to a certificate.","description_kind":"plain"},"max_items":1},"policy_ids":{"nesting_mode":"list","block":{"attributes":{"object_id_path":{"type":["list","number"],"description":"Required. The parts of an OID path. The most significant parts of the path come first.","description_kind":"plain","required":true}},"description":"Optional. Describes the X.509 certificate policy object identifiers, per https://tools.ietf.org/html/rfc5280#section-4.2.1.4.","description_kind":"plain"}}},"description":"Optional. A set of X.509 values that will be applied to all issued certificates that use this template. If the certificate request includes conflicting values for the same properties, they will be overwritten by the values defined here. If the issuing CaPool's IssuancePolicy defines conflicting baseline_values for the same properties, the certificate issuance request will fail.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_binding":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_member":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","optional":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","required":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","required":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_access_approval_settings":{"version":0,"block":{"attributes":{"active_key_version":{"type":"string","description":"The asymmetric crypto key version to use for signing approval requests.\nEmpty active_key_version indicates that a Google-managed key should be used for signing.\nThis property will be ignored if set by an ancestor of the resource, and new non-empty values may not be set.","description_kind":"plain","optional":true},"ancestor_has_active_key_version":{"type":"bool","description":"If the field is true, that indicates that an ancestor of this Project has set active_key_version.","description_kind":"plain","computed":true},"enrolled_ancestor":{"type":"bool","description":"If the field is true, that indicates that at least one service is enrolled for Access Approval in one or more ancestors of the Project.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"invalid_key_version":{"type":"bool","description":"If the field is true, that indicates that there is some configuration issue with the active_key_version\nconfigured on this Project (e.g. it doesn't exist or the Access Approval service account doesn't have the\ncorrect permissions on it, etc.) This key version is not necessarily the effective key version at this level,\nas key versions are inherited top-down.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the settings. Format is \"projects/{project_id}/accessApprovalSettings\"","description_kind":"plain","computed":true},"notification_emails":{"type":["set","string"],"description":"A list of email addresses to which notifications relating to approval requests should be sent.\nNotifications relating to a resource will be sent to all emails in the settings of ancestor\nresources of that resource. A maximum of 50 email addresses are allowed.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project id.","description_kind":"plain","deprecated":true,"optional":true},"project_id":{"type":"string","description":"ID of the project of the access approval settings.","description_kind":"plain","required":true}},"block_types":{"enrolled_services":{"nesting_mode":"set","block":{"attributes":{"cloud_product":{"type":"string","description":"The product for which Access Approval will be enrolled. Allowed values are listed (case-sensitive):\n all\n appengine.googleapis.com\n bigquery.googleapis.com\n bigtable.googleapis.com\n cloudkms.googleapis.com\n compute.googleapis.com\n dataflow.googleapis.com\n iam.googleapis.com\n pubsub.googleapis.com\n storage.googleapis.com","description_kind":"plain","required":true},"enrollment_level":{"type":"string","description":"The enrollment level of the service. Default value: \"BLOCK_ALL\" Possible values: [\"BLOCK_ALL\"]","description_kind":"plain","optional":true}},"description":"A list of Google Cloud Services for which the given resource has Access Approval enrolled.\nAccess requests for the resource given by name against any of these services contained here will be required\nto have explicit approval. Enrollment can only be done on an all or nothing basis.\n\nA maximum of 10 enrolled services will be enforced, to be expanded as the set of supported services is expanded.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_default_service_accounts":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action to be performed in the default service accounts. Valid values are: DEPRIVILEGE, DELETE, DISABLE.\n\t\t\t\tNote that DEPRIVILEGE action will ignore the REVERT configuration in the restore_policy.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID where service accounts are created.","description_kind":"plain","required":true},"restore_policy":{"type":"string","description":"The action to be performed in the default service accounts on the resource destroy.\n\t\t\t\tValid values are NONE, REVERT and REVERT_AND_IGNORE_FAILURE. It is applied for any action but in the DEPRIVILEGE.","description_kind":"plain","optional":true},"service_accounts":{"type":["map","string"],"description":"The Service Accounts changed by this resource. It is used for revert the action on the destroy.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_iam_audit_config":{"version":0,"block":{"attributes":{"etag":{"type":"string","description":"The etag of iam policy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description":"Service which will be enabled for audit logging. The special value allServices covers all services.","description_kind":"plain","required":true}},"block_types":{"audit_log_config":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description":"Identities that do not cause logging for this type of permission. Each entry can have one of the following values:user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. group:{emailid}: An email address that represents a Google group. For example, admins@example.com. domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.","description_kind":"plain","optional":true},"log_type":{"type":"string","description":"Permission type for which logging is to be configured. Must be one of DATA_READ, DATA_WRITE, or ADMIN_READ.","description_kind":"plain","required":true}},"description":"The configuration for logging of each type of permission. This can be specified multiple times.","description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"google_project_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_custom_role":{"version":0,"block":{"attributes":{"deleted":{"type":"bool","description":"The current deleted state of the role.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description for the role.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the role in the format projects/{{project}}/roles/{{role_id}}. Like id, this field can be used as a reference in other resources such as IAM role bindings.","description_kind":"plain","computed":true},"permissions":{"type":["set","string"],"description":"The names of the permissions this role grants when bound in an IAM policy. At least one permission must be specified.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"role_id":{"type":"string","description":"The camel case role id to use for this role. Cannot contain - characters.","description_kind":"plain","required":true},"stage":{"type":"string","description":"The current launch stage of the role. Defaults to GA.","description_kind":"plain","optional":true},"title":{"type":"string","description":"A human-readable title for the role.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_project_iam_member_remove":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The IAM principal that should not have the target role.","description_kind":"plain","required":true},"project":{"type":"string","description":"The project id of the target project.","description_kind":"plain","required":true},"role":{"type":"string","description":"The target role that should be removed.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"boolean_policy":{"nesting_mode":"list","block":{"attributes":{"enforced":{"type":"bool","description":"If true, then the Policy is enforced. If false, then any configuration is acceptable.","description_kind":"plain","required":true}},"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain"},"max_items":1},"list_policy":{"nesting_mode":"list","block":{"attributes":{"inherit_from_parent":{"type":"bool","description":"If set to true, the values from the effective Policy of the parent resource are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.","description_kind":"plain","optional":true},"suggested_value":{"type":"string","description":"The Google Cloud Console will try to default to a configuration that matches the value specified in this field.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"allow":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1},"deny":{"nesting_mode":"list","block":{"attributes":{"all":{"type":"bool","description":"The policy allows or denies all values.","description_kind":"plain","optional":true},"values":{"type":["set","string"],"description":"The policy can define specific values that are allowed or denied.","description_kind":"plain","optional":true}},"description":"One or the other must be set.","description_kind":"plain"},"max_items":1}},"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain"},"max_items":1},"restore_policy":{"nesting_mode":"list","block":{"attributes":{"default":{"type":"bool","description":"May only be set to true. If set, then the default Policy is restored.","description_kind":"plain","required":true}},"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","optional":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_project_usage_export_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"The bucket to store reports in.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description":"A prefix for the reports, for instance, the project name.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The project to set the export bucket on. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_public_ca_external_account_key":{"version":0,"block":{"attributes":{"b64_mac_key":{"type":"string","description":"Base64-URL-encoded HS256 key. It is generated by the PublicCertificateAuthorityService\nwhen the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_id":{"type":"string","description":"It is generated by the PublicCertificateAuthorityService when the ExternalAccountKey is created.","description_kind":"plain","computed":true,"sensitive":true},"location":{"type":"string","description":"Location for the externalAccountKey. Currently only 'global' is supported.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Resource name. projects/{project}/locations/{location}/externalAccountKeys/{keyId}.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_reservation":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the reservation.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite reservation.","description_kind":"plain","optional":true},"throughput_capacity":{"type":"number","description":"The reserved throughput capacity. Every unit of throughput capacity is\nequivalent to 1 MiB/s of published messages or 2 MiB/s of subscribed\nmessages.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_subscription":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"topic":{"type":"string","description":"A reference to a Topic resource.","description_kind":"plain","required":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"delivery_config":{"nesting_mode":"list","block":{"attributes":{"delivery_requirement":{"type":"string","description":"When this subscription should send messages to subscribers relative to messages persistence in storage. Possible values: [\"DELIVER_IMMEDIATELY\", \"DELIVER_AFTER_STORED\", \"DELIVERY_REQUIREMENT_UNSPECIFIED\"]","description_kind":"plain","required":true}},"description":"The settings for this subscription's message delivery.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_lite_topic":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the pubsub lite topic.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The zone of the pubsub lite topic.","description_kind":"plain","optional":true}},"block_types":{"partition_config":{"nesting_mode":"list","block":{"attributes":{"count":{"type":"number","description":"The number of partitions in the topic. Must be at least 1.","description_kind":"plain","required":true}},"block_types":{"capacity":{"nesting_mode":"list","block":{"attributes":{"publish_mib_per_sec":{"type":"number","description":"Subscribe throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true},"subscribe_mib_per_sec":{"type":"number","description":"Publish throughput capacity per partition in MiB/s. Must be \u003e= 4 and \u003c= 16.","description_kind":"plain","required":true}},"description":"The capacity configuration.","description_kind":"plain"},"max_items":1}},"description":"The settings for this topic's partitions.","description_kind":"plain"},"max_items":1},"reservation_config":{"nesting_mode":"list","block":{"attributes":{"throughput_reservation":{"type":"string","description":"The Reservation to use for this topic's throughput capacity.","description_kind":"plain","optional":true}},"description":"The settings for this topic's Reservation usage.","description_kind":"plain"},"max_items":1},"retention_config":{"nesting_mode":"list","block":{"attributes":{"per_partition_bytes":{"type":"string","description":"The provisioned storage, in bytes, per partition. If the number of bytes stored\nin any of the topic's partitions grows beyond this value, older messages will be\ndropped to make room for newer ones, regardless of the value of period.","description_kind":"plain","required":true},"period":{"type":"string","description":"How long a published message is retained. If unset, messages will be retained as\nlong as the bytes retained for each partition is below perPartitionBytes. A\nduration in seconds with up to nine fractional digits, terminated by 's'.\nExample: \"3.5s\".","description_kind":"plain","optional":true}},"description":"The settings for a topic's message retention.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema":{"version":0,"block":{"attributes":{"definition":{"type":"string","description":"The definition of the schema.\nThis should contain a string representing the full definition of the schema\nthat is a valid schema definition of the type specified in type. Changes\nto the definition commit new [schema revisions](https://cloud.google.com/pubsub/docs/commit-schema-revision).\nA schema can only have up to 20 revisions, so updates that fail with an\nerror indicating that the limit has been reached require manually\n[deleting old revisions](https://cloud.google.com/pubsub/docs/delete-schema-revision).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID to use for the schema, which will become the final component of the schema's resource name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"type":{"type":"string","description":"The type of the schema definition Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"PROTOCOL_BUFFER\", \"AVRO\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_schema_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"schema":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","optional":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","required":true}},"block_types":{"bigquery_config":{"nesting_mode":"list","block":{"attributes":{"drop_unknown_fields":{"type":"bool","description":"When true and use_topic_schema or use_table_schema is true, any fields that are a part of the topic schema or message schema that\nare not part of the BigQuery table schema are dropped when writing to BigQuery. Otherwise, the schemas must be kept in sync\nand any messages with extra fields are not written and remain in the subscription's backlog.","description_kind":"plain","optional":true},"table":{"type":"string","description":"The name of the table to which to write data, of the form {projectId}:{datasetId}.{tableId}","description_kind":"plain","required":true},"use_table_schema":{"type":"bool","description":"When true, use the BigQuery table's schema as the columns to write to in BigQuery. Messages\nmust be published in JSON format. Only one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"use_topic_schema":{"type":"bool","description":"When true, use the topic's schema as the columns to write to in BigQuery, if it exists.\nOnly one of use_topic_schema and use_table_schema can be set.","description_kind":"plain","optional":true},"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey to additional columns in the table.\nThe subscription name, messageId, and publishTime fields are put in their own columns while all other message properties (other than data) are written to a JSON object in the attributes column.","description_kind":"plain","optional":true}},"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"cloud_storage_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"User-provided name for the Cloud Storage bucket. The bucket must be created by the user. The bucket name must be without any prefix like \"gs://\".","description_kind":"plain","required":true},"filename_prefix":{"type":"string","description":"User-provided prefix for Cloud Storage filename.","description_kind":"plain","optional":true},"filename_suffix":{"type":"string","description":"User-provided suffix for Cloud Storage filename. Must not end in \"/\".","description_kind":"plain","optional":true},"max_bytes":{"type":"number","description":"The maximum bytes that can be written to a Cloud Storage file before a new file is created. Min 1 KB, max 10 GiB.\nThe maxBytes limit may be exceeded in cases where messages are larger than the limit.","description_kind":"plain","optional":true},"max_duration":{"type":"string","description":"The maximum duration that can elapse before a new Cloud Storage file is created. Min 1 minute, max 10 minutes, default 5 minutes.\nMay not exceed the subscription's acknowledgement deadline.\nA duration in seconds with up to nine fractional digits, ending with 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"state":{"type":"string","description":"An output-only field that indicates whether or not the subscription can receive messages.","description_kind":"plain","computed":true}},"block_types":{"avro_config":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, write the subscription name, messageId, publishTime, attributes, and orderingKey as additional fields in the output.","description_kind":"plain","optional":true}},"description":"If set, message data will be written to Cloud Storage in Avro format.","description_kind":"plain"},"max_items":1}},"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"dead_letter_policy":{"nesting_mode":"list","block":{"attributes":{"dead_letter_topic":{"type":"string","description":"The name of the topic to which dead letter messages should be published.\nFormat is 'projects/{project}/topics/{topic}'.\n\nThe Cloud Pub/Sub service account associated with the enclosing subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Publish() to this topic.\n\nThe operation will fail if the topic does not exist.\nUsers should ensure that there is a subscription attached to this topic\nsince messages published to a topic with no subscriptions are lost.","description_kind":"plain","optional":true},"max_delivery_attempts":{"type":"number","description":"The maximum number of delivery attempts for any message. The value must be\nbetween 5 and 100.\n\nThe number of delivery attempts is defined as 1 + (the sum of number of\nNACKs and number of times the acknowledgement deadline has been exceeded for the message).\n\nA NACK is any call to ModifyAckDeadline with a 0 deadline. Note that\nclient libraries may automatically extend ack_deadlines.\n\nThis field will be honored on a best effort basis.\n\nIf this parameter is 0, a default value of 5 is used.","description_kind":"plain","optional":true}},"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain"},"max_items":1},"expiration_policy":{"nesting_mode":"list","block":{"attributes":{"ttl":{"type":"string","description":"Specifies the \"time-to-live\" duration for an associated resource. The\nresource expires if it is not active for a period of ttl.\nIf ttl is set to \"\", the associated resource never expires.\nA duration in seconds with up to nine fractional digits, terminated by 's'.\nExample - \"3.5s\".","description_kind":"plain","required":true}},"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain"},"max_items":1},"push_config":{"nesting_mode":"list","block":{"attributes":{"attributes":{"type":["map","string"],"description":"Endpoint configuration attributes.\n\nEvery endpoint has a set of API supported attributes that can\nbe used to control different aspects of the message delivery.\n\nThe currently supported attribute is x-goog-version, which you\ncan use to change the format of the pushed message. This\nattribute indicates the version of the data expected by\nthe endpoint. This controls the shape of the pushed message\n(i.e., its fields and metadata). The endpoint version is\nbased on the version of the Pub/Sub API.\n\nIf not present during the subscriptions.create call,\nit will default to the version of the API used to make\nsuch call. If not present during a subscriptions.modifyPushConfig\ncall, its value will not be changed. subscriptions.get\ncalls will always return a valid version, even if the\nsubscription was created without this attribute.\n\nThe possible values for this attribute are:\n\n- v1beta1: uses the push format defined in the v1beta1 Pub/Sub API.\n- v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.","description_kind":"plain","optional":true},"push_endpoint":{"type":"string","description":"A URL locating the endpoint to which messages should be pushed.\nFor example, a Webhook endpoint might use\n\"https://example.com/push\".","description_kind":"plain","required":true}},"block_types":{"no_wrapper":{"nesting_mode":"list","block":{"attributes":{"write_metadata":{"type":"bool","description":"When true, writes the Pub/Sub message metadata to\n'x-goog-pubsub-\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request. Writes the\nPub/Sub message attributes to '\u003cKEY\u003e:\u003cVAL\u003e' headers of the HTTP request.","description_kind":"plain","required":true}},"description":"When set, the payload to the push endpoint is not wrapped.Sets the\n'data' field as the HTTP body for delivery.","description_kind":"plain"},"max_items":1},"oidc_token":{"nesting_mode":"list","block":{"attributes":{"audience":{"type":"string","description":"Audience to be used when generating OIDC token. The audience claim\nidentifies the recipients that the JWT is intended for. The audience\nvalue is a single case-sensitive string. Having multiple values (array)\nfor the audience field is not supported. More info about the OIDC JWT\ntoken audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3\nNote: if not specified, the Push endpoint URL will be used.","description_kind":"plain","optional":true},"service_account_email":{"type":"string","description":"Service account email to be used for generating the OIDC token.\nThe caller (for subscriptions.create, subscriptions.patch, and\nsubscriptions.modifyPushConfig RPCs) must have the\niam.serviceAccounts.actAs permission for the service account.","description_kind":"plain","required":true}},"description":"If specified, Pub/Sub will generate and attach an OIDC JWT token as\nan Authorization header in the HTTP request for every pushed message.","description_kind":"plain"},"max_items":1}},"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain"},"max_items":1},"retry_policy":{"nesting_mode":"list","block":{"attributes":{"maximum_backoff":{"type":"string","description":"The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true},"minimum_backoff":{"type":"string","description":"The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true,"computed":true}},"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_subscription_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"ingestion_data_source_settings":{"nesting_mode":"list","block":{"block_types":{"aws_kinesis":{"nesting_mode":"list","block":{"attributes":{"aws_role_arn":{"type":"string","description":"AWS role ARN to be used for Federated Identity authentication with\nKinesis. Check the Pub/Sub docs for how to set up this role and the\nrequired permissions that need to be attached to it.","description_kind":"plain","required":true},"consumer_arn":{"type":"string","description":"The Kinesis consumer ARN to used for ingestion in\nEnhanced Fan-Out mode. The consumer must be already\ncreated and ready to be used.","description_kind":"plain","required":true},"gcp_service_account":{"type":"string","description":"The GCP service account to be used for Federated Identity authentication\nwith Kinesis (via a 'AssumeRoleWithWebIdentity' call for the provided\nrole). The 'awsRoleArn' must be set up with 'accounts.google.com:sub'\nequals to this service account number.","description_kind":"plain","required":true},"stream_arn":{"type":"string","description":"The Kinesis stream ARN to ingest data from.","description_kind":"plain","required":true}},"description":"Settings for ingestion from Amazon Kinesis Data Streams.","description_kind":"plain"},"max_items":1}},"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain"},"max_items":1},"message_storage_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_persistence_regions":{"type":["list","string"],"description":"A list of IDs of GCP regions where messages that are published to\nthe topic may be persisted in storage. Messages published by\npublishers running in non-allowed GCP regions (or running outside\nof GCP altogether) will be routed for storage in one of the\nallowed regions. An empty list means that no regions are allowed,\nand is not a valid configuration.","description_kind":"plain","required":true}},"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain"},"max_items":1},"schema_settings":{"nesting_mode":"list","block":{"attributes":{"encoding":{"type":"string","description":"The encoding of messages validated against schema. Default value: \"ENCODING_UNSPECIFIED\" Possible values: [\"ENCODING_UNSPECIFIED\", \"JSON\", \"BINARY\"]","description_kind":"plain","optional":true},"schema":{"type":"string","description":"The name of the schema that messages published should be\nvalidated against. Format is projects/{project}/schemas/{schema}.\nThe value of this field will be _deleted-schema_\nif the schema has been deleted.","description_kind":"plain","required":true}},"description":"Settings for validating messages published against a schema.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_pubsub_topic_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"topic":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_recaptcha_enterprise_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp corresponding to the creation of this Key.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Human-readable display name of this key. Modifiable by user.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"See [Creating and managing labels](https://cloud.google.com/recaptcha-enterprise/docs/labels).\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field `effective_labels` for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource id for the Key, which is the same as the Site Key itself.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for the resource","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"android_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_package_names":{"type":"bool","description":"If set to true, it means allowed_package_names will not be enforced.","description_kind":"plain","optional":true},"allowed_package_names":{"type":["list","string"],"description":"Android package names of apps allowed to use the key. Example: 'com.companyname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by Android apps.","description_kind":"plain"},"max_items":1},"ios_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_bundle_ids":{"type":"bool","description":"If set to true, it means allowed_bundle_ids will not be enforced.","description_kind":"plain","optional":true},"allowed_bundle_ids":{"type":["list","string"],"description":"iOS bundle ids of apps allowed to use the key. Example: 'com.companyname.productname.appname'","description_kind":"plain","optional":true}},"description":"Settings for keys that can be used by iOS apps.","description_kind":"plain"},"max_items":1},"testing_options":{"nesting_mode":"list","block":{"attributes":{"testing_challenge":{"type":"string","description":"For challenge-based keys only (CHECKBOX, INVISIBLE), all challenge requests for this site will return nocaptcha if NOCAPTCHA, or an unsolvable challenge if UNSOLVABLE_CHALLENGE. Possible values: TESTING_CHALLENGE_UNSPECIFIED, NOCAPTCHA, UNSOLVABLE_CHALLENGE","description_kind":"plain","optional":true,"computed":true},"testing_score":{"type":"number","description":"All assessments for this Key will return this score. Must be between 0 (likely not legitimate) and 1 (likely legitimate) inclusive.","description_kind":"plain","optional":true}},"description":"Options for user acceptance testing.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"waf_settings":{"nesting_mode":"list","block":{"attributes":{"waf_feature":{"type":"string","description":"Supported WAF features. For more information, see https://cloud.google.com/recaptcha-enterprise/docs/usecase#comparison_of_features. Possible values: CHALLENGE_PAGE, SESSION_TOKEN, ACTION_TOKEN, EXPRESS","description_kind":"plain","required":true},"waf_service":{"type":"string","description":"The WAF service that uses this key. Possible values: CA, FASTLY","description_kind":"plain","required":true}},"description":"Settings specific to keys that can be used for WAF (Web Application Firewall).","description_kind":"plain"},"max_items":1},"web_settings":{"nesting_mode":"list","block":{"attributes":{"allow_all_domains":{"type":"bool","description":"If set to true, it means allowed_domains will not be enforced.","description_kind":"plain","optional":true},"allow_amp_traffic":{"type":"bool","description":"If set to true, the key can be used on AMP (Accelerated Mobile Pages) websites. This is supported only for the SCORE integration type.","description_kind":"plain","optional":true},"allowed_domains":{"type":["list","string"],"description":"Domains or subdomains of websites allowed to use the key. All subdomains of an allowed domain are automatically allowed. A valid domain requires a host and must not include any path, port, query or fragment. Examples: 'example.com' or 'subdomain.example.com'","description_kind":"plain","optional":true},"challenge_security_preference":{"type":"string","description":"Settings for the frequency and difficulty at which this key triggers captcha challenges. This should only be specified for IntegrationTypes CHECKBOX and INVISIBLE. Possible values: CHALLENGE_SECURITY_PREFERENCE_UNSPECIFIED, USABILITY, BALANCE, SECURITY","description_kind":"plain","optional":true,"computed":true},"integration_type":{"type":"string","description":"Required. Describes how this key is integrated with the website. Possible values: SCORE, CHECKBOX, INVISIBLE","description_kind":"plain","required":true}},"description":"Settings for keys that can be used by websites.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_redis_cluster":{"version":0,"block":{"attributes":{"authorization_mode":{"type":"string","description":"Optional. The authorization mode of the Redis cluster. If not provided, auth feature is disabled for the cluster. Default value: \"AUTH_MODE_DISABLED\" Possible values: [\"AUTH_MODE_UNSPECIFIED\", \"AUTH_MODE_IAM_AUTH\", \"AUTH_MODE_DISABLED\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp associated with the cluster creation request. A timestamp in\nRFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional\ndigits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"discovery_endpoints":{"type":["list",["object",{"address":"string","port":"number","psc_config":["list",["object",{"network":"string"}]]}]],"description":"Output only. Endpoints created on each given network,\nfor Redis clients to connect to the cluster.\nCurrently only one endpoint is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Unique name of the resource in this scope including project and location using the form:\nprojects/{projectId}/locations/{locationId}/clusters/{clusterId}","description_kind":"plain","optional":true,"computed":true},"node_type":{"type":"string","description":"The nodeType for the Redis cluster.\nIf not provided, REDIS_HIGHMEM_MEDIUM will be used as default Possible values: [\"REDIS_SHARED_CORE_NANO\", \"REDIS_HIGHMEM_MEDIUM\", \"REDIS_HIGHMEM_XLARGE\", \"REDIS_STANDARD_SMALL\"]","description_kind":"plain","optional":true,"computed":true},"precise_size_gb":{"type":"number","description":"Output only. Redis memory precise size in GB for the entire cluster.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"psc_connections":{"type":["list",["object",{"address":"string","forwarding_rule":"string","network":"string","project_id":"string","psc_connection_id":"string"}]],"description":"Output only. PSC connections for discovery of the cluster topology and accessing the cluster.","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Configure Redis Cluster behavior using a subset of native Redis configuration parameters.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/cluster/supported-instance-configurations","description_kind":"plain","optional":true},"region":{"type":"string","description":"The name of the region of the Redis cluster.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes per shard.","description_kind":"plain","optional":true},"shard_count":{"type":"number","description":"Required. Number of shards for the Redis cluster.","description_kind":"plain","required":true},"size_gb":{"type":"number","description":"Output only. Redis memory size in GB for the entire cluster.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The current state of this cluster. Can be CREATING, READY, UPDATING, DELETING and SUSPENDED","description_kind":"plain","computed":true},"state_info":{"type":["list",["object",{"update_info":["list",["object",{"target_replica_count":"number","target_shard_count":"number"}]]}]],"description":"Output only. Additional information about the current state of the cluster.","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"Optional. The in-transit encryption for the Redis cluster.\nIf not provided, encryption is disabled for the cluster. Default value: \"TRANSIT_ENCRYPTION_MODE_DISABLED\" Possible values: [\"TRANSIT_ENCRYPTION_MODE_UNSPECIFIED\", \"TRANSIT_ENCRYPTION_MODE_DISABLED\", \"TRANSIT_ENCRYPTION_MODE_SERVER_AUTHENTICATION\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System assigned, unique identifier for the cluster.","description_kind":"plain","computed":true}},"block_types":{"psc_configs":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Required. The consumer network where the network address of\nthe discovery endpoint will be reserved, in the form of\nprojects/{network_project_id_or_number}/global/networks/{network_id}.","description_kind":"plain","required":true}},"description":"Required. Each PscConfig configures the consumer network where two\nnetwork addresses will be designated to the cluster for client access.\nCurrently, only one PscConfig is supported.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","optional":true,"computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","optional":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true,"sensitive":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","optional":true,"computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","optional":true,"computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","optional":true,"computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","optional":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true,"computed":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","optional":true,"computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","optional":true,"computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","optional":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"maintenance_policy":{"nesting_mode":"list","block":{"attributes":{"create_time":{"type":"string","description":"Output only. The time when the policy was created.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of what this policy is for.\nCreate/Update methods return INVALID_ARGUMENT if the\nlength is greater than 512.","description_kind":"plain","optional":true},"update_time":{"type":"string","description":"Output only. The time when the policy was last updated.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond\nresolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"weekly_maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"string","description":"Required. The day of week that maintenance updates occur.\n\n- DAY_OF_WEEK_UNSPECIFIED: The day of the week is unspecified.\n- MONDAY: Monday\n- TUESDAY: Tuesday\n- WEDNESDAY: Wednesday\n- THURSDAY: Thursday\n- FRIDAY: Friday\n- SATURDAY: Saturday\n- SUNDAY: Sunday Possible values: [\"DAY_OF_WEEK_UNSPECIFIED\", \"MONDAY\", \"TUESDAY\", \"WEDNESDAY\", \"THURSDAY\", \"FRIDAY\", \"SATURDAY\", \"SUNDAY\"]","description_kind":"plain","required":true},"duration":{"type":"string","description":"Output only. Duration of the maintenance window.\nThe current window is fixed at 1 hour.\nA duration in seconds with up to nine fractional digits,\nterminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true}},"block_types":{"start_time":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.\nAn API may choose to allow the value \"24:00:00\" for scenarios like business closing time.","description_kind":"plain","optional":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","optional":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","optional":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.\nAn API may allow the value 60 if it allows leap-seconds.","description_kind":"plain","optional":true}},"description":"Required. Start time of the window in UTC time.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Optional. Maintenance window that is applied to resources covered by this policy.\nMinimum 1. For the current version, the maximum number\nof weekly_window is expected to be one.","description_kind":"plain"}}},"description":"Maintenance policy for an instance.","description_kind":"plain"},"max_items":1},"persistence_config":{"nesting_mode":"list","block":{"attributes":{"persistence_mode":{"type":"string","description":"Optional. Controls whether Persistence features are enabled. If not provided, the existing value will be used.\n\n- DISABLED: \tPersistence is disabled for the instance, and any existing snapshots are deleted.\n- RDB: RDB based Persistence is enabled. Possible values: [\"DISABLED\", \"RDB\"]","description_kind":"plain","optional":true,"computed":true},"rdb_next_snapshot_time":{"type":"string","description":"Output only. The next time that a snapshot attempt is scheduled to occur.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up\nto nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"rdb_snapshot_period":{"type":"string","description":"Optional. Available snapshot periods for scheduling.\n\n- ONE_HOUR:\tSnapshot every 1 hour.\n- SIX_HOURS:\tSnapshot every 6 hours.\n- TWELVE_HOURS:\tSnapshot every 12 hours.\n- TWENTY_FOUR_HOURS:\tSnapshot every 24 hours. Possible values: [\"ONE_HOUR\", \"SIX_HOURS\", \"TWELVE_HOURS\", \"TWENTY_FOUR_HOURS\"]","description_kind":"plain","optional":true},"rdb_snapshot_start_time":{"type":"string","description":"Optional. Date and time that the first snapshot was/will be attempted,\nand to which future snapshots will be aligned. If not provided,\nthe current time will be used.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution\nand up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true,"computed":true}},"description":"Persistence configuration for an instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_resource_manager_lien":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time of creation","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"A system-generated unique identifier for this Lien.","description_kind":"plain","computed":true},"origin":{"type":"string","description":"A stable, user-visible/meaningful string identifying the origin\nof the Lien, intended to be inspected programmatically. Maximum length of\n200 characters.","description_kind":"plain","required":true},"parent":{"type":"string","description":"A reference to the resource this Lien is attached to.\nThe server will validate the parent against those for which Liens are supported.\nSince a variety of objects can have Liens against them, you must provide the type\nprefix (e.g. \"projects/my-project-name\").","description_kind":"plain","required":true},"reason":{"type":"string","description":"Concise user-visible strings indicating why an action cannot be performed\non a resource. Maximum length of 200 characters.","description_kind":"plain","required":true},"restrictions":{"type":["list","string"],"description":"The types of operations which should be blocked as a result of this Lien.\nEach value should correspond to an IAM permission. The server will validate\nthe permissions against those for which Liens are supported. An empty\nlist is meaningless and will be rejected.\ne.g. ['resourcemanager.projects.delete']","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_event_threat_detection_custom_module":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"Config for the module. For the resident module, its config value is defined at this level.\nFor the inherited module, its config value is inherited from the ancestor module.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The human readable name to be displayed for the module.","description_kind":"plain","optional":true},"enablement_state":{"type":"string","description":"The state of enablement for the module at the given level of the hierarchy. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Event Threat Detection custom module.\nIts format is \"organizations/{organization}/eventThreatDetectionSettings/customModules/{module}\".","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"type":{"type":"string","description":"Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_folder_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"folder":{"type":"string","description":"Numerical ID of the parent folder.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_mute_config":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the mute config was created. This field is set by\nthe server and will be ignored if provided on config creation.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the mute config.","description_kind":"plain","optional":true},"filter":{"type":"string","description":"An expression that defines the filter to apply across create/update\nevents of findings. While creating a filter string, be mindful of\nthe scope in which the mute configuration is being created. E.g.,\nIf a filter contains project = X but is created under the\nproject = Y scope, it might not match any findings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"most_recent_editor":{"type":"string","description":"Email address of the user who last edited the mute config. This\nfield is set by the server and will be ignored if provided on\nconfig creation or update.","description_kind":"plain","computed":true},"mute_config_id":{"type":"string","description":"Unique identifier provided by the client within the parent scope.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the mute config. Its format is\norganizations/{organization}/muteConfigs/{configId},\nfolders/{folder}/muteConfigs/{configId},\nor projects/{project}/muteConfigs/{configId}","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Resource name of the new mute configs's parent. Its format is\n\"organizations/[organization_id]\", \"folders/[folder_id]\", or\n\"projects/[project_id]\".","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. The most recent time at which the mute config was\nupdated. This field is set by the server and will be ignored if\nprovided on config creation or update.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_notification_config":{"version":0,"block":{"attributes":{"config_id":{"type":"string","description":"This must be unique within the organization.","description_kind":"plain","required":true},"description":{"type":"string","description":"The description of the notification config (max of 1024 characters).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this notification config, in the format\n'organizations/{{organization}}/notificationConfigs/{{config_id}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Notification\nConfig lives in.","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Pub/Sub topic to send notifications to. Its format is\n\"projects/[project_id]/topics/[topic]\".","description_kind":"plain","required":true},"service_account":{"type":"string","description":"The service account that needs \"pubsub.topics.publish\" permission to\npublish to the Pub/Sub topic.","description_kind":"plain","computed":true}},"block_types":{"streaming_config":{"nesting_mode":"list","block":{"attributes":{"filter":{"type":"string","description":"Expression that defines the filter to apply across create/update\nevents of assets or findings as specified by the event type. The\nexpression is a list of zero or more restrictions combined via\nlogical operators AND and OR. Parentheses are supported, and OR\nhas higher precedence than AND.\n\nRestrictions have the form \u003cfield\u003e \u003coperator\u003e \u003cvalue\u003e and may have\na - character in front of them to indicate negation. The fields\nmap to those defined in the corresponding resource.\n\nThe supported operators are:\n\n* = for all value types.\n* \u003e, \u003c, \u003e=, \u003c= for integer values.\n* :, meaning substring matching, for strings.\n\nThe supported value types are:\n\n* string literals in quotes.\n* integer literals without quotes.\n* boolean literals true and false without quotes.\n\nSee\n[Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications)\nfor information on how to write a filter.","description_kind":"plain","required":true}},"description":"The config for triggering streaming-based notifications.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_organization_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization, folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"Numerical ID of the parent organization.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_project_custom_module":{"version":0,"block":{"attributes":{"ancestor_module":{"type":"string","description":"If empty, indicates that the custom module was created in the organization,folder,\nor project in which you are viewing the custom module. Otherwise, ancestor_module\nspecifies the organization or folder from which the custom module is inherited.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module. The display name must be between 1 and\n128 characters, start with a lowercase letter, and contain alphanumeric\ncharacters or underscores only.","description_kind":"plain","required":true},"enablement_state":{"type":"string","description":"The enablement state of the custom module. Possible values: [\"ENABLED\", \"DISABLED\"]","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_editor":{"type":"string","description":"The editor that last updated the custom module.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the custom module. Its format is \"projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}\".\nThe id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"update_time":{"type":"string","description":"The time at which the custom module was last updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"custom_config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects. This explanation is returned with each finding instance to\nhelp investigators understand the detected issue. The text must be enclosed in quotation marks.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to resolve\nthe detected issue. This explanation is returned with each finding generated by\nthis module in the nextSteps property of the finding JSON.","description_kind":"plain","required":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","optional":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be specified\nto return the value of the property or a text string enclosed in quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression. This is a longer text which describes the\nexpression, e.g. when hovered over it in a UI.","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a\nfile name and a position in the file.","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose. This can\nbe used e.g. in UIs which allow to enter the expression.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings. When the expression evaluates\nto true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The user specified custom configuration for the module.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"The description of the source (max of 1024 characters).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The source’s display name. A source’s display name must be unique\namongst its siblings, for example, two sources with the same parent\ncan't share the same display name. The display name must start and end\nwith a letter or digit, may contain letters, digits, spaces, hyphens,\nand underscores, and can be no longer than 32 characters.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of this source, in the format\n'organizations/{{organization}}/sources/{{source}}'.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization whose Cloud Security Command Center the Source\nlives in.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_scc_source_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"organization":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","optional":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","optional":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","optional":true}},"block_types":{"replication":{"nesting_mode":"list","block":{"block_types":{"auto":{"nesting_mode":"list","block":{"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads.","description_kind":"plain","required":true}},"description":"The customer-managed encryption configuration of the Secret.\nIf no configuration is provided, Google-managed default\nencryption is used.","description_kind":"plain"},"max_items":1}},"description":"The Secret will automatically be replicated without any restrictions.","description_kind":"plain"},"max_items":1},"user_managed":{"nesting_mode":"list","block":{"block_types":{"replicas":{"nesting_mode":"list","block":{"attributes":{"location":{"type":"string","description":"The canonical IDs of the location to replicate data. For example: \"us-east1\".","description_kind":"plain","required":true}},"block_types":{"customer_managed_encryption":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Describes the Cloud KMS encryption key that will be used to protect destination secret.","description_kind":"plain","required":true}},"description":"Customer Managed Encryption for the secret.","description_kind":"plain"},"max_items":1}},"description":"The list of Replicas for this Secret. Cannot be empty.","description_kind":"plain"},"min_items":1}},"description":"The Secret will be replicated to the regions specified by the user.","description_kind":"plain"},"max_items":1}},"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain"},"min_items":1,"max_items":1},"rotation":{"nesting_mode":"list","block":{"attributes":{"next_rotation_time":{"type":"string","description":"Timestamp in UTC at which the Secret is scheduled to rotate.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"rotation_period":{"type":"string","description":"The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) and at most 3153600000s (100 years).\nIf rotationPeriod is set, 'next_rotation_time' must be set. 'next_rotation_time' will be advanced by this period when the service automatically sends rotation notifications.","description_kind":"plain","optional":true}},"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"topics":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"The resource name of the Pub/Sub topic that will be published to, in the following format: projects/*/topics/*.\nFor publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic.","description_kind":"plain","required":true}},"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain"}}},"description_kind":"plain"}},"google_secret_manager_secret_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the secret version. Setting 'ABANDON' allows the resource\nto be abandoned rather than deleted. Setting 'DISABLE' allows the resource to be\ndisabled rather than deleted. Default is 'DELETE'. Possible values are:\n * DELETE\n * DISABLE\n * ABANDON","description_kind":"plain","optional":true},"destroy_time":{"type":"string","description":"The time at which the Secret was destroyed. Only present if state is DESTROYED.","description_kind":"plain","computed":true},"enabled":{"type":"bool","description":"The current state of the SecretVersion.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_secret_data_base64":{"type":"bool","description":"If set to 'true', the secret data is expected to be base64-encoded string and would be sent as is.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the SecretVersion. Format:\n'projects/{{project}}/secrets/{{secret_id}}/versions/{{version}}'","description_kind":"plain","computed":true},"secret":{"type":"string","description":"Secret Manager secret resource","description_kind":"plain","required":true},"secret_data":{"type":"string","description":"The secret data. Must be no larger than 64KiB.","description_kind":"plain","required":true,"sensitive":true},"version":{"type":"string","description":"The version of the Secret.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Instance was created in UTC.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_config":{"type":["list",["object",{"api":"string","git_http":"string","git_ssh":"string","html":"string"}]],"description":"A list of hostnames for this instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The name for the Instance.","description_kind":"plain","required":true},"kms_key":{"type":"string","description":"Customer-managed encryption key name, in the format projects/*/locations/*/keyRings/*/cryptoKeys/*.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Labels as key value pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the Instance.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the Instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The current state of the Instance.","description_kind":"plain","computed":true},"state_note":{"type":"string","description":"Provides information about the current instance state.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Time the Instance was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"private_config":{"nesting_mode":"list","block":{"attributes":{"ca_pool":{"type":"string","description":"CA pool resource, resource must in the format of 'projects/{project}/locations/{location}/caPools/{ca_pool}'.","description_kind":"plain","required":true},"http_service_attachment":{"type":"string","description":"Service Attachment for HTTP, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true},"is_private":{"type":"bool","description":"'Indicate if it's private instance.'","description_kind":"plain","required":true},"ssh_service_attachment":{"type":"string","description":"Service Attachment for SSH, resource is in the format of 'projects/{project}/regions/{region}/serviceAttachments/{service_attachment}'.","description_kind":"plain","computed":true}},"description":"Private settings for private instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_securityposture_posture":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the Posture was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture.","description_kind":"plain","optional":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Location of the resource, eg: global.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Id of the posture. It is an immutable field.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture.","description_kind":"plain","computed":true},"revision_id":{"type":"string","description":"Revision_id of the posture.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture. Update to state field should not be triggered along with\nwith other field updates. Possible values: [\"DEPRECATED\", \"DRAFT\", \"ACTIVE\"]","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the Posture was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"policy_sets":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy set.","description_kind":"plain","optional":true},"policy_set_id":{"type":"string","description":"ID of the policy set.","description_kind":"plain","required":true}},"block_types":{"policies":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the policy.","description_kind":"plain","optional":true},"policy_id":{"type":"string","description":"ID of the policy.","description_kind":"plain","required":true}},"block_types":{"compliance_standards":{"nesting_mode":"list","block":{"attributes":{"control":{"type":"string","description":"Mapping of security controls for the policy.","description_kind":"plain","optional":true},"standard":{"type":"string","description":"Mapping of compliance standards for the policy.","description_kind":"plain","optional":true}},"description":"Mapping for policy to security standards and controls.","description_kind":"plain"}},"constraint":{"nesting_mode":"list","block":{"block_types":{"org_policy_constraint":{"nesting_mode":"list","block":{"attributes":{"canned_constraint_id":{"type":"string","description":"Organization policy canned constraint Id","description_kind":"plain","required":true}},"block_types":{"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy canned constraint definition.","description_kind":"plain"},"max_items":1},"org_policy_constraint_custom":{"nesting_mode":"list","block":{"block_types":{"custom_constraint":{"nesting_mode":"list","block":{"attributes":{"action_type":{"type":"string","description":"The action to take if the condition is met. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"condition":{"type":"string","description":"A CEL condition that refers to a supported service resource, for example 'resource.management.autoUpgrade == false'. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language).","description_kind":"plain","required":true},"description":{"type":"string","description":"A human-friendly description of the constraint to display as an error message when the policy is violated.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"A human-friendly name for the constraint.","description_kind":"plain","optional":true},"method_types":{"type":["list","string"],"description":"A list of RESTful methods for which to enforce the constraint. Can be 'CREATE', 'UPDATE', or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services).","description_kind":"plain","required":true},"name":{"type":"string","description":"Immutable. The name of the custom constraint. This is unique within the organization.","description_kind":"plain","required":true},"resource_types":{"type":["list","string"],"description":"Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, 'container.googleapis.com/NodePool'.","description_kind":"plain","required":true}},"description":"Organization policy custom constraint definition.","description_kind":"plain"},"max_items":1},"policy_rules":{"nesting_mode":"list","block":{"attributes":{"allow_all":{"type":"bool","description":"Setting this to true means that all values are allowed. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"deny_all":{"type":"bool","description":"Setting this to true means that all values are denied. This field can be set only in policies for list constraints.","description_kind":"plain","optional":true},"enforce":{"type":"bool","description":"If 'true', then the policy is enforced. If 'false', then any configuration is acceptable.\nThis field can be set only in policies for boolean constraints.","description_kind":"plain","optional":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language.\nThis page details the objects and attributes that are used to the build the CEL expressions for\ncustom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec.","description_kind":"plain"},"max_items":1},"values":{"nesting_mode":"list","block":{"attributes":{"allowed_values":{"type":["list","string"],"description":"List of values allowed at this resource.","description_kind":"plain","optional":true},"denied_values":{"type":["list","string"],"description":"List of values denied at this resource.","description_kind":"plain","optional":true}},"description":"List of values to be used for this policy rule. This field can be set only in policies for list constraints.","description_kind":"plain"},"max_items":1}},"description":"Definition of policy rules","description_kind":"plain"},"min_items":1}},"description":"Organization policy custom constraint policy definition.","description_kind":"plain"},"max_items":1},"security_health_analytics_custom_module":{"nesting_mode":"list","block":{"attributes":{"display_name":{"type":"string","description":"The display name of the Security Health Analytics custom module. This\ndisplay name becomes the finding category for all findings that are\nreturned by this custom module.","description_kind":"plain","optional":true},"id":{"type":"string","description":"A server generated id of custom module.","description_kind":"plain","computed":true},"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Text that describes the vulnerability or misconfiguration that the custom\nmodule detects.","description_kind":"plain","optional":true},"recommendation":{"type":"string","description":"An explanation of the recommended steps that security teams can take to\nresolve the detected issue","description_kind":"plain","optional":true},"severity":{"type":"string","description":"The severity to assign to findings generated by the module. Possible values: [\"SEVERITY_UNSPECIFIED\", \"CRITICAL\", \"HIGH\", \"MEDIUM\", \"LOW\"]","description_kind":"plain","required":true}},"block_types":{"custom_output":{"nesting_mode":"list","block":{"block_types":{"properties":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Name of the property for the custom output.","description_kind":"plain","required":true}},"block_types":{"value_expression":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression for the custom output. A resource property can be\nspecified to return the value of the property or a text string enclosed\nin quotation marks.","description_kind":"plain"},"max_items":1}},"description":"A list of custom output properties to add to the finding.","description_kind":"plain"}}},"description":"Custom output properties. A set of optional name-value pairs that define custom source properties to\nreturn with each finding that is generated by the custom module. The custom\nsource properties that are defined here are included in the finding JSON\nunder 'sourceProperties'.","description_kind":"plain"},"max_items":1},"predicate":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description":"Description of the expression","description_kind":"plain","optional":true},"expression":{"type":"string","description":"Textual representation of an expression in Common Expression Language syntax.","description_kind":"plain","required":true},"location":{"type":"string","description":"String indicating the location of the expression for error reporting, e.g. a file name and a position in the file","description_kind":"plain","optional":true},"title":{"type":"string","description":"Title for the expression, i.e. a short string describing its purpose.","description_kind":"plain","optional":true}},"description":"The CEL expression to evaluate to produce findings.When the expression\nevaluates to true against a resource, a finding is generated.","description_kind":"plain"},"min_items":1,"max_items":1},"resource_selector":{"nesting_mode":"list","block":{"attributes":{"resource_types":{"type":["list","string"],"description":"The resource types to run the detector on.","description_kind":"plain","required":true}},"description":"The resource types that the custom module operates on. Each custom module\ncan specify up to 5 resource types.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Custom module details.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Definition of Security Health Analytics Custom Module.","description_kind":"plain"},"max_items":1},"security_health_analytics_module":{"nesting_mode":"list","block":{"attributes":{"module_enablement_state":{"type":"string","description":"The state of enablement for the module at its level of the resource hierarchy. Possible values: [\"ENABLEMENT_STATE_UNSPECIFIED\", \"ENABLED\", \"DISABLED\"]","description_kind":"plain","optional":true},"module_name":{"type":"string","description":"The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.","description_kind":"plain","required":true}},"description":"Security Health Analytics built-in detector definition.","description_kind":"plain"},"max_items":1}},"description":"Policy constraint definition.It can have the definition of one of following constraints: orgPolicyConstraint orgPolicyConstraintCustom securityHealthAnalyticsModule securityHealthAnalyticsCustomModule","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"List of security policy","description_kind":"plain"},"min_items":1}},"description":"List of policy sets for the posture.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_securityposture_posture_deployment":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Time the posture deployment was created in UTC.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the posture deployment.","description_kind":"plain","optional":true},"desired_posture_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture to be deployed.","description_kind":"plain","computed":true},"desired_posture_revision_id":{"type":"string","description":"This is an output only optional field which will be filled in case when\nPostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED.\nIt denotes the desired posture revision_id to be deployed.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"For Resource freshness validation (https://google.aip.dev/154)","description_kind":"plain","computed":true},"failure_message":{"type":"string","description":"This is a output only optional field which will be filled in case where\nPostureDeployment enters a failure state like UPDATE_FAILED or\nCREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's\nCREATE/UPDATE/DELETE methods.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the resource, eg. global'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the posture deployment instance.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The parent of the resource, an organization. Format should be 'organizations/{organization_id}'.","description_kind":"plain","required":true},"posture_deployment_id":{"type":"string","description":"ID of the posture deployment.","description_kind":"plain","required":true},"posture_id":{"type":"string","description":"Relative name of the posture which needs to be deployed. It should be in the format:\n organizations/{organization_id}/locations/{location}/postures/{posture_id}","description_kind":"plain","required":true},"posture_revision_id":{"type":"string","description":"Revision_id the posture which needs to be deployed.","description_kind":"plain","required":true},"reconciling":{"type":"bool","description":"If set, there are currently changes in flight to the posture deployment.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the posture deployment. A posture deployment can be in the following terminal states:\nACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED.","description_kind":"plain","computed":true},"target_resource":{"type":"string","description":"The resource on which the posture should be deployed. This can be in one of the following formats:\nprojects/{project_number},\nfolders/{folder_number},\norganizations/{organization_id}","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Time the posture deployment was updated in UTC.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description":"The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035. Changing this forces a new service account to be created.","description_kind":"plain","required":true},"create_ignore_already_exists":{"type":"bool","description":"If set to true, skip service account creation if a service account with the same email already exists.","description_kind":"plain","optional":true},"description":{"type":"string","description":"A text description of the service account. Must be less than or equal to 256 UTF-8 bytes.","description_kind":"plain","optional":true},"disabled":{"type":"bool","description":"Whether the service account is disabled. Defaults to false","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name for the service account. Can be updated without creating a new resource.","description_kind":"plain","optional":true},"email":{"type":"string","description":"The e-mail address of the service account. This value should be referenced from any google_iam_policy data sources that would grant the service account privileges.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description":"The Identity of the service account in the form 'serviceAccount:{email}'. This value is often used to refer to the service account in order to grant IAM permissions.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The fully-qualified name of the service account.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description":"The unique id of the service account.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_account_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keepers":{"type":["map","string"],"description":"Arbitrary map of values that, when changed, will trigger recreation of resource.","description_kind":"plain","optional":true},"key_algorithm":{"type":"string","description":"The algorithm used to generate the key, used only on create. KEY_ALG_RSA_2048 is the default algorithm. Valid values are: \"KEY_ALG_RSA_1024\", \"KEY_ALG_RSA_2048\".","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name used for this key pair","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The private key in JSON format, base64 encoded. This is what you normally get as a file when creating service account keys through the CLI or web console. This is only populated when creating a new key.","description_kind":"plain","computed":true,"sensitive":true},"private_key_type":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description":"The public key, base64 encoded","description_kind":"plain","computed":true},"public_key_data":{"type":"string","description":"A field that allows clients to upload their own public key. If set, use this public key data to create a service account key for given service account. Please note, the expected format for this field is a base64 encoded X509_PEM.","description_kind":"plain","optional":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true},"service_account_id":{"type":"string","description":"The ID of the parent service account of the key. This can be a string in the format {ACCOUNT} or projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}, where {ACCOUNT} is the email address or unique id of the service account. If the {ACCOUNT} syntax is used, the project will be inferred from the provider's configuration.","description_kind":"plain","required":true},"valid_after":{"type":"string","description":"The key can be used after this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"valid_before":{"type":"string","description":"The key can be used before this timestamp. A timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds. Example: \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_networking_connection":{"version":0,"block":{"attributes":{"deletion_policy":{"type":"string","description":"When set to ABANDON, terraform will abandon management of the resource instead of deleting it. Prevents terraform apply failures with CloudSQL. Note: The resource will still exist.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":"string","description":"Name of VPC network connected with service producers using VPC peering.","description_kind":"plain","required":true},"peering":{"type":"string","description_kind":"plain","computed":true},"reserved_peering_ranges":{"type":["list","string"],"description":"Named IP address range(s) of PEERING type reserved for this service provider. Note that invoking this method with a different range when connection is already established will not reallocate already provisioned service producer subnetworks.","description_kind":"plain","required":true},"service":{"type":"string","description":"Provider peering service that is managing peering connectivity for a service provider organization. For Google services that support this functionality it is 'servicenetworking.googleapis.com'.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description":"The DNS domain name suffix of the peered DNS domain.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the peered DNS domain.","description_kind":"plain","required":true},"network":{"type":"string","description":"Network in the consumer project to peer with.","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project that the service account will be created in. Defaults to the provider project configuration.","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description":"The name of the service to create a peered DNS domain for, e.g. servicenetworking.googleapis.com","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"block_types":{"pubsub_configs":{"nesting_mode":"set","block":{"attributes":{"message_format":{"type":"string","description":"The format of the Cloud Pub/Sub messages.\n- PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent.\n- JSON: The message payload is a JSON string of SourceRepoEvent. Possible values: [\"PROTOBUF\", \"JSON\"]","description_kind":"plain","required":true},"service_account_email":{"type":"string","description":"Email address of the service account used for publishing Cloud Pub/Sub messages.\nThis service account needs to be in the same project as the PubsubConfig. When added,\nthe caller needs to have iam.serviceAccounts.actAs permission on this service account.\nIf unspecified, it defaults to the compute engine default service account.","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database":{"version":0,"block":{"attributes":{"database_dialect":{"type":"string","description":"The dialect of the Cloud Spanner Database.\nIf it is not provided, \"GOOGLE_STANDARD_SQL\" will be used. Possible values: [\"GOOGLE_STANDARD_SQL\", \"POSTGRESQL\"]","description_kind":"plain","optional":true,"computed":true},"ddl":{"type":["list","string"],"description":"An optional list of DDL statements to run inside the newly created\ndatabase. Statements can create tables, indexes, etc. These statements\nexecute atomically with the creation of the database: if there is an\nerror in any statement, the database is not created.","description_kind":"plain","optional":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the database. Defaults to true. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the database will fail.","description_kind":"plain","optional":true},"enable_drop_protection":{"type":"bool","description":"Whether drop protection is enabled for this database. Defaults to false.\nDrop protection is different from\nthe \"deletion_protection\" attribute in the following ways:\n(1) \"deletion_protection\" only protects the database from deletions in Terraform.\nwhereas setting “enableDropProtection” to true protects the database from deletions in all interfaces.\n(2) Setting \"enableDropProtection\" to true also prevents the deletion of the parent instance containing the database.\n\"deletion_protection\" attribute does not provide protection against the deletion of the parent instance.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The instance to create the database on.","description_kind":"plain","required":true},"name":{"type":"string","description":"A unique identifier for the database, which cannot be changed after\nthe instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9].","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"An explanation of the status of the database.","description_kind":"plain","computed":true},"version_retention_period":{"type":"string","description":"The retention period for the database. The retention period must be between 1 hour\nand 7 days, and can be specified in days, hours, minutes, or seconds. For example,\nthe values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h.\nIf this property is used, you must avoid adding new DDL statements to 'ddl' that\nupdate the database's version_retention_period.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"encryption_config":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Fully qualified name of the KMS key to use to encrypt this database. This key must exist\nin the same location as the Spanner Database.","description_kind":"plain","required":true}},"description":"Encryption configuration for the database","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_database_iam_binding":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_member":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","required":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","optional":true,"computed":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","optional":true,"computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"block_types":{"autoscaling_config":{"nesting_mode":"list","block":{"block_types":{"autoscaling_limits":{"nesting_mode":"list","block":{"attributes":{"max_nodes":{"type":"number","description":"Specifies maximum number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to min_nodes.","description_kind":"plain","optional":true},"max_processing_units":{"type":"number","description":"Specifies maximum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000 and be greater than or equal to\nmin_processing_units.","description_kind":"plain","optional":true},"min_nodes":{"type":"number","description":"Specifies number of nodes allocated to the instance. If set, this number\nshould be greater than or equal to 1.","description_kind":"plain","optional":true},"min_processing_units":{"type":"number","description":"Specifies minimum number of processing units allocated to the instance.\nIf set, this number should be multiples of 1000.","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events. Users can define the minimum and\nmaximum compute capacity allocated to the instance, and the autoscaler will\nonly scale within that range. Users can either use nodes or processing\nunits to specify the limits, but should use the same unit to set both the\nmin_limit and max_limit.","description_kind":"plain"},"max_items":1},"autoscaling_targets":{"nesting_mode":"list","block":{"attributes":{"high_priority_cpu_utilization_percent":{"type":"number","description":"Specifies the target high priority cpu utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization)..","description_kind":"plain","optional":true},"storage_utilization_percent":{"type":"number","description":"Specifies the target storage utilization percentage that the autoscaler\nshould be trying to achieve for the instance.\nThis number is on a scale from 0 (no utilization) to 100 (full utilization).","description_kind":"plain","optional":true}},"description":"Defines scale in controls to reduce the risk of response latency\nand outages due to abrupt scale-in events","description_kind":"plain"},"max_items":1}},"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_spanner_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"member":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","optional":true,"computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","required":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","optional":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","optional":true,"computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","optional":true,"computed":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","optional":true,"computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","optional":true,"sensitive":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true,"sensitive":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true}},"block_types":{"clone":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the cloned instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://tools.ietf.org/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"database_names":{"type":["list","string"],"description":"(SQL Server only, use with point_in_time) clone only the specified databases from the source instance. Clone all databases if empty.","description_kind":"plain","optional":true},"point_in_time":{"type":"string","description":"The timestamp of the point in time that should be restored.","description_kind":"plain","optional":true},"preferred_zone":{"type":"string","description":"(Point-in-time recovery for PostgreSQL only) Clone to an instance in the specified zone. If no zone is specified, clone to the same zone as the source instance.","description_kind":"plain","optional":true},"source_instance_name":{"type":"string","description":"The name of the instance from which the point in time should be restored.","description_kind":"plain","required":true}},"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain"},"max_items":1},"replica_configuration":{"nesting_mode":"list","block":{"attributes":{"ca_certificate":{"type":"string","description":"PEM representation of the trusted CA's x509 certificate.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"PEM representation of the replica's x509 certificate.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"PEM representation of the replica's private key. The corresponding public key in encoded in the client_certificate.","description_kind":"plain","optional":true},"connect_retry_interval":{"type":"number","description":"The number of seconds between connect retries. MySQL's default is 60 seconds.","description_kind":"plain","optional":true},"dump_file_path":{"type":"string","description":"Path to a SQL file in Google Cloud Storage from which replica instances are created. Format is gs://bucket/filename.","description_kind":"plain","optional":true},"failover_target":{"type":"bool","description":"Specifies if the replica is the failover target. If the field is set to true the replica will be designated as a failover replica. If the master instance fails, the replica instance will be promoted as the new master instance. Not supported for Postgres","description_kind":"plain","optional":true},"master_heartbeat_period":{"type":"number","description":"Time in ms between replication heartbeats.","description_kind":"plain","optional":true},"password":{"type":"string","description":"Password for the replication connection.","description_kind":"plain","optional":true,"sensitive":true},"ssl_cipher":{"type":"string","description":"Permissible ciphers for use in SSL encryption.","description_kind":"plain","optional":true},"username":{"type":"string","description":"Username for replication connection.","description_kind":"plain","optional":true},"verify_server_certificate":{"type":"bool","description":"True if the master's common name value is checked during the SSL handshake.","description_kind":"plain","optional":true}},"description":"The configuration for replication.","description_kind":"plain"},"max_items":1},"restore_backup_context":{"nesting_mode":"list","block":{"attributes":{"backup_run_id":{"type":"number","description":"The ID of the backup run to restore from.","description_kind":"plain","required":true},"instance_id":{"type":"string","description":"The ID of the instance that the backup was taken from.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The full project ID of the source instance.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"settings":{"nesting_mode":"list","block":{"attributes":{"activation_policy":{"type":"string","description":"This specifies when the instance should be active. Can be either ALWAYS, NEVER or ON_DEMAND.","description_kind":"plain","optional":true},"availability_type":{"type":"string","description":"The availability type of the Cloud SQL instance, high availability\n(REGIONAL) or single zone (ZONAL). For all instances, ensure that\nsettings.backup_configuration.enabled is set to true.\nFor MySQL instances, ensure that settings.backup_configuration.binary_log_enabled is set to true.\nFor Postgres instances, ensure that settings.backup_configuration.point_in_time_recovery_enabled\nis set to true. Defaults to ZONAL.","description_kind":"plain","optional":true},"collation":{"type":"string","description":"The name of server instance collation.","description_kind":"plain","optional":true},"connector_enforcement":{"type":"string","description":"Specifies if connections must use Cloud SQL connectors.","description_kind":"plain","optional":true,"computed":true},"deletion_protection_enabled":{"type":"bool","description":"Configuration to protect against accidental instance deletion.","description_kind":"plain","optional":true},"disk_autoresize":{"type":"bool","description":"Enables auto-resizing of the storage size. Defaults to true.","description_kind":"plain","optional":true},"disk_autoresize_limit":{"type":"number","description":"The maximum size, in GB, to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.","description_kind":"plain","optional":true},"disk_size":{"type":"number","description":"The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased. The minimum value is 10GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"The type of data disk: PD_SSD or PD_HDD. Defaults to PD_SSD.","description_kind":"plain","optional":true},"edition":{"type":"string","description":"The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS.","description_kind":"plain","optional":true},"enable_google_ml_integration":{"type":"bool","description":"Enables Vertex AI Integration.","description_kind":"plain","optional":true},"pricing_plan":{"type":"string","description":"Pricing plan for this instance, can only be PER_USE.","description_kind":"plain","optional":true},"tier":{"type":"string","description":"The machine type to use. See tiers for more details and supported versions. Postgres supports only shared-core machine types, and custom machine types such as db-custom-2-13312. See the Custom Machine Type Documentation to learn about specifying custom machine types.","description_kind":"plain","required":true},"time_zone":{"type":"string","description":"The time_zone to be used by the database engine (supported only for SQL Server), in SQL Server timezone format.","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"A set of key/value user label pairs to assign to the instance.","description_kind":"plain","optional":true,"computed":true},"version":{"type":"number","description":"Used to make sure changes to the settings block are atomic.","description_kind":"plain","computed":true}},"block_types":{"active_directory_config":{"nesting_mode":"list","block":{"attributes":{"domain":{"type":"string","description":"Domain name of the Active Directory for SQL Server (e.g., mydomain.com).","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"advanced_machine_features":{"nesting_mode":"list","block":{"attributes":{"threads_per_core":{"type":"number","description":"The number of threads per physical core. Can be 1 or 2.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"backup_configuration":{"nesting_mode":"list","block":{"attributes":{"binary_log_enabled":{"type":"bool","description":"True if binary logging is enabled. If settings.backup_configuration.enabled is false, this must be as well. Can only be used with MySQL.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"True if backup configuration is enabled.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Location of the backup configuration.","description_kind":"plain","optional":true},"point_in_time_recovery_enabled":{"type":"bool","description":"True if Point-in-time recovery is enabled.","description_kind":"plain","optional":true},"start_time":{"type":"string","description":"HH:MM format time indicating when backup configuration starts.","description_kind":"plain","optional":true,"computed":true},"transaction_log_retention_days":{"type":"number","description":"The number of days of transaction logs we retain for point in time restore, from 1-7. (For PostgreSQL Enterprise Plus instances, from 1 to 35.)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"backup_retention_settings":{"nesting_mode":"list","block":{"attributes":{"retained_backups":{"type":"number","description":"Number of backups to retain.","description_kind":"plain","required":true},"retention_unit":{"type":"string","description":"The unit that 'retainedBackups' represents. Defaults to COUNT","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"},"max_items":1},"data_cache_config":{"nesting_mode":"list","block":{"attributes":{"data_cache_enabled":{"type":"bool","description":"Whether data cache is enabled for the instance.","description_kind":"plain","optional":true}},"description":"Data cache configurations.","description_kind":"plain"},"max_items":1},"database_flags":{"nesting_mode":"set","block":{"attributes":{"name":{"type":"string","description":"Name of the flag.","description_kind":"plain","required":true},"value":{"type":"string","description":"Value of the flag.","description_kind":"plain","required":true}},"description_kind":"plain"}},"deny_maintenance_period":{"nesting_mode":"list","block":{"attributes":{"end_date":{"type":"string","description":"End date before which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"start_date":{"type":"string","description":"Start date after which maintenance will not take place. The date is in format yyyy-mm-dd i.e., 2020-11-01, or mm-dd, i.e., 11-01","description_kind":"plain","required":true},"time":{"type":"string","description":"Time in UTC when the \"deny maintenance period\" starts on start_date and ends on end_date. The time is in format: HH:mm:SS, i.e., 00:00:00","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"insights_config":{"nesting_mode":"list","block":{"attributes":{"query_insights_enabled":{"type":"bool","description":"True if Query Insights feature is enabled.","description_kind":"plain","optional":true},"query_plans_per_minute":{"type":"number","description":"Number of query execution plans captured by Insights per minute for all queries combined. Between 0 and 20. Default to 5.","description_kind":"plain","optional":true,"computed":true},"query_string_length":{"type":"number","description":"Maximum query length stored in bytes. Between 256 and 4500. Default to 1024.","description_kind":"plain","optional":true},"record_application_tags":{"type":"bool","description":"True if Query Insights will record application tags from query when enabled.","description_kind":"plain","optional":true},"record_client_address":{"type":"bool","description":"True if Query Insights will record client address when enabled.","description_kind":"plain","optional":true}},"description":"Configuration of Query Insights.","description_kind":"plain"},"max_items":1},"ip_configuration":{"nesting_mode":"list","block":{"attributes":{"allocated_ip_range":{"type":"string","description":"The name of the allocated ip range for the private ip CloudSQL instance. For example: \"google-managed-services-default\". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.","description_kind":"plain","optional":true},"enable_private_path_for_google_cloud_services":{"type":"bool","description":"Whether Google Cloud services such as BigQuery are allowed to access data in this Cloud SQL instance over a private IP connection. SQLSERVER database type is not supported.","description_kind":"plain","optional":true},"ipv4_enabled":{"type":"bool","description":"Whether this Cloud SQL instance should be assigned a public IPV4 address. At least ipv4_enabled must be enabled or a private_network must be configured.","description_kind":"plain","optional":true},"private_network":{"type":"string","description":"The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.","description_kind":"plain","optional":true},"require_ssl":{"type":"bool","description":"Whether SSL connections over IP are enforced or not. To change this field, also set the corresponding value in ssl_mode if it has been set too.","description_kind":"plain","optional":true},"ssl_mode":{"type":"string","description":"Specify how SSL connection should be enforced in DB connections. This field provides more SSL enforcment options compared to require_ssl. To change this field, also set the correspoding value in require_ssl.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"authorized_networks":{"nesting_mode":"set","block":{"attributes":{"expiration_time":{"type":"string","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true},"value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"psc_config":{"nesting_mode":"set","block":{"attributes":{"allowed_consumer_projects":{"type":["set","string"],"description":"List of consumer projects that are allow-listed for PSC connections to this instance. This instance can be connected to with PSC from any network in these projects. Each consumer project in this list may be represented by a project number (numeric) or by a project id (alphanumeric).","description_kind":"plain","optional":true},"psc_enabled":{"type":"bool","description":"Whether PSC connectivity is enabled for this instance.","description_kind":"plain","optional":true}},"description":"PSC settings for a Cloud SQL instance.","description_kind":"plain"}}},"description_kind":"plain"},"max_items":1},"location_preference":{"nesting_mode":"list","block":{"attributes":{"follow_gae_application":{"type":"string","description":"A Google App Engine application whose zone to remain in. Must be in the same region as this instance.","description_kind":"plain","optional":true},"secondary_zone":{"type":"string","description":"The preferred Compute Engine zone for the secondary/failover","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The preferred compute engine zone.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"maintenance_window":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of week (1-7), starting on Monday","description_kind":"plain","optional":true},"hour":{"type":"number","description":"Hour of day (0-23), ignored if day not set","description_kind":"plain","optional":true},"update_track":{"type":"string","description":"Receive updates earlier (canary) or later (stable)","description_kind":"plain","optional":true}},"description":"Declares a one-hour maintenance window when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time.","description_kind":"plain"},"max_items":1},"password_validation_policy":{"nesting_mode":"list","block":{"attributes":{"complexity":{"type":"string","description":"Password complexity.","description_kind":"plain","optional":true},"disallow_username_substring":{"type":"bool","description":"Disallow username as a part of the password.","description_kind":"plain","optional":true},"enable_password_policy":{"type":"bool","description":"Whether the password policy is enabled or not.","description_kind":"plain","required":true},"min_length":{"type":"number","description":"Minimum number of characters allowed.","description_kind":"plain","optional":true},"password_change_interval":{"type":"string","description":"Minimum interval after which the password can be changed. This flag is only supported for PostgresSQL.","description_kind":"plain","optional":true},"reuse_interval":{"type":"number","description":"Number of previous passwords that cannot be reused.","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1},"sql_server_audit_config":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The name of the destination bucket (e.g., gs://mybucket).","description_kind":"plain","optional":true},"retention_interval":{"type":"string","description":"How long to keep generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\"..","description_kind":"plain","optional":true},"upload_interval":{"type":"string","description":"How often to upload generated audit files. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description_kind":"plain"},"max_items":1}},"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_source_representation_instance":{"version":0,"block":{"attributes":{"ca_certificate":{"type":"string","description":"The CA certificate on the external server. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_certificate":{"type":"string","description":"The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"client_key":{"type":"string","description":"The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server.","description_kind":"plain","optional":true},"database_version":{"type":"string","description":"The MySQL version running on your source database server. Possible values: [\"MYSQL_5_6\", \"MYSQL_5_7\", \"MYSQL_8_0\", \"POSTGRES_9_6\", \"POSTGRES_10\", \"POSTGRES_11\", \"POSTGRES_12\", \"POSTGRES_13\", \"POSTGRES_14\"]","description_kind":"plain","required":true},"dump_file_path":{"type":"string","description":"A file in the bucket that contains the data from the external server.","description_kind":"plain","optional":true},"host":{"type":"string","description":"The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The name of the source representation instance. Use any valid Cloud SQL instance name.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the replication user account.","description_kind":"plain","optional":true,"sensitive":true},"port":{"type":"number","description":"The externally accessible port for the source database server.\nDefaults to 3306.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The Region in which the created instance should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"username":{"type":"string","description":"The replication user account on the external server.","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_ssl_cert":{"version":1,"block":{"attributes":{"cert":{"type":"string","description":"The actual certificate data for this client certificate.","description_kind":"plain","computed":true,"sensitive":true},"cert_serial_number":{"type":"string","description":"The serial number extracted from the certificate data.","description_kind":"plain","computed":true},"common_name":{"type":"string","description":"The common name to be used in the certificate to identify the client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"create_time":{"type":"string","description":"The time when the certificate was created in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"expiration_time":{"type":"string","description":"The time when the certificate expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"private_key":{"type":"string","description":"The private key associated with the client certificate.","description_kind":"plain","computed":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"server_ca_cert":{"type":"string","description":"The CA cert of the server this client cert was generated from.","description_kind":"plain","computed":true,"sensitive":true},"sha1_fingerprint":{"type":"string","description":"The SHA1 Fingerprint of the certificate.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_sql_user":{"version":1,"block":{"attributes":{"deletion_policy":{"type":"string","description":"The deletion policy for the user. Setting ABANDON allows the resource\n\t\t\t\tto be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they\n\t\t\t\thave been granted SQL roles. Possible values are: \"ABANDON\".","description_kind":"plain","optional":true},"host":{"type":"string","description":"The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the user. Changing this forces a new resource to be created.","description_kind":"plain","required":true},"password":{"type":"string","description":"The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to\n either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.","description_kind":"plain","optional":true,"sensitive":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"sql_server_user_details":{"type":["list",["object",{"disabled":"bool","server_roles":["list","string"]}]],"description_kind":"plain","computed":true},"type":{"type":"string","description":"The user type. It determines the method to authenticate the user during login.\n The default is the database's built-in user type. Flags include \"BUILT_IN\", \"CLOUD_IAM_USER\", \"CLOUD_IAM_GROUP\" or \"CLOUD_IAM_SERVICE_ACCOUNT\".","description_kind":"plain","optional":true}},"block_types":{"password_policy":{"nesting_mode":"list","block":{"attributes":{"allowed_failed_attempts":{"type":"number","description":"Number of failed attempts allowed before the user get locked.","description_kind":"plain","optional":true},"enable_failed_attempts_check":{"type":"bool","description":"If true, the check that will lock user after too many failed login attempts will be enabled.","description_kind":"plain","optional":true},"enable_password_verification":{"type":"bool","description":"If true, the user must specify the current password before changing the password. This flag is supported only for MySQL.","description_kind":"plain","optional":true},"password_expiration_duration":{"type":"string","description":"Password expiration duration with one week grace period.","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"locked":"bool","password_expiration_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","optional":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","optional":true,"computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","optional":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","optional":true,"computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true}},"block_types":{"autoclass":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, autoclass automatically transitions objects in your bucket to appropriate storage classes based on each object's access pattern.","description_kind":"plain","required":true},"terminal_storage_class":{"type":"string","description":"The storage class that objects in the bucket eventually transition to if they are not read for a certain length of time. Supported values include: NEARLINE, ARCHIVE.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's autoclass configuration.","description_kind":"plain"},"max_items":1},"cors":{"nesting_mode":"list","block":{"attributes":{"max_age_seconds":{"type":"number","description":"The value, in seconds, to return in the Access-Control-Max-Age header used in preflight responses.","description_kind":"plain","optional":true},"method":{"type":["list","string"],"description":"The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: \"*\" is permitted in the list of methods, and means \"any method\".","description_kind":"plain","optional":true},"origin":{"type":["list","string"],"description":"The list of Origins eligible to receive CORS response headers. Note: \"*\" is permitted in the list of origins, and means \"any Origin\".","description_kind":"plain","optional":true},"response_header":{"type":["list","string"],"description":"The list of HTTP headers other than the simple response headers to give permission for the user-agent to share across domains.","description_kind":"plain","optional":true}},"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain"}},"custom_placement_config":{"nesting_mode":"list","block":{"attributes":{"data_locations":{"type":["set","string"],"description":"The list of individual regions that comprise a dual-region bucket. See the docs for a list of acceptable regions. Note: If any of the data_locations changes, it will recreate the bucket.","description_kind":"plain","required":true}},"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain"},"max_items":1},"encryption":{"nesting_mode":"list","block":{"attributes":{"default_kms_key_name":{"type":"string","description":"A Cloud KMS key that will be used to encrypt objects inserted into this bucket, if no encryption method is specified. You must pay attention to whether the crypto key is available in the location that this bucket is created in. See the docs for more details.","description_kind":"plain","required":true}},"description":"The bucket's encryption configuration.","description_kind":"plain"},"max_items":1},"lifecycle_rule":{"nesting_mode":"list","block":{"block_types":{"action":{"nesting_mode":"set","block":{"attributes":{"storage_class":{"type":"string","description":"The target Storage Class of objects affected by this Lifecycle Rule. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","optional":true},"type":{"type":"string","description":"The type of the action of this Lifecycle Rule. Supported values include: Delete, SetStorageClass and AbortIncompleteMultipartUpload.","description_kind":"plain","required":true}},"description":"The Lifecycle Rule's action configuration. A single block of this type is supported.","description_kind":"plain"},"min_items":1,"max_items":1},"condition":{"nesting_mode":"set","block":{"attributes":{"age":{"type":"number","description":"Minimum age of an object in days to satisfy this condition.","description_kind":"plain","optional":true},"created_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"custom_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"days_since_custom_time":{"type":"number","description":"Number of days elapsed since the user-specified timestamp set on an object.","description_kind":"plain","optional":true},"days_since_noncurrent_time":{"type":"number","description":"Number of days elapsed since the noncurrent timestamp of an object. This\n\t\t\t\t\t\t\t\t\t\tcondition is relevant only for versioned objects.","description_kind":"plain","optional":true},"matches_prefix":{"type":["list","string"],"description":"One or more matching name prefixes to satisfy this condition.","description_kind":"plain","optional":true},"matches_storage_class":{"type":["list","string"],"description":"Storage Class of objects to satisfy this condition. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, STANDARD, DURABLE_REDUCED_AVAILABILITY.","description_kind":"plain","optional":true},"matches_suffix":{"type":["list","string"],"description":"One or more matching name suffixes to satisfy this condition.","description_kind":"plain","optional":true},"no_age":{"type":"bool","description":"While set true, age value will be omitted.Required to set true when age is unset in the config file.","description_kind":"plain","optional":true},"noncurrent_time_before":{"type":"string","description":"Creation date of an object in RFC 3339 (e.g. 2017-06-13) to satisfy this condition.","description_kind":"plain","optional":true},"num_newer_versions":{"type":"number","description":"Relevant only for versioned objects. The number of newer versions of an object to satisfy this condition.","description_kind":"plain","optional":true},"with_state":{"type":"string","description":"Match to live and/or archived objects. Unversioned buckets have only live objects. Supported values include: \"LIVE\", \"ARCHIVED\", \"ANY\".","description_kind":"plain","optional":true,"computed":true}},"description":"The Lifecycle Rule's condition configuration.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain"},"max_items":100},"logging":{"nesting_mode":"list","block":{"attributes":{"log_bucket":{"type":"string","description":"The bucket that will receive log objects.","description_kind":"plain","required":true},"log_object_prefix":{"type":"string","description":"The object prefix for log objects. If it's not provided, by default Google Cloud Storage sets this to this bucket's name.","description_kind":"plain","optional":true,"computed":true}},"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain"},"max_items":1},"retention_policy":{"nesting_mode":"list","block":{"attributes":{"is_locked":{"type":"bool","description":"If set to true, the bucket will be locked and permanently restrict edits to the bucket's retention policy. Caution: Locking a bucket is an irreversible action.","description_kind":"plain","optional":true},"retention_period":{"type":"number","description":"The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, overwritten, or archived. The value must be less than 3,155,760,000 seconds.","description_kind":"plain","required":true}},"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain"},"max_items":1},"soft_delete_policy":{"nesting_mode":"list","block":{"attributes":{"effective_time":{"type":"string","description":"Server-determined value that indicates the time from which the policy, or one with a greater retention, was effective. This value is in RFC 3339 format.","description_kind":"plain","computed":true},"retention_duration_seconds":{"type":"number","description":"The duration in seconds that soft-deleted objects in the bucket will be retained and cannot be permanently deleted. Default value is 604800.","description_kind":"plain","optional":true}},"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"read":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"versioning":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"While set to true, versioning is fully enabled for this bucket.","description_kind":"plain","required":true}},"description":"The bucket's Versioning configuration.","description_kind":"plain"},"max_items":1},"website":{"nesting_mode":"list","block":{"attributes":{"main_page_suffix":{"type":"string","description":"Behaves as the bucket's directory index where missing objects are treated as potential directories.","description_kind":"plain","optional":true},"not_found_page":{"type":"string","description":"The custom object to return when a requested resource is not found.","description_kind":"plain","optional":true}},"description":"Configuration if the bucket acts as a website.","description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n user-userId\n user-email\n group-groupId\n group-email\n domain-domain\n project-team-projectId\n allUsers\n allAuthenticatedUsers\nExamples:\n The user liz@example.com would be user-liz@example.com.\n The group example@googlegroups.com would be\n group-example@googlegroups.com.\n To refer to all members of the Google Apps for Business domain\n example.com, the entity would be domain-example.com.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\", \"WRITER\"]","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_bucket_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket it applies to.","description_kind":"plain","required":true},"default_acl":{"type":"string","description":"Configure this ACL to be the default ACL.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"predefined_acl":{"type":"string","description":"The canned GCS ACL to apply. Must be set if role_entity is not.","description_kind":"plain","optional":true},"role_entity":{"type":["list","string"],"description":"List of role/entity pairs in the form ROLE:entity. See GCS Bucket ACL documentation for more details. Must be set if predefined_acl is not.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_binding":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_member":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","optional":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true,"computed":true,"sensitive":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","optional":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","optional":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","optional":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","optional":true,"computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","optional":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","optional":true,"computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","optional":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","optional":true,"computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","optional":true}},"block_types":{"customer_encryption":{"nesting_mode":"list","block":{"attributes":{"encryption_algorithm":{"type":"string","description":"The encryption algorithm. Default: AES256","description_kind":"plain","optional":true},"encryption_key":{"type":"string","description":"Base64 encoded customer supplied encryption key.","description_kind":"plain","required":true,"sensitive":true}},"description":"Encryption key; encoded using base64.","description_kind":"plain"},"max_items":1},"retention":{"nesting_mode":"list","block":{"attributes":{"mode":{"type":"string","description":"The object retention mode. Supported values include: \"Unlocked\", \"Locked\".","description_kind":"plain","required":true},"retain_until_time":{"type":"string","description":"Time in RFC 3339 (e.g. 2030-01-01T02:03:04Z) until which object retention protects this object.","description_kind":"plain","required":true}},"description":"Object level retention configuration.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object, if applied to an object.","description_kind":"plain","optional":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_default_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_hmac_key":{"version":0,"block":{"attributes":{"access_id":{"type":"string","description":"The access ID of the HMAC Key.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"HMAC secret key material.","description_kind":"plain","computed":true,"sensitive":true},"service_account_email":{"type":"string","description":"The email address of the key's associated service account.","description_kind":"plain","required":true},"state":{"type":"string","description":"The state of the key. Can be set to one of ACTIVE, INACTIVE. Default value: \"ACTIVE\" Possible values: [\"ACTIVE\", \"INACTIVE\"]","description_kind":"plain","optional":true},"time_created":{"type":"string","description":"'The creation time of the HMAC key in RFC 3339 format. '","description_kind":"plain","computed":true},"updated":{"type":"string","description":"'The last modification time of the HMAC key metadata in RFC 3339 format.'","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_insights_report_config":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"The editable display name of the inventory report configuration. Has a limit of 256 characters. Can be empty.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the ReportConfig. The source and destination buckets specified in the ReportConfig\nmust be in the same location.","description_kind":"plain","required":true},"name":{"type":"string","description":"The UUID of the inventory report configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"block_types":{"csv_options":{"nesting_mode":"list","block":{"attributes":{"delimiter":{"type":"string","description":"The delimiter used to separate the fields in the inventory report CSV file.","description_kind":"plain","optional":true},"header_required":{"type":"bool","description":"The boolean that indicates whether or not headers are included in the inventory report CSV file.","description_kind":"plain","optional":true},"record_separator":{"type":"string","description":"The character used to separate the records in the inventory report CSV file.","description_kind":"plain","optional":true}},"description":"Options for configuring the format of the inventory report CSV file.","description_kind":"plain"},"min_items":1,"max_items":1},"frequency_options":{"nesting_mode":"list","block":{"attributes":{"frequency":{"type":"string","description":"The frequency in which inventory reports are generated. Values are DAILY or WEEKLY. Possible values: [\"DAILY\", \"WEEKLY\"]","description_kind":"plain","required":true}},"block_types":{"end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to stop generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to stop generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to stop generating inventory reports","description_kind":"plain","required":true}},"description":"The date to stop generating inventory reports. For example, {\"day\": 15, \"month\": 9, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1},"start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"The day of the month to start generating inventory reports.","description_kind":"plain","required":true},"month":{"type":"number","description":"The month to start generating inventory reports.","description_kind":"plain","required":true},"year":{"type":"number","description":"The year to start generating inventory reports","description_kind":"plain","required":true}},"description":"The date to start generating inventory reports. For example, {\"day\": 15, \"month\": 8, \"year\": 2022}.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Options for configuring how inventory reports are generated.","description_kind":"plain"},"max_items":1},"object_metadata_report_options":{"nesting_mode":"list","block":{"attributes":{"metadata_fields":{"type":["list","string"],"description":"The metadata fields included in an inventory report.","description_kind":"plain","required":true}},"block_types":{"storage_destination_options":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The destination bucket that stores the generated inventory reports.","description_kind":"plain","required":true},"destination_path":{"type":"string","description":"The path within the destination bucket to store generated inventory reports.","description_kind":"plain","optional":true}},"description":"Options for where the inventory reports are stored.","description_kind":"plain"},"min_items":1,"max_items":1},"storage_filters":{"nesting_mode":"list","block":{"attributes":{"bucket":{"type":"string","description":"The filter to use when specifying which bucket to generate inventory reports for.","description_kind":"plain","optional":true}},"description":"A nested object resource","description_kind":"plain"},"max_items":1}},"description":"Options for including metadata in an inventory report.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_notification":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"custom_attributes":{"type":["map","string"],"description":" A set of key/value attribute pairs to attach to each Cloud Pub/Sub message published for this notification subscription","description_kind":"plain","optional":true},"event_types":{"type":["set","string"],"description":"List of event type filters for this notification config. If not specified, Cloud Storage will send notifications for all event types. The valid types are: \"OBJECT_FINALIZE\", \"OBJECT_METADATA_UPDATE\", \"OBJECT_DELETE\", \"OBJECT_ARCHIVE\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"notification_id":{"type":"string","description":"The ID of the created notification.","description_kind":"plain","computed":true},"object_name_prefix":{"type":"string","description":"Specifies a prefix path filter for this notification config. Cloud Storage will only send notifications for objects in this bucket whose names begin with the specified prefix.","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired content of the Payload. One of \"JSON_API_V1\" or \"NONE\".","description_kind":"plain","required":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"The Cloud Pub/Sub topic to which this subscription publishes. Expects either the topic name, assumed to belong to the default GCP provider project, or the project-level name, i.e. projects/my-gcp-project/topics/my-topic or my-topic. If the project is not set in the provider, you will need to use the project-level name.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_storage_object_access_control":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"domain":{"type":"string","description":"The domain associated with the entity.","description_kind":"plain","computed":true},"email":{"type":"string","description":"The email address associated with the entity.","description_kind":"plain","computed":true},"entity":{"type":"string","description":"The entity holding the permission, in one of the following forms:\n * user-{{userId}}\n * user-{{email}} (such as \"user-liz@example.com\")\n * group-{{groupId}}\n * group-{{email}} (such as \"group-example@googlegroups.com\")\n * domain-{{domain}} (such as \"domain-example.com\")\n * project-team-{{projectId}}\n * allUsers\n * allAuthenticatedUsers","description_kind":"plain","required":true},"entity_id":{"type":"string","description":"The ID for the entity","description_kind":"plain","computed":true},"generation":{"type":"number","description":"The content generation of the object, if applied to an object.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description":"The name of the object to apply the access control to.","description_kind":"plain","required":true},"project_team":{"type":["list",["object",{"project_number":"string","team":"string"}]],"description":"The project team associated with the entity","description_kind":"plain","computed":true},"role":{"type":"string","description":"The access permission for the entity. Possible values: [\"OWNER\", \"READER\"]","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_object_acl":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"object":{"type":"string","description_kind":"plain","required":true},"predefined_acl":{"type":"string","description_kind":"plain","optional":true},"role_entity":{"type":["set","string"],"description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_storage_transfer_agent_pool":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Specifies the client-specified AgentPool description.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The ID of the agent pool to create.\n\nThe agentPoolId must meet the following requirements:\n* Length of 128 characters or less.\n* Not start with the string goog.\n* Start with a lowercase ASCII character, followed by:\n * Zero or more: lowercase Latin alphabet characters, numerals, hyphens (-), periods (.), underscores (_), or tildes (~).\n * One or more numerals or lowercase ASCII characters.\n\nAs expressed by the regular expression: ^(?!goog)[a-z]([a-z0-9-._~]*[a-z0-9])?$.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"Specifies the state of the AgentPool.","description_kind":"plain","computed":true}},"block_types":{"bandwidth_limit":{"nesting_mode":"list","block":{"attributes":{"limit_mbps":{"type":"string","description":"Bandwidth rate in megabytes per second, distributed across all the agents in the pool.","description_kind":"plain","required":true}},"description":"Specifies the bandwidth limit details. If this field is unspecified, the default value is set as 'No Limit'.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_storage_transfer_job":{"version":0,"block":{"attributes":{"creation_time":{"type":"string","description":"When the Transfer Job was created.","description_kind":"plain","computed":true},"deletion_time":{"type":"string","description":"When the Transfer Job was deleted.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Unique description to identify the Transfer Job.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"last_modification_time":{"type":"string","description":"When the Transfer Job was last modified.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the Transfer Job.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description":"Status of the job. Default: ENABLED. NOTE: The effect of the new job status takes place during a subsequent job run. For example, if you change the job status from ENABLED to DISABLED, and an operation spawned by the transfer is running, the status change would not affect the current operation.","description_kind":"plain","optional":true}},"block_types":{"event_stream":{"nesting_mode":"list","block":{"attributes":{"event_stream_expiration_time":{"type":"string","description":"Specifies the data and time at which Storage Transfer Service stops listening for events from this stream. After this time, any transfers in progress will complete, but no new transfers are initiated","description_kind":"plain","optional":true},"event_stream_start_time":{"type":"string","description":"Specifies the date and time that Storage Transfer Service starts listening for events from this stream. If no start time is specified or start time is in the past, Storage Transfer Service starts listening immediately","description_kind":"plain","optional":true},"name":{"type":"string","description":"Specifies a unique name of the resource such as AWS SQS ARN in the form 'arn:aws:sqs:region:account_id:queue_name', or Pub/Sub subscription resource name in the form 'projects/{project}/subscriptions/{sub}'","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1},"notification_config":{"nesting_mode":"list","block":{"attributes":{"event_types":{"type":["set","string"],"description":"Event types for which a notification is desired. If empty, send notifications for all event types. The valid types are \"TRANSFER_OPERATION_SUCCESS\", \"TRANSFER_OPERATION_FAILED\", \"TRANSFER_OPERATION_ABORTED\".","description_kind":"plain","optional":true},"payload_format":{"type":"string","description":"The desired format of the notification message payloads. One of \"NONE\" or \"JSON\".","description_kind":"plain","required":true},"pubsub_topic":{"type":"string","description":"The Topic.name of the Pub/Sub topic to which to publish notifications.","description_kind":"plain","required":true}},"description":"Notification configuration.","description_kind":"plain"},"max_items":1},"schedule":{"nesting_mode":"list","block":{"attributes":{"repeat_interval":{"type":"string","description":"Interval between the start of each scheduled transfer. If unspecified, the default value is 24 hours. This value may not be less than 1 hour. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"block_types":{"schedule_end_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The last day the recurring transfer will be run. If schedule_end_date is the same as schedule_start_date, the transfer will be executed only once.","description_kind":"plain"},"max_items":1},"schedule_start_date":{"nesting_mode":"list","block":{"attributes":{"day":{"type":"number","description":"Day of month. Must be from 1 to 31 and valid for the year and month.","description_kind":"plain","required":true},"month":{"type":"number","description":"Month of year. Must be from 1 to 12.","description_kind":"plain","required":true},"year":{"type":"number","description":"Year of date. Must be from 1 to 9999.","description_kind":"plain","required":true}},"description":"The first day the recurring transfer is scheduled to run. If schedule_start_date is in the past, the transfer will run for the first time on the following day.","description_kind":"plain"},"min_items":1,"max_items":1},"start_time_of_day":{"nesting_mode":"list","block":{"attributes":{"hours":{"type":"number","description":"Hours of day in 24 hour format. Should be from 0 to 23.","description_kind":"plain","required":true},"minutes":{"type":"number","description":"Minutes of hour of day. Must be from 0 to 59.","description_kind":"plain","required":true},"nanos":{"type":"number","description":"Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.","description_kind":"plain","required":true},"seconds":{"type":"number","description":"Seconds of minutes of the time. Must normally be from 0 to 59.","description_kind":"plain","required":true}},"description":"The time in UTC at which the transfer will be scheduled to start in a day. Transfers may start later than this time. If not specified, recurring and one-time transfers that are scheduled to run today will run immediately; recurring transfers that are scheduled to run on a future date will start at approximately midnight UTC on that date. Note that when configuring a transfer with the Cloud Platform Console, the transfer's start time in a day is specified in your local timezone.","description_kind":"plain"},"max_items":1}},"description":"Schedule specification defining when the Transfer Job should be scheduled to start, end and what time to run.","description_kind":"plain"},"max_items":1},"transfer_spec":{"nesting_mode":"list","block":{"attributes":{"sink_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true},"source_agent_pool_name":{"type":"string","description":"Specifies the agent pool name associated with the posix data source. When unspecified, the default name is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"aws_s3_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"S3 Bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"S3 Bucket path in bucket to transfer.","description_kind":"plain","optional":true},"role_arn":{"type":"string","description":"The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.","description_kind":"plain","optional":true}},"block_types":{"aws_access_key":{"nesting_mode":"list","block":{"attributes":{"access_key_id":{"type":"string","description":"AWS Key ID.","description_kind":"plain","required":true,"sensitive":true},"secret_access_key":{"type":"string","description":"AWS Secret Access Key.","description_kind":"plain","required":true,"sensitive":true}},"description":"AWS credentials block.","description_kind":"plain"},"max_items":1}},"description":"An AWS S3 data source.","description_kind":"plain"},"max_items":1},"azure_blob_storage_data_source":{"nesting_mode":"list","block":{"attributes":{"container":{"type":"string","description":"The container to transfer from the Azure Storage account.","description_kind":"plain","required":true},"path":{"type":"string","description":"Root path to transfer objects. Must be an empty string or full path name that ends with a '/'. This field is treated as an object prefix. As such, it should generally not begin with a '/'.","description_kind":"plain","optional":true,"computed":true},"storage_account":{"type":"string","description":"The name of the Azure Storage account.","description_kind":"plain","required":true}},"block_types":{"azure_credentials":{"nesting_mode":"list","block":{"attributes":{"sas_token":{"type":"string","description":"Azure shared access signature.","description_kind":"plain","required":true,"sensitive":true}},"description":" Credentials used to authenticate API requests to Azure.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"An Azure Blob Storage data source.","description_kind":"plain"},"max_items":1},"gcs_data_sink":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data sink.","description_kind":"plain"},"max_items":1},"gcs_data_source":{"nesting_mode":"list","block":{"attributes":{"bucket_name":{"type":"string","description":"Google Cloud Storage bucket name.","description_kind":"plain","required":true},"path":{"type":"string","description":"Google Cloud Storage path in bucket to transfer","description_kind":"plain","optional":true,"computed":true}},"description":"A Google Cloud Storage data source.","description_kind":"plain"},"max_items":1},"http_data_source":{"nesting_mode":"list","block":{"attributes":{"list_url":{"type":"string","description":"The URL that points to the file that stores the object list entries. This file must allow public access. Currently, only URLs with HTTP and HTTPS schemes are supported.","description_kind":"plain","required":true}},"description":"A HTTP URL data source.","description_kind":"plain"},"max_items":1},"object_conditions":{"nesting_mode":"list","block":{"attributes":{"exclude_prefixes":{"type":["list","string"],"description":"exclude_prefixes must follow the requirements described for include_prefixes.","description_kind":"plain","optional":true},"include_prefixes":{"type":["list","string"],"description":"If include_refixes is specified, objects that satisfy the object conditions must have names that start with one of the include_prefixes and that do not start with any of the exclude_prefixes. If include_prefixes is not specified, all objects except those that have names starting with one of the exclude_prefixes must satisfy the object conditions.","description_kind":"plain","optional":true},"last_modified_before":{"type":"string","description":"If specified, only objects with a \"last modification time\" before this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"last_modified_since":{"type":"string","description":"If specified, only objects with a \"last modification time\" on or after this timestamp and objects that don't have a \"last modification time\" are transferred. A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","optional":true},"max_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true},"min_time_elapsed_since_last_modification":{"type":"string","description":"A duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","optional":true}},"description":"Only objects that satisfy these object conditions are included in the set of data source and data sink objects. Object conditions based on objects' last_modification_time do not exclude objects in a data sink.","description_kind":"plain"},"max_items":1},"posix_data_sink":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data sink.","description_kind":"plain"},"max_items":1},"posix_data_source":{"nesting_mode":"list","block":{"attributes":{"root_directory":{"type":"string","description":"Root directory path to the filesystem.","description_kind":"plain","required":true}},"description":"A POSIX filesystem data source.","description_kind":"plain"},"max_items":1},"transfer_options":{"nesting_mode":"list","block":{"attributes":{"delete_objects_from_source_after_transfer":{"type":"bool","description":"Whether objects should be deleted from the source after they are transferred to the sink. Note that this option and delete_objects_unique_in_sink are mutually exclusive.","description_kind":"plain","optional":true},"delete_objects_unique_in_sink":{"type":"bool","description":"Whether objects that exist only in the sink should be deleted. Note that this option and delete_objects_from_source_after_transfer are mutually exclusive.","description_kind":"plain","optional":true},"overwrite_objects_already_existing_in_sink":{"type":"bool","description":"Whether overwriting objects that already exist in the sink is allowed.","description_kind":"plain","optional":true},"overwrite_when":{"type":"string","description":"When to overwrite objects that already exist in the sink. If not set, overwrite behavior is determined by overwriteObjectsAlreadyExistingInSink.","description_kind":"plain","optional":true}},"description":"Characteristics of how to treat files from datasource and sink during job. If the option delete_objects_unique_in_sink is true, object conditions based on objects' last_modification_time are ignored and do not exclude objects in a data source or a data sink.","description_kind":"plain"},"max_items":1}},"description":"Transfer specification.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_tags_location_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The geographic location where the transfer config should reside.\nExamples: US, EU, asia-northeast1. The default value is US.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_binding":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated id for the TagBinding. This is a string of the form: 'tagBindings/{full-resource-name}/{tag-value-name}'","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The full resource name of the resource the TagValue is bound to. E.g. //cloudresourcemanager.googleapis.com/projects/123","description_kind":"plain","required":true},"tag_value":{"type":"string","description":"The TagValue of the TagBinding. Must be of the form tagValues/456.","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagKey. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagKey.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagKey.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagKey's parent. Must be of the form organizations/{org_id} or projects/{project_id_or_number}.","description_kind":"plain","required":true},"purpose":{"type":"string","description":"Optional. A purpose cannot be changed once set.\n\nA purpose denotes that this Tag is intended for use in policies of a specific policy engine, and will involve that policy engine in management operations involving this Tag. Possible values: [\"GCE_FIREWALL\"]","description_kind":"plain","optional":true},"purpose_data":{"type":["map","string"],"description":"Optional. Purpose data cannot be changed once set.\n\nPurpose data corresponds to the policy system that the tag is intended for. For example, the GCE_FIREWALL purpose expects data in the following format: 'network = \"\u003cproject-name\u003e/\u003cvpc-name\u003e\"'.","description_kind":"plain","optional":true},"short_name":{"type":"string","description":"Input only. The user friendly name for a TagKey. The short name should be unique for TagKeys within the same tag namespace.\n\nThe short name must be 1-63 characters, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_key_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Creation time.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-assigned description of the TagValue. Must not exceed 256 characters.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The generated numeric id for the TagValue.","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description":"Output only. Namespaced name of the TagValue. Will be in the format {parentNamespace}/{tagKeyShortName}/{shortName}.","description_kind":"plain","computed":true},"parent":{"type":"string","description":"Input only. The resource name of the new TagValue's parent. Must be of the form tagKeys/{tag_key_id}.","description_kind":"plain","required":true},"short_name":{"type":"string","description":"Input only. User-assigned short name for TagValue. The short name should be unique for TagValues within the same parent TagKey.\n\nThe short name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between.","description_kind":"plain","required":true},"update_time":{"type":"string","description":"Output only. Update time.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_tags_tag_value_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tpu_node":{"version":0,"block":{"attributes":{"accelerator_type":{"type":"string","description":"The type of hardware accelerators associated with this node.","description_kind":"plain","required":true},"cidr_block":{"type":"string","description":"The CIDR block that the TPU node will use when selecting an IP\naddress. This CIDR block must be a /29 block; the Compute Engine\nnetworks API forbids a smaller block, and using a larger block would\nbe wasteful (a node can only consume one IP address).\n\nErrors will occur if the CIDR block has already been used for a\ncurrently existing TPU node, the CIDR block conflicts with any\nsubnetworks in the user's provided network, or the provided network\nis peered with another network that is using that CIDR block.","description_kind":"plain","optional":true,"computed":true},"description":{"type":"string","description":"The user-supplied description of the TPU. Maximum of 512 characters.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The immutable name of the TPU.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name of a network to peer the TPU node to. It must be a\npreexisting Compute Engine network inside of the project on which\nthis API has been activated. If none is provided, \"default\" will be\nused.","description_kind":"plain","optional":true,"computed":true},"network_endpoints":{"type":["list",["object",{"ip_address":"string","port":"number"}]],"description":"The network endpoints where TPU workers can be accessed and sent work.\nIt is recommended that Tensorflow clients of the node first reach out\nto the first (index 0) entry.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_account":{"type":"string","description":"The service account used to run the tensor flow services within the\nnode. To share resources, including Google Cloud Storage data, with\nthe Tensorflow job running in the Node, this account must have\npermissions to that data.","description_kind":"plain","computed":true},"tensorflow_version":{"type":"string","description":"The version of Tensorflow running in the Node.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"use_service_networking":{"type":"bool","description":"Whether the VPC peering for the node is set up through Service Networking API.\nThe VPC Peering should be set up before provisioning the node. If this field is set,\ncidr_block field should not be specified. If the network that you want to peer the\nTPU Node to is a Shared VPC network, the node must be created with this this field enabled.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"The GCP location for the TPU. If it is not provided, the provider zone is used.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"scheduling_config":{"nesting_mode":"list","block":{"attributes":{"preemptible":{"type":"bool","description":"Defines whether the TPU instance is preemptible.","description_kind":"plain","required":true}},"description":"Sets the scheduling options for this TPU instance.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_dataset":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the dataset was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The user-defined name of the Dataset. The name can be up to 128 characters long and can be consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Dataset. The schema is defined as an OpenAPI 3.0.2 Schema Object. The schema files that can be used here are found in gs://google-cloud-aiplatform/schema/dataset/metadata/.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name of the Dataset. This value is set by Google.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the dataset was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","optional":true}},"description":"Customer-managed encryption key spec for a Dataset. If set, this Dataset and all sub-resources of this Dataset will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_deployment_resource_pool":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"A timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The resource name of deployment resource pool. The maximum length is 63 characters, and valid characters are '/^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of deployment resource pool. eg us-central1","description_kind":"plain","optional":true}},"block_types":{"dedicated_resources":{"nesting_mode":"list","block":{"attributes":{"max_replica_count":{"type":"number","description":"The maximum number of replicas this DeployedModel may be deployed on when the traffic against it increases. If the requested value is too large, the deployment will error, but if deployment succeeds then the ability to scale the model to that many replicas is guaranteed (barring service outages). If traffic against the DeployedModel increases beyond what its replicas at maximum may handle, a portion of the traffic will be dropped. If this value is not provided, will use min_replica_count as the default value. The value of this field impacts the charge against Vertex CPU and GPU quotas. Specifically, you will be charged for max_replica_count * number of cores in the selected machine type) and (max_replica_count * number of GPUs per replica in the selected machine type).","description_kind":"plain","optional":true},"min_replica_count":{"type":"number","description":"The minimum number of machine replicas this DeployedModel will be always deployed on. This value must be greater than or equal to 1. If traffic against the DeployedModel increases, it may dynamically be deployed onto more replicas, and as traffic decreases, some of these extra replicas may be freed.","description_kind":"plain","required":true}},"block_types":{"autoscaling_metric_specs":{"nesting_mode":"list","block":{"attributes":{"metric_name":{"type":"string","description":"The resource metric name. Supported metrics: For Online Prediction: * 'aiplatform.googleapis.com/prediction/online/accelerator/duty_cycle' * 'aiplatform.googleapis.com/prediction/online/cpu/utilization'","description_kind":"plain","required":true},"target":{"type":"number","description":"The target resource utilization in percentage (1% - 100%) for the given metric; once the real usage deviates from the target by a certain percentage, the machine replicas change. The default value is 60 (representing 60%) if not provided.","description_kind":"plain","optional":true}},"description":"A list of the metric specifications that overrides a resource utilization metric.","description_kind":"plain"}},"machine_spec":{"nesting_mode":"list","block":{"attributes":{"accelerator_count":{"type":"number","description":"The number of accelerators to attach to the machine.","description_kind":"plain","optional":true},"accelerator_type":{"type":"string","description":"The type of accelerator(s) that may be attached to the machine as per accelerator_count. See possible values [here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/MachineSpec#AcceleratorType).","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"The type of the machine. See the [list of machine types supported for prediction](https://cloud.google.com/vertex-ai/docs/predictions/configure-compute#machine-types).","description_kind":"plain","optional":true}},"description":"The specification of a single machine used by the prediction","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"The underlying dedicated resources that the deployment resource pool uses.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was created.","description_kind":"plain","computed":true},"deployed_models":{"type":["list",["object",{"automatic_resources":["list",["object",{"max_replica_count":"number","min_replica_count":"number"}]],"create_time":"string","dedicated_resources":["list",["object",{"autoscaling_metric_specs":["list",["object",{"metric_name":"string","target":"number"}]],"machine_spec":["list",["object",{"accelerator_count":"number","accelerator_type":"string","machine_type":"string"}]],"max_replica_count":"number","min_replica_count":"number"}]],"display_name":"string","enable_access_logging":"bool","enable_container_logging":"bool","id":"string","model":"string","model_version_id":"string","private_endpoints":["list",["object",{"explain_http_uri":"string","health_http_uri":"string","predict_http_uri":"string","service_attachment":"string"}]],"service_account":"string","shared_resources":"string"}]],"description":"Output only. The models deployed in this Endpoint. To add or remove DeployedModels use EndpointService.DeployModel and EndpointService.UndeployModel respectively. Models can also be deployed and undeployed using the [Cloud Console](https://console.cloud.google.com/vertex-ai/).","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Endpoint.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"Required. The display name of the Endpoint. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates. If not set, a blind \"overwrite\" update happens.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Endpoints. Label keys and values can be no longer than 64 characters (Unicode codepoints), can only contain lowercase letters, numeric characters, underscores and dashes. International characters are allowed. See https://goo.gl/xmQnxf for more information and examples of labels.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"The location for the resource","description_kind":"plain","required":true},"model_deployment_monitoring_job":{"type":"string","description":"Output only. Resource name of the Model Monitoring job associated with this Endpoint if monitoring is enabled by CreateModelDeploymentMonitoringJob. Format: 'projects/{project}/locations/{location}/modelDeploymentMonitoringJobs/{model_deployment_monitoring_job}'","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Endpoint. The name must be numeric with no leading zeros and can be at most 10 digits.","description_kind":"plain","required":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the Endpoint should be peered. Private services access must already be configured for the network. If left unspecified, the Endpoint is not peered with any network. Only one of the fields, network or enable_private_service_connect, can be set. [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'. Where '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Timestamp when this Endpoint was last updated.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"Required. The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: 'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for an Endpoint. If set, this Endpoint and all sub-resources of this Endpoint will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature group. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Currently only supports 1 entity_id_column. If not provided defaults to entityId.","description_kind":"plain","optional":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"input_uri":{"type":"string","description":"BigQuery URI to a table, up to 2000 characters long. For example: 'bq://projectId.bqDatasetId.bqTableId.'","description_kind":"plain","required":true}},"description":"The BigQuery source URI that points to either a BigQuery Table or View.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Indicates that features for this group come from BigQuery Table/View. By default treats the source as a sparse time series source, which is required to have an entityId and a feature_timestamp column in the source.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_group_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the FeatureGroup was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the FeatureGroup.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_group":{"type":"string","description":"The name of the Feature Group.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your FeatureGroup.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Group Feature.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the feature group's region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the FeatureGroup was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"version_column_name":{"type":"string","description":"The name of the BigQuery Table/View column hosting data for this version. If no value is provided, will use featureId.","description_kind":"plain","optional":true,"computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the feature online store was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any FeatureViews and Features for this FeatureOnlineStore will also be deleted.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your feature online stores.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Feature Online Store. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of feature online store. eg us-central1","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"The state of the Feature Online Store. See the possible states in [this link](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featureOnlineStores#state).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the feature online store was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"bigtable":{"nesting_mode":"list","block":{"block_types":{"auto_scaling":{"nesting_mode":"list","block":{"attributes":{"cpu_utilization_target":{"type":"number","description":"A percentage of the cluster's CPU capacity. Can be from 10% to 80%. When a cluster's CPU utilization exceeds the target that you have set, Bigtable immediately adds nodes to the cluster. When CPU utilization is substantially lower than the target, Bigtable removes nodes. If not set will default to 50%.","description_kind":"plain","optional":true,"computed":true},"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than or equal to minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Autoscaling config applied to Bigtable Instance.","description_kind":"plain"},"min_items":1,"max_items":1}},"description":"Settings for Cloud Bigtable instance that will be created to serve featureValues for all FeatureViews under this FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_feature_online_store_featureview":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"feature_online_store":{"type":"string","description":"The name of the FeatureOnlineStore to use for the featureview.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this FeatureView.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the FeatureView. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region for the resource. It should be the same as the featureonlinestore region.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featureOnlinestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"big_query_source":{"nesting_mode":"list","block":{"attributes":{"entity_id_columns":{"type":["list","string"],"description":"Columns to construct entityId / row keys. Start by supporting 1 only.","description_kind":"plain","required":true},"uri":{"type":"string","description":"The BigQuery view URI that will be materialized on each sync trigger based on FeatureView.SyncConfig.","description_kind":"plain","required":true}},"description":"Configures how data is supposed to be extracted from a BigQuery source to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"feature_registry_source":{"nesting_mode":"list","block":{"block_types":{"feature_groups":{"nesting_mode":"list","block":{"attributes":{"feature_group_id":{"type":"string","description":"Identifier of the feature group.","description_kind":"plain","required":true},"feature_ids":{"type":["list","string"],"description":"Identifiers of features under the feature group.","description_kind":"plain","required":true}},"description":"List of features that need to be synced to Online Store.","description_kind":"plain"},"min_items":1}},"description":"Configures the features from a Feature Registry source that need to be loaded onto the FeatureOnlineStore.","description_kind":"plain"},"max_items":1},"sync_config":{"nesting_mode":"list","block":{"attributes":{"cron":{"type":"string","description":"Cron schedule (https://en.wikipedia.org/wiki/Cron) to launch scheduled runs.\nTo explicitly set a timezone to the cron tab, apply a prefix in the cron tab: \"CRON_TZ=${IANA_TIME_ZONE}\" or \"TZ=${IANA_TIME_ZONE}\".","description_kind":"plain","optional":true,"computed":true}},"description":"Configures when data is to be synced/updated for this FeatureView. At the end of the sync the latest featureValues for each entityId of this FeatureView are made ready for online serving.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"If set to true, any EntityTypes and Features for this Featurestore will also be deleted","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Featurestore.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the Featurestore. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the dataset. eg us-central1","description_kind":"plain","optional":true,"computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource. Has the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the compute resource is created.","description_kind":"plain","required":true}},"description":"If set, both of the online and offline data storage will be secured by this key.","description_kind":"plain"},"max_items":1},"online_serving_config":{"nesting_mode":"list","block":{"attributes":{"fixed_node_count":{"type":"number","description":"The number of nodes for each cluster. The number of nodes will not scale automatically but can be scaled manually by providing different values when updating.","description_kind":"plain","optional":true}},"block_types":{"scaling":{"nesting_mode":"list","block":{"attributes":{"max_node_count":{"type":"number","description":"The maximum number of nodes to scale up to. Must be greater than minNodeCount, and less than or equal to 10 times of 'minNodeCount'.","description_kind":"plain","required":true},"min_node_count":{"type":"number","description":"The minimum number of nodes to scale down to. Must be greater than or equal to 1.","description_kind":"plain","required":true}},"description":"Online serving scaling configuration. Only one of fixedNodeCount and scaling can be set. Setting one will reset the other.","description_kind":"plain"},"max_items":1}},"description":"Config for online serving resources.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the featurestore was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. Description of the EntityType.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"featurestore":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this EntityType.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the EntityType. This value may be up to 60 characters, and valid characters are [a-z0-9_]. The first character cannot be a number.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the EntityType.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the featurestore was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"monitoring_config":{"nesting_mode":"list","block":{"block_types":{"categorical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For categorical feature, the distribution distance is calculated by L-inifinity norm. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for categorical features of anomaly detection. This is shared by all types of Featurestore Monitoring for categorical features (i.e. Features with type (Feature.ValueType) BOOL or STRING).","description_kind":"plain"},"max_items":1},"import_features_analysis":{"nesting_mode":"list","block":{"attributes":{"anomaly_detection_baseline":{"type":"string","description":"Defines the baseline to do anomaly detection for feature values imported by each [entityTypes.importFeatureValues][] operation. The value must be one of the values below:\n* LATEST_STATS: Choose the later one statistics generated by either most recent snapshot analysis or previous import features analysis. If non of them exists, skip anomaly detection and only generate a statistics.\n* MOST_RECENT_SNAPSHOT_STATS: Use the statistics generated by the most recent snapshot analysis if exists.\n* PREVIOUS_IMPORT_FEATURES_STATS: Use the statistics generated by the previous import features analysis if exists.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Whether to enable / disable / inherite default hebavior for import features analysis. The value must be one of the values below:\n* DEFAULT: The default behavior of whether to enable the monitoring. EntityType-level config: disabled.\n* ENABLED: Explicitly enables import features analysis. EntityType-level config: by default enables import features analysis for all Features under it.\n* DISABLED: Explicitly disables import features analysis. EntityType-level config: by default disables import features analysis for all Features under it.","description_kind":"plain","optional":true}},"description":"The config for ImportFeatures Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1},"numerical_threshold_config":{"nesting_mode":"list","block":{"attributes":{"value":{"type":"number","description":"Specify a threshold value that can trigger the alert. For numerical feature, the distribution distance is calculated by Jensen–Shannon divergence. Each feature must have a non-zero threshold if they need to be monitored. Otherwise no alert will be triggered for that feature. The default value is 0.3.","description_kind":"plain","required":true}},"description":"Threshold for numerical features of anomaly detection. This is shared by all objectives of Featurestore Monitoring for numerical features (i.e. Features with type (Feature.ValueType) DOUBLE or INT64).","description_kind":"plain"},"max_items":1},"snapshot_analysis":{"nesting_mode":"list","block":{"attributes":{"disabled":{"type":"bool","description":"The monitoring schedule for snapshot analysis. For EntityType-level config: unset / disabled = true indicates disabled by default for Features under it; otherwise by default enable snapshot analysis monitoring with monitoringInterval for Features under it.","description_kind":"plain","optional":true},"monitoring_interval_days":{"type":"number","description":"Configuration of the snapshot analysis based monitoring pipeline running interval. The value indicates number of days. The default value is 1.\nIf both FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days and [FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval][] are set when creating/updating EntityTypes/Features, FeaturestoreMonitoringConfig.SnapshotAnalysis.monitoring_interval_days will be used.","description_kind":"plain","optional":true},"staleness_days":{"type":"number","description":"Customized export features time window for snapshot analysis. Unit is one day. The default value is 21 days. Minimum value is 1 day. Maximum value is 4000 days.","description_kind":"plain","optional":true}},"description":"The config for Snapshot Analysis Based Feature Monitoring.","description_kind":"plain"},"max_items":1}},"description":"The default monitoring configuration for all Features under this EntityType.\n\nIf this is populated with [FeaturestoreMonitoringConfig.monitoring_interval] specified, snapshot analysis monitoring is enabled. Otherwise, snapshot analysis monitoring is disabled.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_featurestore_entitytype_feature":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the entity type was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the feature.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entitytype":{"type":"string","description":"The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}/entityTypes/{entitytype}.","description_kind":"plain","required":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the feature.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the feature. The feature can be up to 64 characters long and can consist only of ASCII Latin letters A-Z and a-z, underscore(_), and ASCII digits 0-9 starting with a letter. The value will be unique given an entity type.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the feature","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp when the entity type was most recently updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"value_type":{"type":"string","description":"Type of Feature value. Immutable. https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.featurestores.entityTypes.features#ValueType","description_kind":"plain","required":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"metadata":{"nesting_mode":"list","block":{"attributes":{"contents_delta_uri":{"type":"string","description":"Allows inserting, updating or deleting the contents of the Matching Engine Index.\nThe string must be a valid Cloud Storage directory path. If this\nfield is set when calling IndexService.UpdateIndex, then no other\nIndex field can be also updated as part of the same call.\nThe expected structure and format of the files this URI points to is\ndescribed at https://cloud.google.com/vertex-ai/docs/matching-engine/using-matching-engine#input-data-format","description_kind":"plain","required":true},"is_complete_overwrite":{"type":"bool","description":"If this field is set together with contentsDeltaUri when calling IndexService.UpdateIndex,\nthen existing content of the Index will be replaced by the data from the contentsDeltaUri.","description_kind":"plain","optional":true}},"block_types":{"config":{"nesting_mode":"list","block":{"attributes":{"approximate_neighbors_count":{"type":"number","description":"The default number of neighbors to find via approximate search before exact reordering is\nperformed. Exact reordering is a procedure where results returned by an\napproximate search algorithm are reordered via a more expensive distance computation.\nRequired if tree-AH algorithm is used.","description_kind":"plain","optional":true},"dimensions":{"type":"number","description":"The number of dimensions of the input vectors.","description_kind":"plain","required":true},"distance_measure_type":{"type":"string","description":"The distance measure used in nearest neighbor search. The value must be one of the followings:\n* SQUARED_L2_DISTANCE: Euclidean (L_2) Distance\n* L1_DISTANCE: Manhattan (L_1) Distance\n* COSINE_DISTANCE: Cosine Distance. Defined as 1 - cosine similarity.\n* DOT_PRODUCT_DISTANCE: Dot Product Distance. Defined as a negative of the dot product","description_kind":"plain","optional":true},"feature_norm_type":{"type":"string","description":"Type of normalization to be carried out on each vector. The value must be one of the followings:\n* UNIT_L2_NORM: Unit L2 normalization type\n* NONE: No normalization type is specified.","description_kind":"plain","optional":true},"shard_size":{"type":"string","description":"Index data is split into equal parts to be processed. These are called \"shards\".\nThe shard size must be specified when creating an index. The value must be one of the followings:\n* SHARD_SIZE_SMALL: Small (2GB)\n* SHARD_SIZE_MEDIUM: Medium (20GB)\n* SHARD_SIZE_LARGE: Large (50GB)","description_kind":"plain","optional":true,"computed":true}},"block_types":{"algorithm_config":{"nesting_mode":"list","block":{"block_types":{"brute_force_config":{"nesting_mode":"list","block":{"description":"Configuration options for using brute force search, which simply implements the\nstandard linear search in the database for each query.","description_kind":"plain"},"max_items":1},"tree_ah_config":{"nesting_mode":"list","block":{"attributes":{"leaf_node_embedding_count":{"type":"number","description":"Number of embeddings on each leaf node. The default value is 1000 if not set.","description_kind":"plain","optional":true},"leaf_nodes_to_search_percent":{"type":"number","description":"The default percentage of leaf nodes that any query may be searched. Must be in\nrange 1-100, inclusive. The default value is 10 (means 10%) if not set.","description_kind":"plain","optional":true}},"description":"Configuration options for using the tree-AH algorithm (Shallow tree + Asymmetric Hashing).\nPlease refer to this paper for more details: https://arxiv.org/abs/1908.10396","description_kind":"plain"},"max_items":1}},"description":"The configuration with regard to the algorithms used for efficient search.","description_kind":"plain"},"max_items":1}},"description":"The configuration of the Matching Engine Index.","description_kind":"plain"},"max_items":1}},"description":"An additional information about the Index","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_index_endpoint":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The full name of the Google Compute Engine [network](https://cloud.google.com//compute/docs/networks-and-firewalls#networks) to which the index endpoint should be peered.\nPrivate services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.\n[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.\nWhere '{project}' is a project number, as in '12345', and '{network}' is network name.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"public_endpoint_domain_name":{"type":"string","description":"If publicEndpointEnabled is true, this field will be populated with the domain name to use for this index endpoint.","description_kind":"plain","computed":true},"public_endpoint_enabled":{"type":"bool","description":"If true, the deployed index will be accessible through public endpoint.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index endpoint. eg us-central1","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"private_service_connect_config":{"nesting_mode":"list","block":{"attributes":{"enable_private_service_connect":{"type":"bool","description":"If set to true, the IndexEndpoint is created without private service access.","description_kind":"plain","required":true},"project_allowlist":{"type":["list","string"],"description":"A list of Projects from which the forwarding rule will target the service attachment.","description_kind":"plain","optional":true}},"description":"Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vertex_ai_tensorboard":{"version":0,"block":{"attributes":{"blob_storage_path_prefix":{"type":"string","description":"Consumer project Cloud Storage path prefix used to store blob data, which can either be a bucket or directory. Does not end with a '/'.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The timestamp of when the Tensorboard was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of this Tensorboard.","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"User provided name of this Tensorboard.","description_kind":"plain","required":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Tensorboards.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Tensorboard.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the tensorboard. eg us-central1","description_kind":"plain","optional":true,"computed":true},"run_count":{"type":"string","description":"The number of Runs stored in this Tensorboard.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Tensorboard was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"block_types":{"encryption_spec":{"nesting_mode":"list","block":{"attributes":{"kms_key_name":{"type":"string","description":"The Cloud KMS resource identifier of the customer managed encryption key used to protect a resource.\nHas the form: projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key. The key needs to be in the same region as where the resource is created.","description_kind":"plain","required":true}},"description":"Customer-managed encryption key spec for a Tensorboard. If set, this Tensorboard and all sub-resources of this Tensorboard will be secured by this key.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nOnce the customer is created then corecount cannot be changed.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","required":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","optional":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","required":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"destination_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"external_address":{"type":"string","description":"The name of an 'ExternalAddress' resource.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain"},"min_items":1},"source_ip_ranges":{"nesting_mode":"list","block":{"attributes":{"ip_address":{"type":"string","description":"A single IP address.","description_kind":"plain","optional":true},"ip_address_range":{"type":"string","description":"An IP address range in the CIDR format.","description_kind":"plain","optional":true}},"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain"},"min_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","optional":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","required":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","optional":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","optional":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","required":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","optional":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","required":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"block_types":{"external_ip":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain"},"max_items":1},"internet_access":{"nesting_mode":"list","block":{"attributes":{"enabled":{"type":"bool","description":"True if the service is enabled; false otherwise.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the service. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true}},"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","optional":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"block_types":{"management_cluster":{"nesting_mode":"list","block":{"attributes":{"cluster_id":{"type":"string","description":"The user-provided identifier of the new Cluster. The identifier must meet the following requirements:\n * Only contains 1-63 alphanumeric characters and hyphens\n * Begins with an alphabetical character\n * Ends with a non-hyphen character\n * Not formatted as a UUID\n * Complies with RFC 1034 (https://datatracker.ietf.org/doc/html/rfc1034) (section 3.5)","description_kind":"plain","required":true}},"block_types":{"node_type_configs":{"nesting_mode":"set","block":{"attributes":{"custom_core_count":{"type":"number","description":"Customized number of cores available to each node of the type.\nThis number must always be one of 'nodeType.availableCustomCoreCounts'.\nIf zero is provided max value from 'nodeType.availableCustomCoreCounts' will be used.\nThis cannot be changed once the PrivateCloud is created.","description_kind":"plain","optional":true},"node_count":{"type":"number","description":"The number of nodes of this type in the cluster.","description_kind":"plain","required":true},"node_type_id":{"type":"string","description_kind":"plain","required":true}},"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain"}},"stretched_cluster_config":{"nesting_mode":"list","block":{"attributes":{"preferred_location":{"type":"string","description":"Zone that will remain operational when connection between the two zones is lost.","description_kind":"plain","optional":true},"secondary_location":{"type":"string","description":"Additional zone for a higher level of availability and load balancing.","description_kind":"plain","optional":true}},"description":"The stretched cluster configuration for the private cloud.","description_kind":"plain"},"max_items":1}},"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain"},"min_items":1,"max_items":1},"network_config":{"nesting_mode":"list","block":{"attributes":{"dns_server_ip":{"type":"string","description":"DNS Server IP of the Private Cloud.","description_kind":"plain","computed":true},"management_cidr":{"type":"string","description":"Management CIDR used by VMware management appliances.","description_kind":"plain","required":true},"management_ip_address_layout_version":{"type":"number","description":"The IP address layout version of the management IP address range.\nPossible versions include:\n* managementIpAddressLayoutVersion=1: Indicates the legacy IP address layout used by some existing private clouds. This is no longer supported for new private clouds\nas it does not support all features.\n* managementIpAddressLayoutVersion=2: Indicates the latest IP address layout\nused by all newly created private clouds. This version supports all current features.","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network attached to the private cloud.\nSpecify the name in the following form: projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}\nwhere {project} can either be a project number or a project ID.","description_kind":"plain","optional":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in\nthe form: projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain"},"min_items":1,"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","optional":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","optional":true,"computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of\nmax_throughput is discouraged in favor of max_instances.","description_kind":"plain","optional":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","optional":true,"computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and\nmin_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true}},"block_types":{"subnet":{"nesting_mode":"list","block":{"attributes":{"name":{"type":"string","description":"Subnet name (relative, not fully qualified). E.g. if the full subnet selfLink is\nhttps://compute.googleapis.com/compute/v1/projects/{project}/regions/{region}/subnetworks/{subnetName} the correct input for this field would be {subnetName}\"","description_kind":"plain","optional":true},"project_id":{"type":"string","description":"Project in which the subnet exists. If not set, this project is assumed to be the project for which the connector create request was issued.","description_kind":"plain","optional":true,"computed":true}},"description":"The subnet in which to house the connector","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Output only. Email address of entity that sent original CreateInstance request.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the Workbench Instance. Set this field to 'ACTIVE' to start the Instance, and 'STOPPED' to stop the Instance.","description_kind":"plain","optional":true},"disable_proxy_access":{"type":"bool","description":"Optional. If true, the workbench instance will not register with the proxy.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"health_info":{"type":["list",["object",{}]],"description":"'Output only. Additional information about instance health. Example:\nhealthInfo\": { \"docker_proxy_agent_status\": \"1\", \"docker_status\": \"1\", \"jupyterlab_api_status\":\n\"-1\", \"jupyterlab_status\": \"-1\", \"updated\": \"2020-10-18 09:40:03.573409\" }'","description_kind":"plain","computed":true},"health_state":{"type":"string","description":"Output only. Instance health_state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"Required. User-defined unique ID of this instance.","description_kind":"plain","optional":true},"instance_owners":{"type":["list","string"],"description":"'Optional. Input only. The owner of this instance after creation. Format:\n'alias@example.com' Currently supports one owner only. If not specified, all of\nthe service account users of your VM instance''s service account can use the instance.'","description_kind":"plain","optional":true},"labels":{"type":["map","string"],"description":"Optional. Labels to apply to this instance. These can be later modified\nby the UpdateInstance method.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of this workbench instance. Format: 'projects/{project_id}/locations/{location}/instances/{instance_id}'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"proxy_uri":{"type":"string","description":"Output only. The proxy endpoint that is used to access the Jupyter notebook.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. The state of this instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"An RFC3339 timestamp in UTC time. This in the format of yyyy-MM-ddTHH:mm:ss.SSSZ.\nThe milliseconds portion (\".SSS\") is optional.","description_kind":"plain","computed":true},"upgrade_history":{"type":["list",["object",{"action":"string","container_image":"string","create_time":"string","framework":"string","snapshot":"string","state":"string","target_version":"string","version":"string","vm_image":"string"}]],"description":"Output only. The upgrade history of this instance.","description_kind":"plain","computed":true}},"block_types":{"gce_setup":{"nesting_mode":"list","block":{"attributes":{"disable_public_ip":{"type":"bool","description":"Optional. If true, no external IP will be assigned to this VM instance.","description_kind":"plain","optional":true,"computed":true},"enable_ip_forwarding":{"type":"bool","description":"Optional. Flag to enable ip forwarding or not, default false/off.\nhttps://cloud.google.com/vpc/docs/using-routes#canipforward","description_kind":"plain","optional":true},"machine_type":{"type":"string","description":"Optional. The machine type of the VM instance. https://cloud.google.com/compute/docs/machine-resource","description_kind":"plain","optional":true,"computed":true},"metadata":{"type":["map","string"],"description":"Optional. Custom metadata to apply to this instance.","description_kind":"plain","optional":true,"computed":true},"tags":{"type":["list","string"],"description":"Optional. The Compute Engine tags to add to instance (see [Tagging\ninstances](https://cloud.google.com/compute/docs/label-or-tag-resources#tags)).","description_kind":"plain","optional":true,"computed":true}},"block_types":{"accelerator_configs":{"nesting_mode":"list","block":{"attributes":{"core_count":{"type":"string","description":"Optional. Count of cores of this accelerator.","description_kind":"plain","optional":true},"type":{"type":"string","description":"Optional. Type of this accelerator. Possible values: [\"NVIDIA_TESLA_P100\", \"NVIDIA_TESLA_V100\", \"NVIDIA_TESLA_P4\", \"NVIDIA_TESLA_T4\", \"NVIDIA_TESLA_A100\", \"NVIDIA_A100_80GB\", \"NVIDIA_L4\", \"NVIDIA_TESLA_T4_VWS\", \"NVIDIA_TESLA_P100_VWS\", \"NVIDIA_TESLA_P4_VWS\"]","description_kind":"plain","optional":true}},"description":"The hardware accelerators used on this instance. If you use accelerators, make sure that your configuration has\n[enough vCPUs and memory to support the 'machine_type' you have selected](https://cloud.google.com/compute/docs/gpus/#gpus-list).\nCurrently supports only one accelerator configuration.","description_kind":"plain"}},"boot_disk":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot and\ndata disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the boot disk in GB attached to this instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to the\nrecommended value of 150GB.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true,"computed":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks, only\napplicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"The definition of a boot disk.","description_kind":"plain"},"max_items":1},"container_image":{"nesting_mode":"list","block":{"attributes":{"repository":{"type":"string","description":"The path to the container image repository.\nFor example: gcr.io/{project_id}/{imageName}","description_kind":"plain","required":true},"tag":{"type":"string","description":"The tag of the container image. If not specified, this defaults to the latest tag.","description_kind":"plain","optional":true}},"description":"Use a container image to start the workbench instance.","description_kind":"plain"},"max_items":1},"data_disks":{"nesting_mode":"list","block":{"attributes":{"disk_encryption":{"type":"string","description":"Optional. Input only. Disk encryption method used on the boot\nand data disks, defaults to GMEK. Possible values: [\"GMEK\", \"CMEK\"]","description_kind":"plain","optional":true,"computed":true},"disk_size_gb":{"type":"string","description":"Optional. The size of the disk in GB attached to this VM instance,\nup to a maximum of 64000 GB (64 TB). If not specified, this defaults to\n100.","description_kind":"plain","optional":true,"computed":true},"disk_type":{"type":"string","description":"Optional. Input only. Indicates the type of the disk. Possible values: [\"PD_STANDARD\", \"PD_SSD\", \"PD_BALANCED\", \"PD_EXTREME\"]","description_kind":"plain","optional":true},"kms_key":{"type":"string","description":"'Optional. The KMS key used to encrypt the disks,\nonly applicable if disk_encryption is CMEK. Format: 'projects/{project_id}/locations/{location}/keyRings/{key_ring_id}/cryptoKeys/{key_id}'\nLearn more about using your own encryption keys.'","description_kind":"plain","optional":true}},"description":"Data disks attached to the VM instance. Currently supports only one data disk.","description_kind":"plain"},"max_items":1},"network_interfaces":{"nesting_mode":"list","block":{"attributes":{"network":{"type":"string","description":"Optional. The name of the VPC that this VM instance is in.","description_kind":"plain","optional":true,"computed":true},"nic_type":{"type":"string","description":"Optional. The type of vNIC to be used on this interface. This\nmay be gVNIC or VirtioNet. Possible values: [\"VIRTIO_NET\", \"GVNIC\"]","description_kind":"plain","optional":true},"subnet":{"type":"string","description":"Optional. The name of the subnet that this VM instance is in.","description_kind":"plain","optional":true,"computed":true}},"description":"The network interfaces for the VM. Supports only one interface.","description_kind":"plain"}},"service_accounts":{"nesting_mode":"list","block":{"attributes":{"email":{"type":"string","description":"Optional. Email address of the service account.","description_kind":"plain","optional":true,"computed":true},"scopes":{"type":["list","string"],"description":"Output only. The list of scopes to be made available for this\nservice account. Set by the CLH to https://www.googleapis.com/auth/cloud-platform","description_kind":"plain","computed":true}},"description":"The service account that serves as an identity for the VM instance. Currently supports only one service account.","description_kind":"plain"}},"shielded_instance_config":{"nesting_mode":"list","block":{"attributes":{"enable_integrity_monitoring":{"type":"bool","description":"Optional. Defines whether the VM instance has integrity monitoring\nenabled. Enables monitoring and attestation of the boot integrity of the VM\ninstance. The attestation is performed against the integrity policy baseline.\nThis baseline is initially derived from the implicitly trusted boot image\nwhen the VM instance is created. Enabled by default.","description_kind":"plain","optional":true},"enable_secure_boot":{"type":"bool","description":"Optional. Defines whether the VM instance has Secure Boot enabled.\nSecure Boot helps ensure that the system only runs authentic software by verifying\nthe digital signature of all boot components, and halting the boot process\nif signature verification fails. Disabled by default.","description_kind":"plain","optional":true},"enable_vtpm":{"type":"bool","description":"Optional. Defines whether the VM instance has the vTPM enabled.\nEnabled by default.","description_kind":"plain","optional":true}},"description":"A set of Shielded Instance options. See [Images using supported Shielded\nVM features](https://cloud.google.com/compute/docs/instances/modifying-shielded-vm).\nNot all combinations are valid.","description_kind":"plain"},"max_items":1},"vm_image":{"nesting_mode":"list","block":{"attributes":{"family":{"type":"string","description":"Optional. Use this VM image family to find the image; the newest\nimage in this family will be used.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Optional. Use VM image name to find the image.","description_kind":"plain","optional":true},"project":{"type":"string","description":"The name of the Google Cloud project that this VM image belongs to.\nFormat: {project_id}","description_kind":"plain","optional":true}},"description":"Definition of a custom Compute Engine virtual machine image for starting\na workbench instance with the environment installed directly on the VM.","description_kind":"plain"},"max_items":1}},"description":"The definition of how to configure a VM instance outside of Resources and Identity.","description_kind":"plain"},"max_items":1},"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_workbench_instance_iam_binding":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"members":{"type":["set","string"],"description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_member":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_workflows_workflow":{"version":1,"block":{"attributes":{"call_log_level":{"type":"string","description":"Describes the level of platform logging to apply to calls and call responses during\nexecutions of this workflow. If both the workflow and the execution specify a logging level,\nthe execution level takes precedence. Possible values: [\"CALL_LOG_LEVEL_UNSPECIFIED\", \"LOG_ALL_CALLS\", \"LOG_ERRORS_ONLY\", \"LOG_NONE\"]","description_kind":"plain","optional":true},"create_time":{"type":"string","description":"The timestamp of when the workflow was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"crypto_key_name":{"type":"string","description":"The KMS key used to encrypt workflow and execution data.\n\nFormat: projects/{project}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKey}","description_kind":"plain","optional":true},"description":{"type":"string","description":"Description of the workflow provided by the user. Must be at most 1000 unicode characters long.","description_kind":"plain","optional":true,"computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Workflow.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Workflow.","description_kind":"plain","optional":true,"computed":true},"name_prefix":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"The region of the workflow.","description_kind":"plain","optional":true},"revision_id":{"type":"string","description":"The revision of the workflow. A new one is generated if the service account or source contents is changed.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"Name of the service account associated with the latest workflow version. This service\naccount represents the identity of the workflow and determines what permissions the workflow has.\nFormat: projects/{project}/serviceAccounts/{account} or {account}.\nUsing - as a wildcard for the {project} or not providing one at all will infer the project from the account.\nThe {account} value can be the email address or the unique_id of the service account.\nIf not provided, workflow will use the project's default service account.\nModifying this field for an existing workflow results in a new workflow revision.","description_kind":"plain","optional":true,"computed":true},"source_contents":{"type":"string","description":"Workflow code to be executed. The size limit is 128KB.","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the workflow deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the workflow was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"user_env_vars":{"type":["map","string"],"description":"User-defined environment variables associated with this workflow revision. This map has a maximum length of 20. Each string can take up to 4KiB. Keys cannot be empty strings and cannot start with “GOOGLE” or “WORKFLOWS\".","description_kind":"plain","optional":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"create":{"type":"string","description_kind":"plain","optional":true},"delete":{"type":"string","description_kind":"plain","optional":true},"update":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}}},"data_source_schemas":{"google_access_approval_folder_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"folder_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_access_approval_organization_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_approval_project_service_account":{"version":0,"block":{"attributes":{"account_email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_access_context_manager_access_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_active_folder":{"version":0,"block":{"attributes":{"api_method":{"type":"string","description":"Provides the REST method through which to find the folder. LIST is recommended as it is strongly consistent.","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_alloydb_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list",["object",{"display_name":"string","labels":["map","string"],"location_id":"string","metadata":["map","string"],"name":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_alloydb_supported_database_flags":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The canonical id for the location. For example: \"us-east1\".","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project.","description_kind":"plain","optional":true},"supported_database_flags":{"type":["list",["object",{"accepts_multiple_values":"bool","flag_name":"string","integer_restrictions":["list",["object",{"max_value":"string","min_value":"string"}]],"name":"string","requires_db_restart":"bool","string_restrictions":["list",["object",{"allowed_values":["list","string"]}]],"supported_db_versions":["list","string"],"value_type":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apigee_environment_iam_policy":{"version":0,"block":{"attributes":{"env_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_app_engine_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_application":{"version":0,"block":{"attributes":{"application_id":{"type":"string","description":"Required. The Application identifier.","description_kind":"plain","required":true},"attributes":{"type":["list",["object",{"business_owners":["list",["object",{"display_name":"string","email":"string"}]],"criticality":["list",["object",{"type":"string"}]],"developer_owners":["list",["object",{"display_name":"string","email":"string"}]],"environment":["list",["object",{"type":"string"}]],"operator_owners":["list",["object",{"display_name":"string","email":"string"}]]}]],"description":"Consumer provided attributes.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Output only. Create time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Optional. User-defined description of an Application.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"Optional. User-defined name for the Application.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"Part of 'parent'. See documentation of 'projectsId'.","description_kind":"plain","required":true},"name":{"type":"string","description":"Identifier. The resource name of an Application. Format:\n\"projects/{host-project-id}/locations/{location}/applications/{application-id}\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"scope":{"type":["list",["object",{"type":"string"}]],"description":"Scope of an application.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Output only. Application state. \n Possible values:\n STATE_UNSPECIFIED\nCREATING\nACTIVE\nDELETING","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Output only. A universally unique identifier (in UUID4 format) for the 'Application'.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Output only. Update time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_apphub_discovered_service":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"service_reference":{"type":["list",["object",{"path":"string","uri":"string"}]],"description_kind":"plain","computed":true},"service_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_apphub_discovered_workload":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"workload_properties":{"type":["list",["object",{"gcp_project":"string","location":"string","zone":"string"}]],"description_kind":"plain","computed":true},"workload_reference":{"type":["list",["object",{"uri":"string"}]],"description_kind":"plain","computed":true},"workload_uri":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_artifact_registry_repository":{"version":0,"block":{"attributes":{"cleanup_policies":{"type":["set",["object",{"action":"string","condition":["list",["object",{"newer_than":"string","older_than":"string","package_name_prefixes":["list","string"],"tag_prefixes":["list","string"],"tag_state":"string","version_name_prefixes":["list","string"]}]],"id":"string","most_recent_versions":["list",["object",{"keep_count":"number","package_name_prefixes":["list","string"]}]]}]],"description":"Cleanup policies for this repository. Cleanup policies indicate when\ncertain package versions can be automatically deleted.\nMap keys are policy IDs supplied by users during policy creation. They must\nunique within a repository and be under 128 characters in length.","description_kind":"plain","computed":true},"cleanup_policy_dry_run":{"type":"bool","description":"If true, the cleanup pipeline is prevented from deleting versions in this\nrepository.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time when the repository was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The user-provided description of the repository.","description_kind":"plain","computed":true},"docker_config":{"type":["list",["object",{"immutable_tags":"bool"}]],"description":"Docker repository config contains repository level configuration for the repositories of docker type.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"format":{"type":"string","description":"The format of packages that are stored in the repository. Supported formats\ncan be found [here](https://cloud.google.com/artifact-registry/docs/supported-formats).\nYou can only create alpha formats if you are a member of the\n[alpha user group](https://cloud.google.com/artifact-registry/docs/supported-formats#alpha-access).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The Cloud KMS resource name of the customer managed encryption key that’s\nused to encrypt the contents of the Repository. Has the form:\n'projects/my-project/locations/my-region/keyRings/my-kr/cryptoKeys/my-key'.\nThis value may not be changed after the Repository has been created.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\nThis field may contain up to 64 entries. Label keys and values may be no\nlonger than 63 characters. Label keys must begin with a lowercase letter\nand may only contain lowercase letters, numeric characters, underscores,\nand dashes.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location this repository is located in.","description_kind":"plain","required":true},"maven_config":{"type":["list",["object",{"allow_snapshot_overwrites":"bool","version_policy":"string"}]],"description":"MavenRepositoryConfig is maven related repository details.\nProvides additional configuration details for repositories of the maven\nformat type.","description_kind":"plain","computed":true},"mode":{"type":"string","description":"The mode configures the repository to serve artifacts from different sources. Default value: \"STANDARD_REPOSITORY\" Possible values: [\"STANDARD_REPOSITORY\", \"VIRTUAL_REPOSITORY\", \"REMOTE_REPOSITORY\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the repository, for example:\n\"repo1\"","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"remote_repository_config":{"type":["list",["object",{"apt_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]],"description":"string","disable_upstream_validation":"bool","docker_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"maven_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"npm_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"python_repository":["list",["object",{"custom_repository":["list",["object",{"uri":"string"}]],"public_repository":"string"}]],"upstream_credentials":["list",["object",{"username_password_credentials":["list",["object",{"password_secret_version":"string","username":"string"}]]}]],"yum_repository":["list",["object",{"public_repository":["list",["object",{"repository_base":"string","repository_path":"string"}]]}]]}]],"description":"Configuration specific for a Remote Repository.","description_kind":"plain","computed":true},"repository_id":{"type":"string","description":"The last part of the repository name, for example:\n\"repo1\"","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time when the repository was last updated.","description_kind":"plain","computed":true},"virtual_repository_config":{"type":["list",["object",{"upstream_policies":["list",["object",{"id":"string","priority":"number","repository":"string"}]]}]],"description":"Configuration specific for a Virtual Repository.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_artifact_registry_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_beyondcorp_app_connection":{"version":0,"block":{"attributes":{"application_endpoint":{"type":["list",["object",{"host":"string","port":"number"}]],"description":"Address of the remote application endpoint for the BeyondCorp AppConnection.","description_kind":"plain","computed":true},"connectors":{"type":["list","string"],"description":"List of AppConnectors that are authorised to be associated with this AppConnection","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnection.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gateway":{"type":["list",["object",{"app_gateway":"string","ingress_port":"number","type":"string","uri":"string"}]],"description":"Gateway used by the AppConnection.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnection.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnection.","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppConnection. Refer to\nhttps://cloud.google.com/beyondcorp/docs/reference/rest/v1/projects.locations.appConnections#type\nfor a list of possible values.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_connector":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppConnector.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppConnector.","description_kind":"plain","required":true},"principal_info":{"type":["list",["object",{"service_account":["list",["object",{"email":"string"}]]}]],"description":"Principal information about the Identity of the AppConnector.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppConnector.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppConnector.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_beyondcorp_app_gateway":{"version":1,"block":{"attributes":{"allocated_connections":{"type":["list",["object",{"ingress_port":"number","psc_uri":"string"}]],"description":"A list of connections allocated for the Gateway.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary user-provided name for the AppGateway.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host_type":{"type":"string","description":"The type of hosting used by the AppGateway. Default value: \"HOST_TYPE_UNSPECIFIED\" Possible values: [\"HOST_TYPE_UNSPECIFIED\", \"GCP_REGIONAL_MIG\"]","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"ID of the AppGateway.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the AppGateway.","description_kind":"plain","optional":true},"state":{"type":"string","description":"Represents the different states of a AppGateway.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of network connectivity used by the AppGateway. Default value: \"TYPE_UNSPECIFIED\" Possible values: [\"TYPE_UNSPECIFIED\", \"TCP_PROXY\"]","description_kind":"plain","computed":true},"uri":{"type":"string","description":"Server-defined URI for this resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_data_exchange_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_analytics_hub_listing_iam_policy":{"version":0,"block":{"attributes":{"data_exchange_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"listing_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_connection_iam_policy":{"version":0,"block":{"attributes":{"connection_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_datapolicy_data_policy_iam_policy":{"version":0,"block":{"attributes":{"data_policy_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_dataset":{"version":0,"block":{"attributes":{"access":{"type":["set",["object",{"dataset":["list",["object",{"dataset":["list",["object",{"dataset_id":"string","project_id":"string"}]],"target_types":["list","string"]}]],"domain":"string","group_by_email":"string","iam_member":"string","role":"string","routine":["list",["object",{"dataset_id":"string","project_id":"string","routine_id":"string"}]],"special_group":"string","user_by_email":"string","view":["list",["object",{"dataset_id":"string","project_id":"string","table_id":"string"}]]}]],"description":"An array of objects that define dataset access for one or more entities.","description_kind":"plain","computed":true},"creation_time":{"type":"number","description":"The time when this dataset was created, in milliseconds since the\nepoch.","description_kind":"plain","computed":true},"dataset_id":{"type":"string","description":"A unique ID for this dataset, without the project name. The ID\nmust contain only letters (a-z, A-Z), numbers (0-9), or\nunderscores (_). The maximum length is 1,024 characters.","description_kind":"plain","required":true},"default_collation":{"type":"string","description":"Defines the default collation specification of future tables created\nin the dataset. If a table is created in this dataset without table-level\ndefault collation, then the table inherits the dataset default collation,\nwhich is applied to the string fields that do not have explicit collation\nspecified. A change to this field affects only tables created afterwards,\nand does not alter the existing tables.\n\nThe following values are supported:\n- 'und:ci': undetermined locale, case insensitive.\n- '': empty string. Default to case-sensitive behavior.","description_kind":"plain","computed":true},"default_encryption_configuration":{"type":["list",["object",{"kms_key_name":"string"}]],"description":"The default encryption key for all tables in the dataset. Once this property is set,\nall newly-created partitioned tables in the dataset will have encryption key set to\nthis value, unless table creation request (or query) overrides the key.","description_kind":"plain","computed":true},"default_partition_expiration_ms":{"type":"number","description":"The default partition expiration for all partitioned tables in\nthe dataset, in milliseconds.\n\n\nOnce this property is set, all newly-created partitioned tables in\nthe dataset will have an 'expirationMs' property in the 'timePartitioning'\nsettings set to this value, and changing the value will only\naffect new tables, not existing ones. The storage in a partition will\nhave an expiration time of its partition time plus this value.\nSetting this property overrides the use of 'defaultTableExpirationMs'\nfor partitioned tables: only one of 'defaultTableExpirationMs' and\n'defaultPartitionExpirationMs' will be used for any new partitioned\ntable. If you provide an explicit 'timePartitioning.expirationMs' when\ncreating or updating a partitioned table, that value takes precedence\nover the default partition expiration time indicated by this property.","description_kind":"plain","computed":true},"default_table_expiration_ms":{"type":"number","description":"The default lifetime of all tables in the dataset, in milliseconds.\nThe minimum value is 3600000 milliseconds (one hour).\n\n\nOnce this property is set, all newly-created tables in the dataset\nwill have an 'expirationTime' property set to the creation time plus\nthe value in this property, and changing the value will only affect\nnew tables, not existing ones. When the 'expirationTime' for a given\ntable is reached, that table will be deleted automatically.\nIf a table's 'expirationTime' is modified or removed before the\ntable expires, or if you provide an explicit 'expirationTime' when\ncreating a table, that value takes precedence over the default\nexpiration time indicated by this property.","description_kind":"plain","computed":true},"delete_contents_on_destroy":{"type":"bool","description":"If set to 'true', delete all the tables in the\ndataset when destroying the resource; otherwise,\ndestroying the resource will fail if tables are present.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A user-friendly description of the dataset","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A hash of the resource.","description_kind":"plain","computed":true},"external_dataset_reference":{"type":["list",["object",{"connection":"string","external_source":"string"}]],"description":"Information about the external metadata storage where the dataset is defined.","description_kind":"plain","computed":true},"friendly_name":{"type":"string","description":"A descriptive name for the dataset","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_case_insensitive":{"type":"bool","description":"TRUE if the dataset and its table names are case-insensitive, otherwise FALSE.\nBy default, this is FALSE, which means the dataset and its table names are\ncase-sensitive. This field does not affect routine references.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels associated with this dataset. You can use these to\norganize and group your datasets.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modified_time":{"type":"number","description":"The date when this dataset or any of its tables was last modified, in\nmilliseconds since the epoch.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The geographic location where the dataset should reside.\nSee [official docs](https://cloud.google.com/bigquery/docs/dataset-locations).\n\n\nThere are two types of locations, regional or multi-regional. A regional\nlocation is a specific geographic place, such as Tokyo, and a multi-regional\nlocation is a large geographic area, such as the United States, that\ncontains at least two geographic places.\n\n\nThe default value is multi-regional location 'US'.\nChanging this forces a new resource to be created.","description_kind":"plain","computed":true},"max_time_travel_hours":{"type":"string","description":"Defines the time travel window in hours. The value can be from 48 to 168 hours (2 to 7 days).","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"storage_billing_model":{"type":"string","description":"Specifies the storage billing model for the dataset.\nSet this flag value to LOGICAL to use logical bytes for storage billing,\nor to PHYSICAL to use physical bytes instead.\n\nLOGICAL is the default if this flag isn't specified.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_bigquery_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_default_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigquery_table_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_bigtable_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_bigtable_table_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"table":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_billing_account":{"version":0,"block":{"attributes":{"billing_account":{"type":"string","description_kind":"plain","optional":true},"display_name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lookup_projects":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"open":{"type":"bool","description_kind":"plain","optional":true,"computed":true},"project_ids":{"type":["set","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_billing_account_iam_policy":{"version":0,"block":{"attributes":{"billing_account_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_binary_authorization_attestor_iam_policy":{"version":0,"block":{"attributes":{"attestor":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_certificate_manager_certificate_map":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"A human-readable description of the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gclb_targets":{"type":["list",["object",{"ip_configs":["list",["object",{"ip_address":"string","ports":["list","number"]}]],"target_https_proxy":"string","target_ssl_proxy":"string"}]],"description":"A list of target proxies that use this Certificate Map","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Set of labels associated with a Certificate Map resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the Certificate Map. Certificate Map names must be unique\nglobally and match the pattern 'projects/*/locations/*/certificateMaps/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Update timestamp of a Certificate Map. Timestamp is in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds with up to nine fractional digits.\nExamples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_client_config":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description":"The OAuth2 access token used by the client to authenticate against the Google Cloud API.","description_kind":"markdown","computed":true,"sensitive":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. It is created in a projects/{{project}}/regions/{{region}}/zones/{{zone}} format and is NOT used by the data source in requests to Google APIs.","description_kind":"markdown","computed":true},"project":{"type":"string","description":"The ID of the project to apply any resources to.","description_kind":"markdown","computed":true},"region":{"type":"string","description":"The region to operate under.","description_kind":"markdown","computed":true},"zone":{"type":"string","description":"The zone to operate under.","description_kind":"markdown","computed":true}},"description":"Use this data source to access the configuration of the Google Cloud provider.","description_kind":"markdown"}},"google_client_openid_userinfo":{"version":0,"block":{"attributes":{"email":{"type":"string","description":"The email of the account used by the provider to authenticate with GCP.","description_kind":"markdown","computed":true},"id":{"type":"string","description":"The ID of this data source in Terraform state. Its value is the same as the `email` attribute. Do not use this field, use the `email` attribute instead.","description_kind":"markdown","computed":true}},"description":"Get OpenID userinfo about the credentials used with the Google provider, specifically the email.\nThis datasource enables you to export the email of the account you've authenticated the provider with; this can be used alongside data.google_client_config's access_token to perform OpenID Connect authentication with GKE and configure an RBAC role for the email used.\n\n~\u003e This resource will only work as expected if the provider is configured to use the https://www.googleapis.com/auth/userinfo.email scope! You will receive an error otherwise. The provider uses this scope by default.","description_kind":"markdown"}},"google_cloud_identity_group_lookup":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"The [resource name](https://cloud.google.com/apis/design/resource_names) of the looked-up Group.","description_kind":"plain","computed":true}},"block_types":{"group_key":{"nesting_mode":"list","block":{"attributes":{"id":{"type":"string","description":"The ID of the entity. For Google-managed entities, the id should be the email address of an existing group or user.\nFor external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.\nMust be unique within a namespace.","description_kind":"plain","required":true},"namespace":{"type":"string","description":"The namespace in which the entity exists. If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.\nIf specified, the EntityKey represents an external-identity-mapped group. The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source}.","description_kind":"plain","optional":true}},"description":"The EntityKey of the Group to lookup. A unique identifier for an entity in the Cloud Identity Groups API.\nAn entity can represent either a group with an optional namespace or a user without a namespace.\nThe combination of id and namespace must be unique; however, the same id can be used with different namespaces.","description_kind":"plain"},"min_items":1,"max_items":1}},"description_kind":"plain"}},"google_cloud_identity_group_memberships":{"version":0,"block":{"attributes":{"group":{"type":"string","description":"The name of the Group to get memberships from.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"memberships":{"type":["list",["object",{"create_time":"string","group":"string","name":"string","preferred_member_key":["list",["object",{"id":"string","namespace":"string"}]],"roles":["set",["object",{"expiry_detail":["list",["object",{"expire_time":"string"}]],"name":"string"}]],"type":"string","update_time":"string"}]],"description":"List of Cloud Identity group memberships.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_identity_groups":{"version":0,"block":{"attributes":{"groups":{"type":["list",["object",{"additional_group_keys":["list",["object",{"id":"string","namespace":"string"}]],"create_time":"string","description":"string","display_name":"string","group_key":["list",["object",{"id":"string","namespace":"string"}]],"initial_group_config":"string","labels":["map","string"],"name":"string","parent":"string","update_time":"string"}]],"description":"List of Cloud Identity groups.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the entity under which this Group resides in the\nCloud Identity resource hierarchy.\n\nMust be of the form identitysources/{identity_source_id} for external-identity-mapped\ngroups or customers/{customer_id} for Google Groups.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_info":{"version":0,"block":{"attributes":{"container_type":{"type":"string","description_kind":"plain","computed":true},"dimensions":{"type":["list","string"],"description_kind":"plain","computed":true},"dimensions_infos":{"type":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"is_concurrent":{"type":"bool","description_kind":"plain","computed":true},"is_fixed":{"type":"bool","description_kind":"plain","computed":true},"is_precise":{"type":"bool","description_kind":"plain","computed":true},"metric":{"type":"string","description_kind":"plain","computed":true},"metric_display_name":{"type":"string","description_kind":"plain","computed":true},"metric_unit":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_display_name":{"type":"string","description_kind":"plain","computed":true},"quota_id":{"type":"string","description_kind":"plain","required":true},"quota_increase_eligibility":{"type":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"description_kind":"plain","computed":true},"refresh_interval":{"type":"string","description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true},"service_request_quota_uri":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_quotas_quota_infos":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"quota_infos":{"type":["list",["object",{"container_type":"string","dimensions":["list","string"],"dimensions_infos":["list",["object",{"applicable_locations":["list","string"],"details":["list",["object",{"value":"string"}]],"dimensions":["map","string"]}]],"is_concurrent":"bool","is_fixed":"bool","is_precise":"bool","metric":"string","metric_display_name":"string","metric_unit":"string","name":"string","quota_display_name":"string","quota_id":"string","quota_increase_eligibility":["list",["object",{"ineligibility_reason":"string","is_eligible":"bool"}]],"refresh_interval":"string","service":"string","service_request_quota_uri":"string"}]],"description_kind":"plain","computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_locations":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"locations":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_service":{"version":2,"block":{"attributes":{"autogenerate_revision_name":{"type":"bool","description":"If set to 'true', the revision name (template.metadata.name) will be omitted and\nautogenerated by Cloud Run. This cannot be set to 'true' while 'template.metadata.name'\nis also set.\n(For legacy support, if 'template.metadata.name' is unset in state while\nthis field is set to false, the revision name will still autogenerate.)","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the cloud run instance. eg us-central1","description_kind":"plain","required":true},"metadata":{"type":["list",["object",{"annotations":["map","string"],"effective_annotations":["map","string"],"effective_labels":["map","string"],"generation":"number","labels":["map","string"],"namespace":"string","resource_version":"string","self_link":"string","terraform_labels":["map","string"],"uid":"string"}]],"description":"Metadata associated with this Service, including name, namespace, labels,\nand annotations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name must be unique within a Google Cloud project and region.\nIs required when creating resources. Name is primarily intended\nfor creation idempotence and configuration definition. Cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"status":{"type":["list",["object",{"conditions":["list",["object",{"message":"string","reason":"string","status":"string","type":"string"}]],"latest_created_revision_name":"string","latest_ready_revision_name":"string","observed_generation":"number","traffic":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"url":"string"}]],"description":"The current status of the Service.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"metadata":["list",["object",{"annotations":["map","string"],"generation":"number","labels":["map","string"],"name":"string","namespace":"string","resource_version":"string","self_link":"string","uid":"string"}]],"spec":["list",["object",{"container_concurrency":"number","containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["set",["object",{"name":"string","value":"string","value_from":["list",["object",{"secret_key_ref":["list",["object",{"key":"string","name":"string"}]]}]]}]],"env_from":["list",["object",{"config_map_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]],"prefix":"string","secret_ref":["list",["object",{"local_object_reference":["list",["object",{"name":"string"}]],"optional":"bool"}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string","protocol":"string"}]],"resources":["list",["object",{"limits":["map","string"],"requests":["map","string"]}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"service_account_name":"string","serving_state":"string","timeout_seconds":"number","volumes":["list",["object",{"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"key":"string","mode":"number","path":"string"}]],"secret_name":"string"}]]}]]}]]}]],"description":"template holds the latest specification for the Revision to\nbe stamped out. The template references the container image, and may also\ninclude labels and annotations that should be attached to the Revision.\nTo correlate a Revision, and/or to force a Revision to be created when the\nspec doesn't otherwise change, a nonce label may be provided in the\ntemplate metadata. For more details, see:\nhttps://github.com/knative/serving/blob/main/docs/client-conventions.md#associate-modifications-with-revisions\n\nCloud Run does not currently support referencing a build that is\nresponsible for materializing the container image from source.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"latest_revision":"bool","percent":"number","revision_name":"string","tag":"string","url":"string"}]],"description":"Traffic specifies how to distribute traffic over a collection of Knative Revisions\nand Configurations","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_cloud_run_v2_job":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected on new resources.\nAll system annotations in v1 now have a corresponding field in v2 Job.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in reconciling for additional information on 'reconciliation' process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"execution_count":{"type":"number","description":"Number of executions created for this job.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Job.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_execution":{"type":["list",["object",{"completion_time":"string","create_time":"string","name":"string"}]],"description":"Name of the last created execution.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run job","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Job.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Job. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Job is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, observedGeneration and latest_succeeded_execution, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: observedGeneration and generation, latest_succeeded_execution and latestCreatedExecution.\n\nIf reconciliation failed, observedGeneration and latest_succeeded_execution will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in terminalCondition and conditions","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"labels":["map","string"],"parallelism":"number","task_count":"number","template":["list",["object",{"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"limits":["map","string"]}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","max_retries":"number","service_account":"string","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["list","string"]}]],"name":"string","secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]]}]],"description":"The template used to create executions for this Job.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.\n\nCloud Run API v2 does not support annotations with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected in new resources.\nAll system annotations in v1 now have a corresponding field in v2 Service.\n\nThis field follows Kubernetes annotations' namespacing, limits, and rules.\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"breakglass_justification":"string","use_default":"bool"}]],"description":"Settings for the Binary Authorization feature.","description_kind":"plain","computed":true},"client":{"type":"string","description":"Arbitrary identifier for the API client.","description_kind":"plain","computed":true},"client_version":{"type":"string","description":"Arbitrary version identifier for the API client.","description_kind":"plain","computed":true},"conditions":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The creation time.","description_kind":"plain","computed":true},"creator":{"type":"string","description":"Email address of the authenticated creator.","description_kind":"plain","computed":true},"custom_audiences":{"type":["list","string"],"description":"One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests.\nFor more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.","description_kind":"plain","computed":true},"delete_time":{"type":"string","description":"The deletion time.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of the Service. This field currently has a 512-character limit.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"For a deleted resource, the time after which it will be permamently deleted.","description_kind":"plain","computed":true},"generation":{"type":"string","description":"A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress":{"type":"string","description":"Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. Possible values: [\"INGRESS_TRAFFIC_ALL\", \"INGRESS_TRAFFIC_INTERNAL_ONLY\", \"INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER\"]","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component,\nenvironment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.\n\nCloud Run API v2 does not support labels with 'run.googleapis.com', 'cloud.googleapis.com', 'serving.knative.dev', or 'autoscaling.knative.dev' namespaces, and they will be rejected.\nAll system labels in v1 now have a corresponding field in v2 Service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_modifier":{"type":"string","description":"Email address of the last authenticated modifier.","description_kind":"plain","computed":true},"latest_created_revision":{"type":"string","description":"Name of the last created revision. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"latest_ready_revision":{"type":"string","description":"Name of the latest revision that is serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"launch_stage":{"type":"string","description":"The launch stage as defined by [Google Cloud Platform Launch Stages](https://cloud.google.com/products#product-launch-stages). Cloud Run supports ALPHA, BETA, and GA.\nIf no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features.\n\nFor example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output. Possible values: [\"UNIMPLEMENTED\", \"PRELAUNCH\", \"EARLY_ACCESS\", \"ALPHA\", \"BETA\", \"GA\", \"DEPRECATED\"]","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of the cloud run service","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the Service.","description_kind":"plain","required":true},"observed_generation":{"type":"string","description":"The generation of this Service currently serving traffic. See comments in reconciling for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a string instead of an integer.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"reconciling":{"type":"bool","description":"Returns true if the Service is currently being acted upon by the system to bring it into the desired state.\n\nWhen a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, observedGeneration, latest_ready_revison, trafficStatuses, and uri will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in terminalCondition.state.\n\nIf reconciliation succeeded, the following fields will match: traffic and trafficStatuses, observedGeneration and generation, latestReadyRevision and latestCreatedRevision.\n\nIf reconciliation failed, trafficStatuses, observedGeneration, and latestReadyRevision will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in terminalCondition and conditions.","description_kind":"plain","computed":true},"template":{"type":["list",["object",{"annotations":["map","string"],"containers":["list",["object",{"args":["list","string"],"command":["list","string"],"depends_on":["list","string"],"env":["list",["object",{"name":"string","value":"string","value_source":["list",["object",{"secret_key_ref":["list",["object",{"secret":"string","version":"string"}]]}]]}]],"image":"string","liveness_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"name":"string","ports":["list",["object",{"container_port":"number","name":"string"}]],"resources":["list",["object",{"cpu_idle":"bool","limits":["map","string"],"startup_cpu_boost":"bool"}]],"startup_probe":["list",["object",{"failure_threshold":"number","grpc":["list",["object",{"port":"number","service":"string"}]],"http_get":["list",["object",{"http_headers":["list",["object",{"name":"string","value":"string"}]],"path":"string","port":"number"}]],"initial_delay_seconds":"number","period_seconds":"number","tcp_socket":["list",["object",{"port":"number"}]],"timeout_seconds":"number"}]],"volume_mounts":["list",["object",{"mount_path":"string","name":"string"}]],"working_dir":"string"}]],"encryption_key":"string","execution_environment":"string","labels":["map","string"],"max_instance_request_concurrency":"number","revision":"string","scaling":["list",["object",{"max_instance_count":"number","min_instance_count":"number"}]],"service_account":"string","session_affinity":"bool","timeout":"string","volumes":["list",["object",{"cloud_sql_instance":["list",["object",{"instances":["set","string"]}]],"gcs":["list",["object",{"bucket":"string","read_only":"bool"}]],"name":"string","nfs":["list",["object",{"path":"string","read_only":"bool","server":"string"}]],"secret":["list",["object",{"default_mode":"number","items":["list",["object",{"mode":"number","path":"string","version":"string"}]],"secret":"string"}]]}]],"vpc_access":["list",["object",{"connector":"string","egress":"string","network_interfaces":["list",["object",{"network":"string","subnetwork":"string","tags":["list","string"]}]]}]]}]],"description":"The template used to create revisions for this Service.","description_kind":"plain","computed":true},"terminal_condition":{"type":["list",["object",{"execution_reason":"string","last_transition_time":"string","message":"string","reason":"string","revision_reason":"string","severity":"string","state":"string","type":"string"}]],"description":"The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"traffic":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string"}]],"description":"Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest Ready Revision.","description_kind":"plain","computed":true},"traffic_statuses":{"type":["list",["object",{"percent":"number","revision":"string","tag":"string","type":"string","uri":"string"}]],"description":"Detailed status information for corresponding traffic targets. See comments in reconciling for additional information on reconciliation process in Cloud Run.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last-modified time.","description_kind":"plain","computed":true},"uri":{"type":"string","description":"The main URI in which this Service is serving traffic.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloud_run_v2_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloud_tasks_queue_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudbuild_trigger":{"version":2,"block":{"attributes":{"approval_config":{"type":["list",["object",{"approval_required":"bool"}]],"description":"Configuration for manual approval to start a build invocation of this BuildTrigger.\nBuilds created by this trigger will require approval before they execute.\nAny user with a Cloud Build Approver role for the project can approve a build.","description_kind":"plain","computed":true},"bitbucket_server_trigger_config":{"type":["list",["object",{"bitbucket_server_config_resource":"string","project_key":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repo_slug":"string"}]],"description":"BitbucketServerTriggerConfig describes the configuration of a trigger that creates a build whenever a Bitbucket Server event is received.","description_kind":"plain","computed":true},"build":{"type":["list",["object",{"artifacts":["list",["object",{"images":["list","string"],"maven_artifacts":["list",["object",{"artifact_id":"string","group_id":"string","path":"string","repository":"string","version":"string"}]],"npm_packages":["list",["object",{"package_path":"string","repository":"string"}]],"objects":["list",["object",{"location":"string","paths":["list","string"],"timing":["list",["object",{"end_time":"string","start_time":"string"}]]}]],"python_packages":["list",["object",{"paths":["list","string"],"repository":"string"}]]}]],"available_secrets":["list",["object",{"secret_manager":["list",["object",{"env":"string","version_name":"string"}]]}]],"images":["list","string"],"logs_bucket":"string","options":["list",["object",{"disk_size_gb":"number","dynamic_substitutions":"bool","env":["list","string"],"log_streaming_option":"string","logging":"string","machine_type":"string","requested_verify_option":"string","secret_env":["list","string"],"source_provenance_hash":["list","string"],"substitution_option":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"worker_pool":"string"}]],"queue_ttl":"string","secret":["list",["object",{"kms_key_name":"string","secret_env":["map","string"]}]],"source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","substitutions":["map","string"],"tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"string","object":"string"}]]}]],"step":["list",["object",{"allow_exit_codes":["list","number"],"allow_failure":"bool","args":["list","string"],"dir":"string","entrypoint":"string","env":["list","string"],"id":"string","name":"string","script":"string","secret_env":["list","string"],"timeout":"string","timing":"string","volumes":["list",["object",{"name":"string","path":"string"}]],"wait_for":["list","string"]}]],"substitutions":["map","string"],"tags":["list","string"],"timeout":"string"}]],"description":"Contents of the build template. Either a filename or build template must be provided.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Time when the trigger was created.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Human-readable description of the trigger.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"Whether the trigger is disabled or not. If true, the trigger will never result in a build.","description_kind":"plain","computed":true},"filename":{"type":"string","description":"Path, from the source root, to a file whose contents is used for the template.\nEither a filename or build template must be provided. Set this only when using trigger_template or github.\nWhen using Pub/Sub, Webhook or Manual set the file name using git_file_source instead.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"A Common Expression Language string. Used only with Pub/Sub and Webhook.","description_kind":"plain","computed":true},"git_file_source":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","path":"string","repo_type":"string","repository":"string","revision":"string","uri":"string"}]],"description":"The file source describing the local or remote Build template.","description_kind":"plain","computed":true},"github":{"type":["list",["object",{"enterprise_config_resource_name":"string","name":"string","owner":"string","pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]]}]],"description":"Describes the configuration of a trigger that creates a build whenever a GitHub event is received.\n\nOne of 'trigger_template', 'github', 'pubsub_config' or 'webhook_config' must be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignored_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf ignoredFiles and changed files are both empty, then they are not\nused to determine whether or not to trigger a build.\n\nIf ignoredFiles is not empty, then we ignore any files that match any\nof the ignored_file globs. If the change has no files that are outside\nof the ignoredFiles globs, then we do not trigger a build.","description_kind":"plain","computed":true},"include_build_logs":{"type":"string","description":"Build logs will be sent back to GitHub as part of the checkrun\nresult. Values can be INCLUDE_BUILD_LOGS_UNSPECIFIED or\nINCLUDE_BUILD_LOGS_WITH_STATUS Possible values: [\"INCLUDE_BUILD_LOGS_UNSPECIFIED\", \"INCLUDE_BUILD_LOGS_WITH_STATUS\"]","description_kind":"plain","computed":true},"included_files":{"type":["list","string"],"description":"ignoredFiles and includedFiles are file glob matches using https://golang.org/pkg/path/filepath/#Match\nextended with support for '**'.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is empty, then as far as this filter is concerned, we\nshould trigger the build.\n\nIf any of the files altered in the commit pass the ignoredFiles filter\nand includedFiles is not empty, then we make sure that at least one of\nthose files matches a includedFiles glob. If not, then we do not trigger\na build.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The [Cloud Build location](https://cloud.google.com/build/docs/locations) for the trigger.\nIf not specified, \"global\" is used.","description_kind":"plain","required":true},"name":{"type":"string","description":"Name of the trigger. Must be unique within the project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_config":{"type":["list",["object",{"service_account_email":"string","state":"string","subscription":"string","topic":"string"}]],"description":"PubsubConfig describes the configuration of a trigger that creates\na build whenever a Pub/Sub message is published.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"repository_event_config":{"type":["list",["object",{"pull_request":["list",["object",{"branch":"string","comment_control":"string","invert_regex":"bool"}]],"push":["list",["object",{"branch":"string","invert_regex":"bool","tag":"string"}]],"repository":"string"}]],"description":"The configuration of a trigger that creates a build whenever an event from Repo API is received.","description_kind":"plain","computed":true},"service_account":{"type":"string","description":"The service account used for all user-controlled operations including\ntriggers.patch, triggers.run, builds.create, and builds.cancel.\n\nIf no service account is set, then the standard Cloud Build service account\n([PROJECT_NUM]@system.gserviceaccount.com) will be used instead.\n\nFormat: projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT_ID_OR_EMAIL}","description_kind":"plain","computed":true},"source_to_build":{"type":["list",["object",{"bitbucket_server_config":"string","github_enterprise_config":"string","ref":"string","repo_type":"string","repository":"string","uri":"string"}]],"description":"The repo and ref of the repository from which to build.\nThis field is used only for those triggers that do not respond to SCM events.\nTriggers that respond to such events build source at whatever commit caused the event.\nThis field is currently only used by Webhook, Pub/Sub, Manual, and Cron triggers.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"substitutions":{"type":["map","string"],"description":"Substitutions data for Build resource.","description_kind":"plain","computed":true},"tags":{"type":["list","string"],"description":"Tags for annotation of a BuildTrigger","description_kind":"plain","computed":true},"trigger_id":{"type":"string","description":"The unique identifier for the trigger.","description_kind":"plain","required":true},"trigger_template":{"type":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"description":"Template describing the types of source changes to trigger a build.\n\nBranch and tag names in trigger templates are interpreted as regular\nexpressions. Any branch or tag change that matches that regular\nexpression will trigger a build.\n\nOne of 'trigger_template', 'github', 'pubsub_config', 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true},"webhook_config":{"type":["list",["object",{"secret":"string","state":"string"}]],"description":"WebhookConfig describes the configuration of a trigger that creates\na build whenever a webhook is sent to a trigger's webhook URL.\n\nOne of 'trigger_template', 'github', 'pubsub_config' 'webhook_config' or 'source_to_build' must be provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudbuildv2_connection_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_custom_target_type_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_delivery_pipeline_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_clouddeploy_target_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function":{"version":0,"block":{"attributes":{"build_config":{"type":["list",["object",{"build":"string","docker_repository":"string","entry_point":"string","environment_variables":["map","string"],"runtime":"string","service_account":"string","source":["list",["object",{"repo_source":["list",["object",{"branch_name":"string","commit_sha":"string","dir":"string","invert_regex":"bool","project_id":"string","repo_name":"string","tag_name":"string"}]],"storage_source":["list",["object",{"bucket":"string","generation":"number","object":"string"}]]}]],"worker_pool":"string"}]],"description":"Describes the Build step of the function that builds a container\nfrom the given source.","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description of a function.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"environment":{"type":"string","description":"The environment the function is hosted on.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_filters":["set",["object",{"attribute":"string","operator":"string","value":"string"}]],"event_type":"string","pubsub_topic":"string","retry_policy":"string","service_account_email":"string","trigger":"string","trigger_region":"string"}]],"description":"An Eventarc trigger managed by Google Cloud Functions that fires events in\nresponse to a condition in another service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.\nIt must match the pattern projects/{project}/locations/{location}/keyRings/{key_ring}/cryptoKeys/{crypto_key}.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs associated with this Cloud Function.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location of this cloud function.","description_kind":"plain","required":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must\nbe unique globally and match pattern 'projects/*/locations/*/functions/*'.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_config":{"type":["list",["object",{"all_traffic_on_latest_revision":"bool","available_cpu":"string","available_memory":"string","environment_variables":["map","string"],"gcf_uri":"string","ingress_settings":"string","max_instance_count":"number","max_instance_request_concurrency":"number","min_instance_count":"number","secret_environment_variables":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"secret_volumes":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"service":"string","service_account_email":"string","timeout_seconds":"number","uri":"string","vpc_connector":"string","vpc_connector_egress_settings":"string"}]],"description":"Describes the Service being deployed.","description_kind":"plain","computed":true},"state":{"type":"string","description":"Describes the current state of the function.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The last update timestamp of a Cloud Function.","description_kind":"plain","computed":true},"url":{"type":"string","description":"Output only. The deployed url for the function.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions2_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function":{"version":0,"block":{"attributes":{"available_memory_mb":{"type":"number","description":"Memory (in MB), available to the function. Default value is 256. Possible values include 128, 256, 512, 1024, etc.","description_kind":"plain","computed":true},"build_environment_variables":{"type":["map","string"],"description":" A set of key/value environment variable pairs available during build time.","description_kind":"plain","computed":true},"build_worker_pool":{"type":"string","description":"Name of the Cloud Build Custom Worker Pool that should be used to build the function.","description_kind":"plain","computed":true},"description":{"type":"string","description":"Description of the function.","description_kind":"plain","computed":true},"docker_registry":{"type":"string","description":"Docker Registry to use for storing the function's Docker images. Allowed values are ARTIFACT_REGISTRY (default) and CONTAINER_REGISTRY.","description_kind":"plain","computed":true},"docker_repository":{"type":"string","description":"User managed repository created in Artifact Registry optionally with a customer managed encryption key. If specified, deployments will use Artifact Registry for storing images built with Cloud Build.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"entry_point":{"type":"string","description":"Name of the function that will be executed when the Google Cloud Function is triggered.","description_kind":"plain","computed":true},"environment_variables":{"type":["map","string"],"description":"A set of key/value environment variable pairs to assign to the function.","description_kind":"plain","computed":true},"event_trigger":{"type":["list",["object",{"event_type":"string","failure_policy":["list",["object",{"retry":"bool"}]],"resource":"string"}]],"description":"A source that fires events in response to a condition in another service. Cannot be used with trigger_http.","description_kind":"plain","computed":true},"https_trigger_security_level":{"type":"string","description":"The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.","description_kind":"plain","computed":true},"https_trigger_url":{"type":"string","description":"URL which triggers function execution. Returned only if trigger_http is used.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingress_settings":{"type":"string","description":"String value that controls what traffic can reach the function. Allowed values are ALLOW_ALL and ALLOW_INTERNAL_ONLY. Changes to this field will recreate the cloud function.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"Resource name of a KMS crypto key (managed by the user) used to encrypt/decrypt function resources.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the function. Label keys must follow the requirements at https://cloud.google.com/resource-manager/docs/creating-managing-labels#requirements.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"The limit on the maximum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"The limit on the minimum number of function instances that may coexist at a given time.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A user-defined name of the function. Function names must be unique globally.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project of the function. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of function. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"runtime":{"type":"string","description":"The runtime in which the function is going to run. Eg. \"nodejs12\", \"nodejs14\", \"python37\", \"go111\".","description_kind":"plain","computed":true},"secret_environment_variables":{"type":["list",["object",{"key":"string","project_id":"string","secret":"string","version":"string"}]],"description":"Secret environment variables configuration","description_kind":"plain","computed":true},"secret_volumes":{"type":["list",["object",{"mount_path":"string","project_id":"string","secret":"string","versions":["list",["object",{"path":"string","version":"string"}]]}]],"description":"Secret volumes configuration.","description_kind":"plain","computed":true},"service_account_email":{"type":"string","description":" If provided, the self-provided service account to run the function with.","description_kind":"plain","computed":true},"source_archive_bucket":{"type":"string","description":"The GCS bucket containing the zip archive which contains the function.","description_kind":"plain","computed":true},"source_archive_object":{"type":"string","description":"The source archive object (file) in archive bucket.","description_kind":"plain","computed":true},"source_repository":{"type":["list",["object",{"deployed_url":"string","url":"string"}]],"description":"Represents parameters related to source repository where a function is hosted. Cannot be set alongside source_archive_bucket or source_archive_object.","description_kind":"plain","computed":true},"status":{"type":"string","description":"Describes the current stage of a deployment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"timeout":{"type":"number","description":"Timeout (in seconds) for the function. Default value is 60 seconds. Cannot be more than 540 seconds.","description_kind":"plain","computed":true},"trigger_http":{"type":"bool","description":"Boolean variable. Any HTTP request (of a supported type) to the endpoint will trigger function execution. Supported HTTP request types are: POST, PUT, GET, DELETE, and OPTIONS. Endpoint is returned as https_trigger_url. Cannot be used with trigger_bucket and trigger_topic.","description_kind":"plain","computed":true},"version_id":{"type":"string","description":"The version identifier of the Cloud Function. Each deployment attempt results in a new version of a function being created.","description_kind":"plain","computed":true},"vpc_connector":{"type":"string","description":"The VPC Network Connector that this cloud function can connect to. It can be either the fully-qualified URI, or the short name of the network connector resource. The format of this field is projects/*/locations/*/connectors/*.","description_kind":"plain","computed":true},"vpc_connector_egress_settings":{"type":"string","description":"The egress settings for the connector, controlling what traffic is diverted through it. Allowed values are ALL_TRAFFIC and PRIVATE_RANGES_ONLY. Defaults to PRIVATE_RANGES_ONLY. If unset, this field preserves the previously set value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_cloudfunctions_function_iam_policy":{"version":0,"block":{"attributes":{"cloud_function":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_composer_environment":{"version":0,"block":{"attributes":{"config":{"type":["list",["object",{"airflow_uri":"string","dag_gcs_prefix":"string","data_retention_config":["list",["object",{"task_logs_retention_config":["list",["object",{"storage_mode":"string"}]]}]],"database_config":["list",["object",{"machine_type":"string","zone":"string"}]],"encryption_config":["list",["object",{"kms_key_name":"string"}]],"environment_size":"string","gke_cluster":"string","maintenance_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]],"master_authorized_networks_config":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"enabled":"bool"}]],"node_config":["list",["object",{"disk_size_gb":"number","enable_ip_masq_agent":"bool","ip_allocation_policy":["list",["object",{"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","services_ipv4_cidr_block":"string","services_secondary_range_name":"string","use_ip_aliases":"bool"}]],"machine_type":"string","network":"string","oauth_scopes":["set","string"],"service_account":"string","subnetwork":"string","tags":["set","string"],"zone":"string"}]],"node_count":"number","private_environment_config":["list",["object",{"cloud_composer_connection_subnetwork":"string","cloud_composer_network_ipv4_cidr_block":"string","cloud_sql_ipv4_cidr_block":"string","connection_type":"string","enable_private_endpoint":"bool","enable_privately_used_public_ips":"bool","master_ipv4_cidr_block":"string","web_server_ipv4_cidr_block":"string"}]],"recovery_config":["list",["object",{"scheduled_snapshots_config":["list",["object",{"enabled":"bool","snapshot_creation_schedule":"string","snapshot_location":"string","time_zone":"string"}]]}]],"resilience_mode":"string","software_config":["list",["object",{"airflow_config_overrides":["map","string"],"env_variables":["map","string"],"image_version":"string","pypi_packages":["map","string"],"python_version":"string","scheduler_count":"number"}]],"web_server_config":["list",["object",{"machine_type":"string"}]],"web_server_network_access_control":["list",["object",{"allowed_ip_range":["set",["object",{"description":"string","value":"string"}]]}]],"workloads_config":["list",["object",{"scheduler":["list",["object",{"count":"number","cpu":"number","memory_gb":"number","storage_gb":"number"}]],"triggerer":["list",["object",{"count":"number","cpu":"number","memory_gb":"number"}]],"web_server":["list",["object",{"cpu":"number","memory_gb":"number","storage_gb":"number"}]],"worker":["list",["object",{"cpu":"number","max_count":"number","memory_gb":"number","min_count":"number","storage_gb":"number"}]]}]]}]],"description":"Configuration parameters for this environment.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for this environment. The labels map can contain no more than 64 entries. Entries of the labels map are UTF8 strings that comply with the following restrictions: Label keys must be between 1 and 63 characters long and must conform to the following regular expression: [a-z]([-a-z0-9]*[a-z0-9])?. Label values must be between 0 and 63 characters long and must conform to the regular expression ([a-z]([-a-z0-9]*[a-z0-9])?)?. No more than 64 labels can be associated with a given environment. Both keys and values must be \u003c= 128 bytes in size.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the environment.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The location or Compute Engine region for the environment.","description_kind":"plain","optional":true},"storage_config":{"type":["list",["object",{"bucket":"string"}]],"description":"Configuration options for storage used by Composer environment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_composer_image_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_versions":{"type":["list",["object",{"image_version_id":"string","supported_python_versions":["list","string"]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_addresses":{"version":0,"block":{"attributes":{"addresses":{"type":["list",["object",{"address":"string","address_type":"string","description":"string","name":"string","region":"string","self_link":"string","status":"string"}]],"description_kind":"plain","computed":true},"filter":{"type":"string","description":"Filter sets the optional parameter \"filter\": A filter expression that\nfilters resources listed in the response. The expression must specify\nthe field name, an operator, and the value that you want to use for\nfiltering. The value must be a string, a number, or a boolean. The\noperator must be either \"=\", \"!=\", \"\u003e\", \"\u003c\", \"\u003c=\", \"\u003e=\" or \":\". For\nexample, if you are filtering Compute Engine instances, you can\nexclude instances named \"example-instance\" by specifying \"name !=\nexample-instance\". The \":\" operator can be used with string fields to\nmatch substrings. For non-string fields it is equivalent to the \"=\"\noperator. The \":*\" comparison can be used to test whether a key has\nbeen defined. For example, to find all objects with \"owner\" label\nuse: \"\"\" labels.owner:* \"\"\" You can also filter nested fields. For\nexample, you could specify \"scheduling.automaticRestart = false\" to\ninclude instances only if they are not scheduled for automatic\nrestarts. You can use filtering on nested fields to filter based on\nresource labels. To filter on multiple expressions, provide each\nseparate expression within parentheses. For example: \"\"\"\n(scheduling.automaticRestart = true) (cpuPlatform = \"Intel Skylake\")\n\"\"\" By default, each expression is an \"AND\" expression. However, you\ncan include \"AND\" and \"OR\" expressions explicitly. For example: \"\"\"\n(cpuPlatform = \"Intel Skylake\") OR (cpuPlatform = \"Intel Broadwell\")\nAND (scheduling.automaticRestart = true) \"\"\"","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"The google project in which addresses are listed. Defaults to provider's configuration if missing.","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description":"Region that should be considered to search addresses. All regions are considered if missing.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_backend_bucket":{"version":0,"block":{"attributes":{"bucket_name":{"type":"string","description":"Cloud Storage bucket name.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_http_headers":["list","string"],"query_string_whitelist":["list","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"request_coalescing":"bool","serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this Backend Bucket.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["list","string"],"description":"Headers that the HTTP/S load balancer should add to proxied responses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the resource; provided by the\nclient when the resource is created.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The security policy associated with this backend bucket.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendBucket.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_backend_service":{"version":1,"block":{"attributes":{"affinity_cookie_ttl_sec":{"type":"number","description":"Lifetime of cookies in seconds if session_affinity is\nGENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts\nonly until the end of the browser session (or equivalent). The\nmaximum allowed value for TTL is one day.\n\nWhen the load balancing scheme is INTERNAL, this field is not used.","description_kind":"plain","computed":true},"backend":{"type":["set",["object",{"balancing_mode":"string","capacity_scaler":"number","description":"string","group":"string","max_connections":"number","max_connections_per_endpoint":"number","max_connections_per_instance":"number","max_rate":"number","max_rate_per_endpoint":"number","max_rate_per_instance":"number","max_utilization":"number"}]],"description":"The set of backends that serve this BackendService.","description_kind":"plain","computed":true},"cdn_policy":{"type":["list",["object",{"bypass_cache_on_request_headers":["list",["object",{"header_name":"string"}]],"cache_key_policy":["list",["object",{"include_host":"bool","include_http_headers":["list","string"],"include_named_cookies":["list","string"],"include_protocol":"bool","include_query_string":"bool","query_string_blacklist":["set","string"],"query_string_whitelist":["set","string"]}]],"cache_mode":"string","client_ttl":"number","default_ttl":"number","max_ttl":"number","negative_caching":"bool","negative_caching_policy":["list",["object",{"code":"number","ttl":"number"}]],"serve_while_stale":"number","signed_url_cache_max_age_sec":"number"}]],"description":"Cloud CDN configuration for this BackendService.","description_kind":"plain","computed":true},"circuit_breakers":{"type":["list",["object",{"max_connections":"number","max_pending_requests":"number","max_requests":"number","max_requests_per_connection":"number","max_retries":"number"}]],"description":"Settings controlling the volume of connections to a backend service. This field\nis applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"compression_mode":{"type":"string","description":"Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values: [\"AUTOMATIC\", \"DISABLED\"]","description_kind":"plain","computed":true},"connection_draining_timeout_sec":{"type":"number","description":"Time for which instance will be drained (not accept new\nconnections, but still work to finish started).","description_kind":"plain","computed":true},"consistent_hash":{"type":["list",["object",{"http_cookie":["list",["object",{"name":"string","path":"string","ttl":["list",["object",{"nanos":"number","seconds":"number"}]]}]],"http_header_name":"string","minimum_ring_size":"number"}]],"description":"Consistent Hash-based load balancing can be used to provide soft session\naffinity based on HTTP headers, cookies or other properties. This load balancing\npolicy is applicable only for HTTP connections. The affinity to a particular\ndestination host will be lost when one or more hosts are added/removed from the\ndestination service. This field specifies parameters that control consistent\nhashing. This field only applies if the load_balancing_scheme is set to\nINTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is\nset to MAGLEV or RING_HASH.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_request_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nrequests.","description_kind":"plain","computed":true},"custom_response_headers":{"type":["set","string"],"description":"Headers that the HTTP/S load balancer should add to proxied\nresponses.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"edge_security_policy":{"type":"string","description":"The resource URL for the edge security policy associated with this backend service.","description_kind":"plain","computed":true},"enable_cdn":{"type":"bool","description":"If true, enable Cloud CDN for this BackendService.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"generated_id":{"type":"number","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"health_checks":{"type":["set","string"],"description":"The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource\nfor health checking this BackendService. Currently at most one health\ncheck can be specified.\n\nA health check must be specified unless the backend service uses an internet\nor serverless NEG as a backend.\n\nFor internal load balancing, a URL to a HealthCheck resource must be specified instead.","description_kind":"plain","computed":true},"iap":{"type":["list",["object",{"oauth2_client_id":"string","oauth2_client_secret":"string","oauth2_client_secret_sha256":"string"}]],"description":"Settings for enabling Cloud Identity Aware Proxy","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"load_balancing_scheme":{"type":"string","description":"Indicates whether the backend service will be used with internal or\nexternal load balancing. A backend service created for one type of\nload balancing cannot be used with the other. For more information, refer to\n[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"INTERNAL_SELF_MANAGED\", \"INTERNAL_MANAGED\", \"EXTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"locality_lb_policies":{"type":["list",["object",{"custom_policy":["list",["object",{"data":"string","name":"string"}]],"policy":["list",["object",{"name":"string"}]]}]],"description":"A list of locality load balancing policies to be used in order of\npreference. Either the policy or the customPolicy field should be set.\nOverrides any value set in the localityLbPolicy field.\n\nlocalityLbPolicies is only supported when the BackendService is referenced\nby a URL Map that is referenced by a target gRPC proxy that has the\nvalidateForProxyless field set to true.","description_kind":"plain","computed":true},"locality_lb_policy":{"type":"string","description":"The load balancing algorithm used within the scope of the locality.\nThe possible values are:\n\n* 'ROUND_ROBIN': This is a simple policy in which each healthy backend\n is selected in round robin order.\n\n* 'LEAST_REQUEST': An O(1) algorithm which selects two random healthy\n hosts and picks the host which has fewer active requests.\n\n* 'RING_HASH': The ring/modulo hash load balancer implements consistent\n hashing to backends. The algorithm has the property that the\n addition/removal of a host from a set of N hosts only affects\n 1/N of the requests.\n\n* 'RANDOM': The load balancer selects a random healthy host.\n\n* 'ORIGINAL_DESTINATION': Backend host is selected based on the client\n connection metadata, i.e., connections are opened\n to the same address as the destination address of\n the incoming connection before the connection\n was redirected to the load balancer.\n\n* 'MAGLEV': used as a drop in replacement for the ring hash load balancer.\n Maglev is not as stable as ring hash but has faster table lookup\n build times and host selection times. For more information about\n Maglev, refer to https://ai.google/research/pubs/pub44824\n\n* 'WEIGHTED_MAGLEV': Per-instance weighted Load Balancing via health check\n reported weights. If set, the Backend Service must\n configure a non legacy HTTP-based Health Check, and\n health check replies are expected to contain\n non-standard HTTP response header field\n X-Load-Balancing-Endpoint-Weight to specify the\n per-instance weights. If set, Load Balancing is weight\n based on the per-instance weights reported in the last\n processed health check replies, as long as every\n instance either reported a valid weight or had\n UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains\n equal-weight.\n\n\nThis field is applicable to either:\n\n* A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2,\n and loadBalancingScheme set to INTERNAL_MANAGED.\n* A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.\n* A regional backend service with loadBalancingScheme set to EXTERNAL (External Network\n Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External\n Network Load Balancing. The default is MAGLEV.\n\n\nIf session_affinity is not NONE, and this field is not set to MAGLEV, WEIGHTED_MAGLEV,\nor RING_HASH, session affinity settings will not take effect.\n\nOnly ROUND_ROBIN and RING_HASH are supported when the backend service is referenced\nby a URL map that is bound to target gRPC proxy that has validate_for_proxyless\nfield set to true. Possible values: [\"ROUND_ROBIN\", \"LEAST_REQUEST\", \"RING_HASH\", \"RANDOM\", \"ORIGINAL_DESTINATION\", \"MAGLEV\", \"WEIGHTED_MAGLEV\"]","description_kind":"plain","computed":true},"log_config":{"type":["list",["object",{"enable":"bool","sample_rate":"number"}]],"description":"This field denotes the logging options for the load balancer traffic served by this backend service.\nIf logging is enabled, logs will be exported to Stackdriver.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"outlier_detection":{"type":["list",["object",{"base_ejection_time":["list",["object",{"nanos":"number","seconds":"number"}]],"consecutive_errors":"number","consecutive_gateway_failure":"number","enforcing_consecutive_errors":"number","enforcing_consecutive_gateway_failure":"number","enforcing_success_rate":"number","interval":["list",["object",{"nanos":"number","seconds":"number"}]],"max_ejection_percent":"number","success_rate_minimum_hosts":"number","success_rate_request_volume":"number","success_rate_stdev_factor":"number"}]],"description":"Settings controlling eviction of unhealthy hosts from the load balancing pool.\nApplicable backend service types can be a global backend service with the\nloadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED.","description_kind":"plain","computed":true},"port_name":{"type":"string","description":"Name of backend port. The same name should appear in the instance\ngroups referenced by this service. Required when the load balancing\nscheme is EXTERNAL.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"protocol":{"type":"string","description":"The protocol this BackendService uses to communicate with backends.\nThe default is HTTP. **NOTE**: HTTP2 is only valid for beta HTTP/2 load balancer\ntypes and may result in errors if used with the GA API. **NOTE**: With protocol “UNSPECIFIED”,\nthe backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing\nwith TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values: [\"HTTP\", \"HTTPS\", \"HTTP2\", \"TCP\", \"SSL\", \"GRPC\", \"UNSPECIFIED\"]","description_kind":"plain","computed":true},"security_policy":{"type":"string","description":"The security policy associated with this backend service.","description_kind":"plain","computed":true},"security_settings":{"type":["list",["object",{"client_tls_policy":"string","subject_alt_names":["list","string"]}]],"description":"The security settings that apply to this backend service. This field is applicable to either\na regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and\nload_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the\nload_balancing_scheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"session_affinity":{"type":"string","description":"Type of session affinity to use. The default is NONE. Session affinity is\nnot applicable if the protocol is UDP. Possible values: [\"NONE\", \"CLIENT_IP\", \"CLIENT_IP_PORT_PROTO\", \"CLIENT_IP_PROTO\", \"GENERATED_COOKIE\", \"HEADER_FIELD\", \"HTTP_COOKIE\"]","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How many seconds to wait for the backend before considering it a\nfailed request. Default is 30 seconds. Valid range is [1, 86400].","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_default_service_account":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","rsa_encrypted_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"disk_id":{"type":"string","description":"The unique identifier for the resource. This identifier is defined by the server.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_confidential_compute":{"type":"bool","description":"Whether this disk is using confidential compute mode.\nNote: Only supported on hyperdisk skus, disk_encryption_key is required when setting to true","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description":"The image from which to initialize this disk. This can be\none of: the image's 'self_link', 'projects/{project}/global/images/{image}',\n'projects/{project}/global/images/family/{family}', 'global/images/{image}',\n'global/images/family/{family}', 'family/{family}', '{project}/{family}',\n'{project}/{image}', '{family}', or '{image}'. If referred by family, the\nimages names must include the family name. If they don't, use the\n[google_compute_image data source](/docs/providers/google/d/compute_image.html).\nFor instance, the image 'centos-6-v20180104' includes its family name 'centos-6'.\nThese images can be referred by family name here.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"provisioned_iops":{"type":"number","description":"Indicates how many IOPS must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of IOPS every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"provisioned_throughput":{"type":"number","description":"Indicates how much Throughput must be provisioned for the disk.\nNote: Updating currently is only supported by hyperdisk skus without the need to delete and recreate the disk, hyperdisk\nallows for an update of Throughput every 4 hours. To update your hyperdisk more frequently, you'll need to manually delete and recreate it","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the 'image' or\n'snapshot' parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with 'image' or 'snapshot',\nthe value must not be less than the size of the image\nor the size of the snapshot.\n\n~\u003e**NOTE** If you change the size, Terraform updates the disk size\nif upsizing is detected but recreates the disk if downsizing is requested.\nYou can add 'lifecycle.prevent_destroy' in the config to prevent destroying\nand recreating.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. If the snapshot is in another\nproject than this disk, you must supply a full URL. For example, the\nfollowing are valid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_image_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source image. Required if\nthe source image is protected by a customer-supplied encryption key.","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description":"The ID value of the image used to create this disk. This value\nidentifies the exact image that was used to create this persistent\ndisk. For example, if you created the persistent disk from an image\nthat was later deleted and recreated under the same name, the source\nimage ID would identify the exact version of the image that was used.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk resides.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rule":{"version":0,"block":{"attributes":{"all_ports":{"type":"bool","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'allPorts' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, SCTP, or\nL3_DEFAULT.\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal and external protocol forwarding.\n* Set this field to true to allow packets addressed to any port or packets\nlacking destination port information (for example, UDP fragments after the\nfirst fragment) to be forwarded to the backends configured with this\nforwarding rule. The L3_DEFAULT protocol requires 'allPorts' be set to\ntrue.","description_kind":"plain","computed":true},"allow_global_access":{"type":"bool","description":"This field is used along with the 'backend_service' field for\ninternal load balancing or with the 'target' field for internal\nTargetInstance.\n\nIf the field is set to 'TRUE', clients can access ILB from all\nregions.\n\nOtherwise only allows access from clients in the same region as the\ninternal load balancer.","description_kind":"plain","computed":true},"allow_psc_global_access":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.","description_kind":"plain","computed":true},"backend_service":{"type":"string","description":"Identifies the backend service to which the forwarding rule sends traffic.\n\nRequired for Internal TCP/UDP Load Balancing and Network Load Balancing;\nmust be omitted for all other load balancer types.","description_kind":"plain","computed":true},"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target' or 'backendService'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target' or 'backendService',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).\n\nA Forwarding Rule with protocol L3_DEFAULT can attach with target instance or\nbackend service with UNSPECIFIED protocol.\nA forwarding rule with \"L3_DEFAULT\" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\", \"L3_DEFAULT\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP address version that will be used by this forwarding rule.\nValid options are IPV4 and IPV6.\n\nIf not set, the IPv4 address will be used by default. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"is_mirroring_collector":{"type":"bool","description":"Indicates whether or not this load balancer can be used as a collector for\npacket mirroring. To prevent mirroring loops, instances behind this\nload balancer will not have their traffic mirrored even if a\n'PacketMirroring' rule applies to them.\n\nThis can only be set to true for load balancers that have their\n'loadBalancingScheme' set to 'INTERNAL'.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL\", \"INTERNAL_MANAGED\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"network_tier":{"type":"string","description":"This signifies the networking tier used for configuring\nthis load balancer and can only take the following values:\n'PREMIUM', 'STANDARD'.\n\nFor regional ForwardingRule, the valid values are 'PREMIUM' and\n'STANDARD'. For GlobalForwardingRule, the valid value is\n'PREMIUM'.\n\nIf this field is not specified, it is assumed to be 'PREMIUM'.\nIf 'IPAddress' is specified, this value must be equal to the\nnetworkTier of the Address. Possible values: [\"PREMIUM\", \"STANDARD\"]","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"ports":{"type":["set","string"],"description":"The 'ports', 'portRange', and 'allPorts' fields are mutually exclusive.\nOnly packets addressed to ports in the specified range will be forwarded\nto the backends configured with this forwarding rule.\n\nThe 'ports' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: internal passthrough\nNetwork Load Balancers, backend service-based external passthrough Network\nLoad Balancers, and internal protocol forwarding.\n* You can specify a list of up to five ports by number, separated by\ncommas. The ports can be contiguous or discontiguous.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair if they share at least one port\nnumber.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair if\nthey share at least one port number.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"recreate_closed_psc":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional forwarding rule resides.\n\nThis field is not applicable to global forwarding rules.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"service_label":{"type":"string","description":"An optional prefix to the service name for this Forwarding Rule.\nIf specified, will be the first label of the fully qualified service\nname.\n\nThe label must be 1-63 characters long, and comply with RFC1035.\nSpecifically, the label must be 1-63 characters long and match the\nregular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The internal fully qualified service name for this Forwarding Rule.\n\nThis field is only used for INTERNAL load balancing.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_forwarding_rules":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description_kind":"plain","optional":true},"rules":{"type":["list",["object",{"all_ports":"bool","allow_global_access":"bool","allow_psc_global_access":"bool","backend_service":"string","base_forwarding_rule":"string","creation_timestamp":"string","description":"string","effective_labels":["map","string"],"ip_address":"string","ip_protocol":"string","ip_version":"string","is_mirroring_collector":"bool","label_fingerprint":"string","labels":["map","string"],"load_balancing_scheme":"string","name":"string","network":"string","network_tier":"string","no_automate_dns_zone":"bool","port_range":"string","ports":["set","string"],"project":"string","psc_connection_id":"string","psc_connection_status":"string","recreate_closed_psc":"bool","region":"string","self_link":"string","service_directory_registrations":["list",["object",{"namespace":"string","service":"string"}]],"service_label":"string","service_name":"string","source_ip_ranges":["list","string"],"subnetwork":"string","target":"string","terraform_labels":["map","string"]}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_address":{"version":0,"block":{"attributes":{"address":{"type":"string","description_kind":"plain","computed":true},"address_type":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"network_tier":{"type":"string","description_kind":"plain","computed":true},"prefix_length":{"type":"number","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"purpose":{"type":"string","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description_kind":"plain","computed":true},"users":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_global_forwarding_rule":{"version":0,"block":{"attributes":{"base_forwarding_rule":{"type":"string","description":"[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_address":{"type":"string","description":"IP address for which this forwarding rule accepts traffic. When a client\nsends traffic to this IP address, the forwarding rule directs the traffic\nto the referenced 'target'.\n\nWhile creating a forwarding rule, specifying an 'IPAddress' is\nrequired under the following circumstances:\n\n* When the 'target' is set to 'targetGrpcProxy' and\n'validateForProxyless' is set to 'true', the\n'IPAddress' should be set to '0.0.0.0'.\n* When the 'target' is a Private Service Connect Google APIs\nbundle, you must specify an 'IPAddress'.\n\n\nOtherwise, you can optionally specify an IP address that references an\nexisting static (reserved) IP address resource. When omitted, Google Cloud\nassigns an ephemeral IP address.\n\nUse one of the following formats to specify an IP address while creating a\nforwarding rule:\n\n* IP address number, as in '100.1.2.3'\n* IPv6 address range, as in '2600:1234::/96'\n* Full resource URL, as in\n'https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name'\n* Partial URL or by name, as in:\n * 'projects/project_id/regions/region/addresses/address-name'\n * 'regions/region/addresses/address-name'\n * 'global/addresses/address-name'\n * 'address-name'\n\n\nThe forwarding rule's 'target',\nand in most cases, also the 'loadBalancingScheme', determine the\ntype of IP address that you can use. For detailed information, see\n[IP address\nspecifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n\nWhen reading an 'IPAddress', the API always returns the IP\naddress number.","description_kind":"plain","computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which this rule applies.\n\nFor protocol forwarding, valid\noptions are 'TCP', 'UDP', 'ESP',\n'AH', 'SCTP', 'ICMP' and\n'L3_DEFAULT'.\n\nThe valid IP protocols are different for different load balancing products\nas described in [Load balancing\nfeatures](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). Possible values: [\"TCP\", \"UDP\", \"ESP\", \"AH\", \"SCTP\", \"ICMP\"]","description_kind":"plain","computed":true},"ip_version":{"type":"string","description":"The IP Version that will be used by this global forwarding rule. Possible values: [\"IPV4\", \"IPV6\"]","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this forwarding rule. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"load_balancing_scheme":{"type":"string","description":"Specifies the forwarding rule type.\n\nFor more information about forwarding rules, refer to\n[Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value: \"EXTERNAL\" Possible values: [\"EXTERNAL\", \"EXTERNAL_MANAGED\", \"INTERNAL_MANAGED\", \"INTERNAL_SELF_MANAGED\"]","description_kind":"plain","computed":true},"metadata_filters":{"type":["list",["object",{"filter_labels":["list",["object",{"name":"string","value":"string"}]],"filter_match_criteria":"string"}]],"description":"Opaque filter criteria used by Loadbalancer to restrict routing\nconfiguration to a limited set xDS compliant clients. In their xDS\nrequests to Loadbalancer, xDS clients present node metadata. If a\nmatch takes place, the relevant routing configuration is made available\nto those proxies.\n\nFor each metadataFilter in this list, if its filterMatchCriteria is set\nto MATCH_ANY, at least one of the filterLabels must match the\ncorresponding label provided in the metadata. If its filterMatchCriteria\nis set to MATCH_ALL, then all of its filterLabels must match with\ncorresponding labels in the provided metadata.\n\nmetadataFilters specified here can be overridden by those specified in\nthe UrlMap that this ForwardingRule references.\n\nmetadataFilters only applies to Loadbalancers that have their\nloadBalancingScheme set to INTERNAL_SELF_MANAGED.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is created.\nThe name must be 1-63 characters long, and comply with\n[RFC1035](https://www.ietf.org/rfc/rfc1035.txt).\n\nSpecifically, the name must be 1-63 characters long and match the regular\nexpression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first\ncharacter must be a lowercase letter, and all following characters must\nbe a dash, lowercase letter, or digit, except the last character, which\ncannot be a dash.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, the forwarding rule name must be a 1-20 characters string with\nlowercase letters and numbers and must start with a letter.","description_kind":"plain","required":true},"network":{"type":"string","description":"This field is not used for external load balancing.\n\nFor Internal TCP/UDP Load Balancing, this field identifies the network that\nthe load balanced IP should belong to for this Forwarding Rule.\nIf the subnetwork is specified, the network of the subnetwork will be used.\nIf neither subnetwork nor this field is specified, the default network will\nbe used.\n\nFor Private Service Connect forwarding rules that forward traffic to Google\nAPIs, a network must be provided.","description_kind":"plain","computed":true},"no_automate_dns_zone":{"type":"bool","description":"This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.","description_kind":"plain","computed":true},"port_range":{"type":"string","description":"The 'portRange' field has the following limitations:\n* It requires that the forwarding rule 'IPProtocol' be TCP, UDP, or SCTP,\nand\n* It's applicable only to the following products: external passthrough\nNetwork Load Balancers, internal and external proxy Network Load\nBalancers, internal and external Application Load Balancers, external\nprotocol forwarding, and Classic VPN.\n* Some products have restrictions on what ports can be used. See\n[port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications)\nfor details.\n\nFor external forwarding rules, two or more forwarding rules cannot use the\nsame '[IPAddress, IPProtocol]' pair, and cannot have overlapping\n'portRange's.\n\nFor internal forwarding rules within the same VPC network, two or more\nforwarding rules cannot use the same '[IPAddress, IPProtocol]' pair, and\ncannot have overlapping 'portRange's.\n\n@pattern: \\d+(?:-\\d+)?","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_connection_id":{"type":"string","description":"The PSC connection id of the PSC Forwarding Rule.","description_kind":"plain","computed":true},"psc_connection_status":{"type":"string","description":"The PSC connection status of the PSC Forwarding Rule. Possible values: 'STATUS_UNSPECIFIED', 'PENDING', 'ACCEPTED', 'REJECTED', 'CLOSED'","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"service_directory_registrations":{"type":["list",["object",{"namespace":"string","service_directory_region":"string"}]],"description":"Service Directory resources to register this forwarding rule with.\n\nCurrently, only supports a single Service Directory resource.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list","string"],"description":"If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"This field identifies the subnetwork that the load balanced IP should\nbelong to for this Forwarding Rule, used in internal load balancing and\nnetwork load balancing with IPv6.\n\nIf the network specified is in auto subnet mode, this field is optional.\nHowever, a subnetwork must be specified if the network is in custom subnet\nmode or when creating external forwarding rule with IPv6.","description_kind":"plain","computed":true},"target":{"type":"string","description":"The URL of the target resource to receive the matched traffic. For\nregional forwarding rules, this target must be in the same region as the\nforwarding rule. For global forwarding rules, this target must be a global\nload balancing resource.\n\nThe forwarded traffic must be of a type appropriate to the target object.\n* For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications).\n* For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:\n * 'vpc-sc' - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products).\n * 'all-apis' - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis).\n\n\nFor Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ha_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"The network this VPN gateway is accepting traffic for.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region this gateway should sit in.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"The stack type for this VPN gateway to identify the IP protocols that are enabled.\nIf not specified, IPV4_ONLY will be used. Default value: \"IPV4_ONLY\" Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"vpn_interfaces":{"type":["list",["object",{"id":"number","interconnect_attachment":"string","ip_address":"string"}]],"description":"A list of interfaces on this VPN gateway.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_health_check":{"version":0,"block":{"attributes":{"check_interval_sec":{"type":"number","description":"How often (in seconds) to send a health check. The default value is 5\nseconds.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"grpc_health_check":{"type":["list",["object",{"grpc_service_name":"string","port":"number","port_name":"string","port_specification":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"healthy_threshold":{"type":"number","description":"A so-far unhealthy instance will be marked healthy after this many\nconsecutive successes. The default value is 2.","description_kind":"plain","computed":true},"http2_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"http_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"https_health_check":{"type":["list",["object",{"host":"string","port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request_path":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool"}]],"description":"Configure logging on this health check.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means\nthe first character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the\nlast character, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"ssl_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"tcp_health_check":{"type":["list",["object",{"port":"number","port_name":"string","port_specification":"string","proxy_header":"string","request":"string","response":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"timeout_sec":{"type":"number","description":"How long (in seconds) to wait before claiming failure.\nThe default value is 5 seconds. It is invalid for timeoutSec to have\ngreater value than checkIntervalSec.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the health check. One of HTTP, HTTPS, TCP, or SSL.","description_kind":"plain","computed":true},"unhealthy_threshold":{"type":"number","description":"A so-far healthy instance will be marked unhealthy after this many\nconsecutive failures. The default value is 2.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image":{"version":0,"block":{"attributes":{"archive_size_bytes":{"type":"number","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description_kind":"plain","computed":true},"family":{"type":"string","description_kind":"plain","optional":true,"computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"image_id":{"type":"string","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"source_disk":{"type":"string","description_kind":"plain","computed":true},"source_disk_encryption_key_sha256":{"type":"string","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description_kind":"plain","computed":true},"source_image_id":{"type":"string","description_kind":"plain","computed":true},"status":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_image_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance":{"version":6,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"allow_stopping_for_update":{"type":"bool","description":"If true, allows Terraform to stop the instance to update its properties. If you try to update a property that requires stopping the instance without setting this field, the update will fail.","description_kind":"plain","computed":true},"attached_disk":{"type":["list",["object",{"device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"List of disks attached to the instance","description_kind":"plain","computed":true},"boot_disk":{"type":["list",["object",{"auto_delete":"bool","device_name":"string","disk_encryption_key_raw":"string","disk_encryption_key_sha256":"string","initialize_params":["list",["object",{"enable_confidential_compute":"bool","image":"string","labels":["map","string"],"provisioned_iops":"number","provisioned_throughput":"number","resource_manager_tags":["map","string"],"size":"number","type":"string"}]],"kms_key_self_link":"string","mode":"string","source":"string"}]],"description":"The boot disk for the instance.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether sending and receiving of packets with non-matching source or destination IPs is allowed.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"cpu_platform":{"type":"string","description":"The CPU platform used by this instance.","description_kind":"plain","computed":true},"current_status":{"type":"string","description":"\n\t\t\t\t\tCurrent status of the instance.\n\t\t\t\t\tThis could be one of the following values: PROVISIONING, STAGING, RUNNING, STOPPING, SUSPENDING, SUSPENDED, REPAIRING, and TERMINATED.\n\t\t\t\t\tFor more information about the status of the instance, see [Instance life cycle](https://cloud.google.com/compute/docs/instances/instance-life-cycle).","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether deletion protection is enabled on this instance.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of the resource.","description_kind":"plain","computed":true},"desired_status":{"type":"string","description":"Desired status of the instance. Either \"RUNNING\" or \"TERMINATED\".","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_display":{"type":"bool","description":"Whether the instance has virtual displays enabled.","description_kind":"plain","computed":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"hostname":{"type":"string","description":"A custom hostname for the instance. Must be a fully qualified DNS name and RFC-1035-valid. Valid format is a series of labels 1-63 characters long matching the regular expression [a-z]([-a-z0-9]*[a-z0-9]), concatenated with periods. The entire hostname must not exceed 253 characters. Changing this forces a new resource to be created.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description":"The server-assigned unique identifier of this instance.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The unique fingerprint of the labels.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs assigned to the instance.\n\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs made available within the instance.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"Metadata startup scripts made available within the instance.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"The minimum CPU platform specified for the VM instance.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. One of name or self_link must be provided.","description_kind":"plain","optional":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"The networks attached to the instance.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"params":{"type":["list",["object",{"resource_manager_tags":["map","string"]}]],"description":"Stores additional params passed with the request, but not persisted as part of resource payload.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If self_link is provided, this value is ignored. If neither self_link nor project are provided, the provider project is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy being used by the instance.","description_kind":"plain","computed":true},"scratch_disk":{"type":["list",["object",{"device_name":"string","interface":"string","size":"number"}]],"description":"The scratch disks attached to the instance.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"The service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"The shielded vm config being used by the instance.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"The list of tags attached to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone of the instance. If self_link is provided, this value is ignored. If neither self_link nor zone are provided, the provider zone is used.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_group":{"version":2,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["set","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"named_port":{"type":["list",["object",{"name":"string","port":"number"}]],"description_kind":"plain","computed":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_group_manager":{"version":0,"block":{"attributes":{"all_instances_config":{"type":["list",["object",{"labels":["map","string"],"metadata":["map","string"]}]],"description":"Specifies configuration that overrides the instance template configuration for the group.","description_kind":"plain","computed":true},"auto_healing_policies":{"type":["list",["object",{"health_check":"string","initial_delay_sec":"number"}]],"description":"The autohealing policies for this managed instance group. You can specify only one value.","description_kind":"plain","computed":true},"base_instance_name":{"type":"string","description":"The base instance name to use for instances in this group. The value must be a valid RFC1035 name. Supported characters are lowercase letters, numbers, and hyphens (-). Instances are named by appending a hyphen and a random four-character string to the base instance name.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional textual description of the instance group manager.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"The fingerprint of the instance group manager.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_group":{"type":"string","description":"The full URL of the instance group created by the manager.","description_kind":"plain","computed":true},"instance_lifecycle_policy":{"type":["list",["object",{"default_action_on_failure":"string","force_update_on_repair":"string"}]],"description":"The instance lifecycle policy for this managed instance group.","description_kind":"plain","computed":true},"list_managed_instances_results":{"type":"string","description":"Pagination behavior of the listManagedInstances API method for this managed instance group. Valid values are: \"PAGELESS\", \"PAGINATED\". If PAGELESS (default), Pagination is disabled for the group's listManagedInstances API method. maxResults and pageToken query parameters are ignored and all instances are returned in a single response. If PAGINATED, pagination is enabled, maxResults and pageToken query parameters are respected.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance group manager. Must be 1-63 characters long and comply with RFC1035. Supported characters include lowercase letters, numbers, and hyphens.","description_kind":"plain","optional":true},"named_port":{"type":["set",["object",{"name":"string","port":"number"}]],"description":"The named port configuration.","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The URL of the created resource.","description_kind":"plain","optional":true},"stateful_disk":{"type":["set",["object",{"delete_rule":"string","device_name":"string"}]],"description":"Disks created on the instances that will be preserved on instance delete, update, etc.","description_kind":"plain","computed":true},"stateful_external_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"stateful_internal_ip":{"type":["list",["object",{"delete_rule":"string","interface_name":"string"}]],"description":"External IPs considered stateful by the instance group. ","description_kind":"plain","computed":true},"status":{"type":["list",["object",{"all_instances_config":["list",["object",{"current_revision":"string","effective":"bool"}]],"is_stable":"bool","stateful":["list",["object",{"has_stateful_config":"bool","per_instance_configs":["list",["object",{"all_effective":"bool"}]]}]],"version_target":["list",["object",{"is_reached":"bool"}]]}]],"description":"The status of this managed instance group.","description_kind":"plain","computed":true},"target_pools":{"type":["set","string"],"description":"The full URL of all target pools to which new instances in the group are added. Updating the target pools attribute does not affect existing instances.","description_kind":"plain","computed":true},"target_size":{"type":"number","description":"The target number of running instances for this managed instance group. This value should always be explicitly set unless this resource is attached to an autoscaler, in which case it should never be set. Defaults to 0.","description_kind":"plain","computed":true},"update_policy":{"type":["list",["object",{"max_surge_fixed":"number","max_surge_percent":"number","max_unavailable_fixed":"number","max_unavailable_percent":"number","minimal_action":"string","most_disruptive_allowed_action":"string","replacement_method":"string","type":"string"}]],"description":"The update policy for this managed instance group.","description_kind":"plain","computed":true},"version":{"type":["list",["object",{"instance_template":"string","name":"string","target_size":["list",["object",{"fixed":"number","percent":"number"}]]}]],"description":"Application versions managed by this instance group. Each version deals with a specific instance template, allowing canary release scenarios.","description_kind":"plain","computed":true},"wait_for_instances":{"type":"bool","description":"Whether to wait for all instances to be created/updated before returning. Note that if this is set to true and the operation does not succeed, Terraform will continue trying until it times out.","description_kind":"plain","computed":true},"wait_for_instances_status":{"type":"string","description":"When used with wait_for_instances specifies the status to wait for. When STABLE is specified this resource will wait until the instances are stable before returning. When UPDATED is set, it will wait for the version target to be reached and any per instance configs to be effective and all instances configs to be effective as well as all instances to be stable before returning.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone that instances in this group should be created in.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_serial_port":{"version":0,"block":{"attributes":{"contents":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"port":{"type":"number","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"An instance template is a global resource that is not bound to a zone or a region. However, you can still specify some regional resources in an instance template, which restricts the template to the region where that resource resides. For example, a custom subnetwork resource is tied to a specific region. Defaults to the region of the Provider if no value is given.","description_kind":"plain","computed":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags.\n\t\t\t\tKeys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456.\n\t\t\t\tThe field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"self_link_unique":{"type":"string","description_kind":"plain","optional":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_lb_ip_ranges":{"version":0,"block":{"attributes":{"http_ssl_tcp_internal":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"network":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_machine_types":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"machine_types":{"type":["list",["object",{"accelerators":["list",["object",{"guest_accelerator_count":"number","guest_accelerator_type":"string"}]],"deprecated":["set",["object",{"replacement":"string","state":"string"}]],"description":"string","guest_cpus":"number","is_shared_cpus":"bool","maximum_persistent_disks":"number","maximum_persistent_disks_size_gb":"number","memory_mb":"number","name":"string","self_link":"string"}]],"description":"The list of machine types","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID for this request.","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description":"The name of the zone for this request.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_ipv4":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"subnetworks_self_links":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_network_endpoint_group":{"version":0,"block":{"attributes":{"default_port":{"type":"number","description":"The default port used if the port number is not specified in the\nnetwork endpoint.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"The network to which all network endpoints in the NEG belong.\nUses \"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group.\nNON_GCP_PRIVATE_IP_PORT is used for hybrid connectivity network\nendpoint groups (see https://cloud.google.com/load-balancing/docs/hybrid).\nNote that NON_GCP_PRIVATE_IP_PORT can only be used with Backend Services\nthat 1) have the following load balancing schemes: EXTERNAL, EXTERNAL_MANAGED,\nINTERNAL_MANAGED, and INTERNAL_SELF_MANAGED and 2) support the RATE or\nCONNECTION balancing modes.\n\nPossible values include: GCE_VM_IP, GCE_VM_IP_PORT, NON_GCP_PRIVATE_IP_PORT, INTERNET_IP_PORT, INTERNET_FQDN_PORT, SERVERLESS, and PRIVATE_SERVICE_CONNECT. Default value: \"GCE_VM_IP_PORT\" Possible values: [\"GCE_VM_IP\", \"GCE_VM_IP_PORT\", \"NON_GCP_PRIVATE_IP_PORT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\", \"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"size":{"type":"number","description":"Number of network endpoints in the network endpoint group.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"Optional subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"Zone where the network endpoint group is located.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_network_peering":{"version":0,"block":{"attributes":{"export_custom_routes":{"type":"bool","description":"Whether to export the custom routes to the peer network. Defaults to false.","description_kind":"plain","computed":true},"export_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"Whether to export the custom routes from the peer network. Defaults to false.","description_kind":"plain","computed":true},"import_subnet_routes_with_public_ip":{"type":"bool","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the peering.","description_kind":"plain","required":true},"network":{"type":"string","description":"The primary network of the peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The peer network in the peering. The peer network may belong to a different project.","description_kind":"plain","computed":true},"stack_type":{"type":"string","description":"Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY. Possible values: [\"IPV4_ONLY\", \"IPV4_IPV6\"]","description_kind":"plain","computed":true},"state":{"type":"string","description":"State for the peering, either ACTIVE or INACTIVE. The peering is ACTIVE when there's a matching configuration in the peer network.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the peering.","description_kind":"plain","computed":true}},"block_types":{"timeouts":{"nesting_mode":"single","block":{"attributes":{"read":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_compute_networks":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"networks":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_node_types":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_disk":{"version":0,"block":{"attributes":{"async_primary_disk":{"type":["list",["object",{"disk":"string"}]],"description":"A nested object resource","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"disk_encryption_key":{"type":["list",["object",{"kms_key_name":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the disk using a customer-supplied encryption key.\n\nAfter you encrypt a disk with a customer-supplied key, you must\nprovide the same key if you use the disk later (e.g. to create a disk\nsnapshot or an image, or to attach the disk to a virtual machine).\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe disk.\n\nIf you do not provide an encryption key when creating the disk, then\nthe disk will be encrypted using an automatically generated key and\nyou do not need to provide a key to use the disk later.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"guest_os_features":{"type":["set",["object",{"type":"string"}]],"description":"A list of features to enable on the guest operating system.\nApplicable only for bootable disks.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this disk. A list of key-\u003evalue pairs.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"last_attach_timestamp":{"type":"string","description":"Last attach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"last_detach_timestamp":{"type":"string","description":"Last detach timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"Any applicable license URI.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"physical_block_size_bytes":{"type":"number","description":"Physical block size of the persistent disk, in bytes. If not present\nin a request, a default value is used. Currently supported sizes\nare 4096 and 16384, other sizes may be added in the future.\nIf an unsupported value is requested, the error message will list\nthe supported values for the caller's project.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"A reference to the region where the disk resides.","description_kind":"plain","optional":true},"replica_zones":{"type":["list","string"],"description":"URLs of the zones where the disk should be replicated to.","description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"size":{"type":"number","description":"Size of the persistent disk, specified in GB. You can specify this\nfield when creating a persistent disk using the sourceImage or\nsourceSnapshot parameter, or specify it alone to create an empty\npersistent disk.\n\nIf you specify this field along with sourceImage or sourceSnapshot,\nthe value of sizeGb must not be less than the size of the sourceImage\nor the size of the snapshot.","description_kind":"plain","computed":true},"snapshot":{"type":"string","description":"The source snapshot used to create this disk. You can provide this as\na partial or full URL to the resource. For example, the following are\nvalid values:\n\n* 'https://www.googleapis.com/compute/v1/projects/project/global/snapshots/snapshot'\n* 'projects/project/global/snapshots/snapshot'\n* 'global/snapshots/snapshot'\n* 'snapshot'","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"The source disk used to create this disk. You can provide this as a partial or full URL to the resource.\nFor example, the following are valid values:\n\n* https://www.googleapis.com/compute/v1/projects/{project}/zones/{zone}/disks/{disk}\n* https://www.googleapis.com/compute/v1/projects/{project}/regions/{region}/disks/{disk}\n* projects/{project}/zones/{zone}/disks/{disk}\n* projects/{project}/regions/{region}/disks/{disk}\n* zones/{zone}/disks/{disk}\n* regions/{region}/disks/{disk}","description_kind":"plain","computed":true},"source_disk_id":{"type":"string","description":"The ID value of the disk used to create this image. This value may\nbe used to determine whether the image was taken from the current\nor a previous instance of a given disk name.","description_kind":"plain","computed":true},"source_snapshot_encryption_key":{"type":["list",["object",{"raw_key":"string","sha256":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"source_snapshot_id":{"type":"string","description":"The unique ID of the snapshot used to create this disk. This value\nidentifies the exact snapshot that was used to create this persistent\ndisk. For example, if you created the persistent disk from a snapshot\nthat was later deleted and recreated under the same name, the source\nsnapshot ID would identify the exact version of the snapshot that was\nused.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"URL of the disk type resource describing which disk type to use to\ncreate the disk. Provide this when creating the disk.","description_kind":"plain","computed":true},"users":{"type":["list","string"],"description":"Links to the users of the disk (attached instances) in form:\nproject/zones/zone/instances/instance","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_disk_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_region_instance_group":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"instance":"string","named_ports":["list",["object",{"name":"string","port":"number"}]],"status":"string"}]],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true},"size":{"type":"number","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_instance_template":{"version":1,"block":{"attributes":{"advanced_machine_features":{"type":["list",["object",{"enable_nested_virtualization":"bool","threads_per_core":"number","visible_core_count":"number"}]],"description":"Controls for advanced machine-related behavior features.","description_kind":"plain","computed":true},"can_ip_forward":{"type":"bool","description":"Whether to allow sending and receiving of packets with non-matching source or destination IPs. This defaults to false.","description_kind":"plain","computed":true},"confidential_instance_config":{"type":["list",["object",{"enable_confidential_compute":"bool"}]],"description":"The Confidential VM config being used by the instance. on_host_maintenance has to be set to TERMINATE or this will fail to create.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A brief description of this resource.","description_kind":"plain","computed":true},"disk":{"type":["list",["object",{"auto_delete":"bool","boot":"bool","device_name":"string","disk_encryption_key":["list",["object",{"kms_key_self_link":"string"}]],"disk_name":"string","disk_size_gb":"number","disk_type":"string","interface":"string","labels":["map","string"],"mode":"string","provisioned_iops":"number","resource_manager_tags":["map","string"],"resource_policies":["list","string"],"source":"string","source_image":"string","source_image_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"source_snapshot":"string","source_snapshot_encryption_key":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string"}]],"type":"string"}]],"description":"Disks to attach to instances created from this template. This can be specified multiple times for multiple disks.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"guest_accelerator":{"type":["list",["object",{"count":"number","type":"string"}]],"description":"List of the type and count of accelerator cards attached to the instance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to instances created from this template,\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"The machine type to create. To create a machine with a custom type (such as extended memory), format the value like custom-VCPUS-MEM_IN_MB like custom-6-20480 for 6 vCPU and 20GB of RAM.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"Metadata key/value pairs to make available from within instances created from this template.","description_kind":"plain","computed":true},"metadata_fingerprint":{"type":"string","description":"The unique fingerprint of the metadata.","description_kind":"plain","computed":true},"metadata_startup_script":{"type":"string","description":"An alternative to using the startup-script metadata key, mostly to match the compute_instance resource. This replaces the startup-script metadata key on the created instance and thus the two mechanisms are not allowed to be used simultaneously.","description_kind":"plain","computed":true},"min_cpu_platform":{"type":"string","description":"Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"The name of the instance template. If you leave this blank, Terraform will auto-generate a unique name.","description_kind":"plain","optional":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"network_interface":{"type":["list",["object",{"access_config":["list",["object",{"nat_ip":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"alias_ip_range":["list",["object",{"ip_cidr_range":"string","subnetwork_range_name":"string"}]],"internal_ipv6_prefix_length":"number","ipv6_access_config":["list",["object",{"external_ipv6":"string","external_ipv6_prefix_length":"string","name":"string","network_tier":"string","public_ptr_domain_name":"string"}]],"ipv6_access_type":"string","ipv6_address":"string","name":"string","network":"string","network_ip":"string","nic_type":"string","queue_count":"number","stack_type":"string","subnetwork":"string","subnetwork_project":"string"}]],"description":"Networks to attach to instances created from this template. This can be specified multiple times for multiple networks.","description_kind":"plain","computed":true},"network_performance_config":{"type":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"description":"Configures network performance settings for the instance. If not specified, the instance will be created with its default network performance configuration.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region in which the instance template is located. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"reservation_affinity":{"type":["list",["object",{"specific_reservation":["list",["object",{"key":"string","values":["list","string"]}]],"type":"string"}]],"description":"Specifies the reservations that this instance can consume from.","description_kind":"plain","computed":true},"resource_manager_tags":{"type":["map","string"],"description":"A map of resource manager tags.\n\t\t\t\tResource manager tag keys and values have the same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, and values are in the format tagValues/456. The field is ignored (both PUT \u0026 PATCH) when empty.","description_kind":"plain","computed":true},"resource_policies":{"type":["list","string"],"description":"A list of self_links of resource policies to attach to the instance. Currently a max of 1 resource policy is supported.","description_kind":"plain","computed":true},"scheduling":{"type":["list",["object",{"automatic_restart":"bool","instance_termination_action":"string","local_ssd_recovery_timeout":["list",["object",{"nanos":"number","seconds":"number"}]],"min_node_cpus":"number","node_affinities":["set",["object",{"key":"string","operator":"string","values":["set","string"]}]],"on_host_maintenance":"string","preemptible":"bool","provisioning_model":"string"}]],"description":"The scheduling strategy to use.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"service_account":{"type":["list",["object",{"email":"string","scopes":["set","string"]}]],"description":"Service account to attach to the instance.","description_kind":"plain","computed":true},"shielded_instance_config":{"type":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool","enable_vtpm":"bool"}]],"description":"Enable Shielded VM on this instance. Shielded VM provides verifiable integrity to prevent against malware and rootkits. Defaults to disabled. Note: shielded_instance_config can only be used with boot images with shielded vm support.","description_kind":"plain","computed":true},"tags":{"type":["set","string"],"description":"Tags to attach to the instance.","description_kind":"plain","computed":true},"tags_fingerprint":{"type":"string","description":"The unique fingerprint of the tags.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_network_endpoint_group":{"version":0,"block":{"attributes":{"app_engine":{"type":["list",["object",{"service":"string","url_mask":"string","version":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_function":{"type":["list",["object",{"function":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"cloud_run":{"type":["list",["object",{"service":"string","tag":"string","url_mask":"string"}]],"description":"This field is only used for SERVERLESS NEGs.\n\nOnly one of cloud_run, app_engine, cloud_function or serverless_deployment may be set.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource. Provide this property when\nyou create the resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"network":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe URL of the network to which all network endpoints in the NEG belong. Uses\n\"default\" project network if unspecified.","description_kind":"plain","computed":true},"network_endpoint_type":{"type":"string","description":"Type of network endpoints in this network endpoint group. Defaults to SERVERLESS. Default value: \"SERVERLESS\" Possible values: [\"SERVERLESS\", \"PRIVATE_SERVICE_CONNECT\", \"INTERNET_IP_PORT\", \"INTERNET_FQDN_PORT\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"psc_target_service":{"type":"string","description":"This field is only used for PSC and INTERNET NEGs.\n\nThe target service url used to set up private service connection to\na Google API or a PSC Producer Service Attachment.","description_kind":"plain","computed":true},"region":{"type":"string","description":"A reference to the region where the regional NEGs reside.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","optional":true},"subnetwork":{"type":"string","description":"This field is only used for PSC NEGs.\n\nOptional URL of the subnetwork to which all network endpoints in the NEG belong.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_region_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The Region in which the created regional ssl certificate should reside.\nIf it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_regions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_compute_reservation":{"version":0,"block":{"attributes":{"commitment":{"type":"string","description":"Full or partial URL to a parent commitment. This field displays for\nreservations that are tied to a commitment.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"share_settings":{"type":["list",["object",{"project_map":["set",["object",{"id":"string","project_id":"string"}]],"share_type":"string"}]],"description":"The share setting for reservations.","description_kind":"plain","computed":true},"specific_reservation":{"type":["list",["object",{"count":"number","in_use_count":"number","instance_properties":["list",["object",{"guest_accelerators":["list",["object",{"accelerator_count":"number","accelerator_type":"string"}]],"local_ssds":["list",["object",{"disk_size_gb":"number","interface":"string"}]],"machine_type":"string","min_cpu_platform":"string"}]]}]],"description":"Reservation for instances with specific machine shapes.","description_kind":"plain","computed":true},"specific_reservation_required":{"type":"bool","description":"When set to true, only VMs that target this reservation by name can\nconsume this reservation. Otherwise, it can be consumed by VMs with\naffinity for any reservation. Defaults to false.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of the reservation.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The zone where the reservation is made.","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_resource_policy":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional description of this resource. Provide this property when you create the resource.","description_kind":"plain","computed":true},"disk_consistency_group_policy":{"type":["list",["object",{"enabled":"bool"}]],"description":"Replication consistency group for asynchronous disk replication.","description_kind":"plain","computed":true},"group_placement_policy":{"type":["list",["object",{"availability_domain_count":"number","collocation":"string","vm_count":"number"}]],"description":"Resource policy for instances used for placement configuration.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_schedule_policy":{"type":["list",["object",{"expiration_time":"string","start_time":"string","time_zone":"string","vm_start_schedule":["list",["object",{"schedule":"string"}]],"vm_stop_schedule":["list",["object",{"schedule":"string"}]]}]],"description":"Resource policy for scheduling instance operations.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource, provided by the client when initially creating\nthe resource. The resource name must be 1-63 characters long, and comply\nwith RFC1035. Specifically, the name must be 1-63 characters long and\nmatch the regular expression '[a-z]([-a-z0-9]*[a-z0-9])'? which means the\nfirst character must be a lowercase letter, and all following characters\nmust be a dash, lowercase letter, or digit, except the last character,\nwhich cannot be a dash.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where resource policy resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_schedule_policy":{"type":["list",["object",{"retention_policy":["list",["object",{"max_retention_days":"number","on_source_disk_delete":"string"}]],"schedule":["list",["object",{"daily_schedule":["list",["object",{"days_in_cycle":"number","start_time":"string"}]],"hourly_schedule":["list",["object",{"hours_in_cycle":"number","start_time":"string"}]],"weekly_schedule":["list",["object",{"day_of_weeks":["set",["object",{"day":"string","start_time":"string"}]]}]]}]],"snapshot_properties":["list",["object",{"chain_name":"string","guest_flush":"bool","labels":["map","string"],"storage_locations":["set","string"]}]]}]],"description":"Policy for creating snapshots of persistent disks.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router":{"version":0,"block":{"attributes":{"bgp":{"type":["list",["object",{"advertise_mode":"string","advertised_groups":["list","string"],"advertised_ip_ranges":["list",["object",{"description":"string","range":"string"}]],"asn":"number","keepalive_interval":"number"}]],"description":"BGP information specific to this router.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"encrypted_interconnect_router":{"type":"bool","description":"Indicates if a router is dedicated for use with encrypted VLAN\nattachments (interconnectAttachments).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. The name must be 1-63 characters long, and\ncomply with RFC1035. Specifically, the name must be 1-63 characters\nlong and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?'\nwhich means the first character must be a lowercase letter, and all\nfollowing characters must be a dash, lowercase letter, or digit,\nexcept the last character, which cannot be a dash.","description_kind":"plain","required":true},"network":{"type":"string","description":"A reference to the network to which this router belongs.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router resides.","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_nat":{"version":0,"block":{"attributes":{"drain_nat_ips":{"type":["set","string"],"description":"A list of URLs of the IP resources to be drained. These IPs must be\nvalid static external IPs that have been assigned to the NAT.","description_kind":"plain","computed":true},"enable_dynamic_port_allocation":{"type":"bool","description":"Enable Dynamic Port Allocation.\nIf minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.\nIf minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.\nIf maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.\nIf maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.\n\nMutually exclusive with enableEndpointIndependentMapping.","description_kind":"plain","computed":true},"enable_endpoint_independent_mapping":{"type":"bool","description":"Enable endpoint independent mapping.\nFor more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs).","description_kind":"plain","computed":true},"endpoint_types":{"type":["list","string"],"description":"Specifies the endpoint Types supported by the NAT Gateway.\nSupported values include:\n 'ENDPOINT_TYPE_VM', 'ENDPOINT_TYPE_SWG',\n 'ENDPOINT_TYPE_MANAGED_PROXY_LB'.","description_kind":"plain","computed":true},"icmp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"log_config":{"type":["list",["object",{"enable":"bool","filter":"string"}]],"description":"Configuration for logging on NAT","description_kind":"plain","computed":true},"max_ports_per_vm":{"type":"number","description":"Maximum number of ports allocated to a VM from this NAT.\nThis field can only be set when enableDynamicPortAllocation is enabled.","description_kind":"plain","computed":true},"min_ports_per_vm":{"type":"number","description":"Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the NAT service. The name must be 1-63 characters long and\ncomply with RFC1035.","description_kind":"plain","required":true},"nat_ip_allocate_option":{"type":"string","description":"How external IPs should be allocated for this NAT. Valid values are\n'AUTO_ONLY' for only allowing NAT IPs allocated by Google Cloud\nPlatform, or 'MANUAL_ONLY' for only user-allocated NAT IP addresses. Possible values: [\"MANUAL_ONLY\", \"AUTO_ONLY\"]","description_kind":"plain","computed":true},"nat_ips":{"type":["set","string"],"description":"Self-links of NAT IPs. Only valid if natIpAllocateOption\nis set to MANUAL_ONLY.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the router and NAT reside.","description_kind":"plain","optional":true},"router":{"type":"string","description":"The name of the Cloud Router in which this NAT will be configured.","description_kind":"plain","required":true},"rules":{"type":["set",["object",{"action":["list",["object",{"source_nat_active_ips":["set","string"],"source_nat_drain_ips":["set","string"]}]],"description":"string","match":"string","rule_number":"number"}]],"description":"A list of rules associated with this NAT.","description_kind":"plain","computed":true},"source_subnetwork_ip_ranges_to_nat":{"type":"string","description":"How NAT should be configured per Subnetwork.\nIf 'ALL_SUBNETWORKS_ALL_IP_RANGES', all of the\nIP ranges in every Subnetwork are allowed to Nat.\nIf 'ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES', all of the primary IP\nranges in every Subnetwork are allowed to Nat.\n'LIST_OF_SUBNETWORKS': A list of Subnetworks are allowed to Nat\n(specified in the field subnetwork below). Note that if this field\ncontains ALL_SUBNETWORKS_ALL_IP_RANGES or\nALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any\nother RouterNat section in any Router for this network in this region. Possible values: [\"ALL_SUBNETWORKS_ALL_IP_RANGES\", \"ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES\", \"LIST_OF_SUBNETWORKS\"]","description_kind":"plain","computed":true},"subnetwork":{"type":["set",["object",{"name":"string","secondary_ip_range_names":["set","string"],"source_ip_ranges_to_nat":["set","string"]}]],"description":"One or more subnetwork NAT configurations. Only used if\n'source_subnetwork_ip_ranges_to_nat' is set to 'LIST_OF_SUBNETWORKS'","description_kind":"plain","computed":true},"tcp_established_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP established connections.\nDefaults to 1200s if not set.","description_kind":"plain","computed":true},"tcp_time_wait_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP connections that are in TIME_WAIT state.\nDefaults to 120s if not set.","description_kind":"plain","computed":true},"tcp_transitory_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for TCP transitory connections.\nDefaults to 30s if not set.","description_kind":"plain","computed":true},"udp_idle_timeout_sec":{"type":"number","description":"Timeout (in seconds) for UDP connections. Defaults to 30s if not set.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_router_status":{"version":0,"block":{"attributes":{"best_routes":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes for this router's network.","description_kind":"plain","computed":true},"best_routes_for_router":{"type":["list",["object",{"description":"string","dest_range":"string","name":"string","network":"string","next_hop_gateway":"string","next_hop_ilb":"string","next_hop_instance":"string","next_hop_instance_zone":"string","next_hop_ip":"string","next_hop_network":"string","next_hop_vpn_tunnel":"string","priority":"number","project":"string","self_link":"string","tags":["set","string"]}]],"description":"Best routes learned by this router.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the router to query.","description_kind":"plain","required":true},"network":{"type":"string","description":"URI of the network to which this router belongs.","description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the target router.","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region of the target router.","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_snapshot":{"version":0,"block":{"attributes":{"chain_name":{"type":"string","description":"Creates the new snapshot in the snapshot chain labeled with the\nspecified name. The chain name must be 1-63 characters long and\ncomply with RFC1035. This is an uncommon option only for advanced\nservice owners who needs to create separate snapshot chains, for\nexample, for chargeback tracking. When you describe your snapshot\nresource, this field is visible only if it has a non-empty value.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"disk_size_gb":{"type":"number","description":"Size of the snapshot, specified in GB.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"filter":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint used for optimistic locking of this resource. Used\ninternally during updates.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels to apply to this Snapshot.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"licenses":{"type":["list","string"],"description":"A list of public visible licenses that apply to this snapshot. This\ncan be because the original image had licenses attached (such as a\nWindows image). snapshotEncryptionKey nested object Encrypts the\nsnapshot using a customer-supplied encryption key.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description":"Name of the resource; provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true},"snapshot_encryption_key":{"type":["list",["object",{"kms_key_self_link":"string","kms_key_service_account":"string","raw_key":"string","sha256":"string"}]],"description":"Encrypts the snapshot using a customer-supplied encryption key.\n\nAfter you encrypt a snapshot using a customer-supplied key, you must\nprovide the same key if you use the snapshot later. For example, you\nmust provide the encryption key when you create a disk from the\nencrypted snapshot in a future request.\n\nCustomer-supplied encryption keys do not protect access to metadata of\nthe snapshot.\n\nIf you do not provide an encryption key when creating the snapshot,\nthen the snapshot will be encrypted using an automatically generated\nkey and you do not need to provide a key to use the snapshot later.","description_kind":"plain","computed":true},"snapshot_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"source_disk":{"type":"string","description":"A reference to the disk used to create this snapshot.","description_kind":"plain","computed":true},"source_disk_encryption_key":{"type":["list",["object",{"kms_key_service_account":"string","raw_key":"string"}]],"description":"The customer-supplied encryption key of the source snapshot. Required\nif the source snapshot is protected by a customer-supplied encryption\nkey.","description_kind":"plain","computed":true},"storage_bytes":{"type":"number","description":"A size of the storage used by the snapshot. As snapshots share\nstorage, this number is expected to change with snapshot\ncreation/deletion.","description_kind":"plain","computed":true},"storage_locations":{"type":["list","string"],"description":"Cloud Storage bucket storage location of the snapshot (regional or multi-regional).","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"zone":{"type":"string","description":"A reference to the zone where the disk is hosted.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_snapshot_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_ssl_certificate":{"version":0,"block":{"attributes":{"certificate":{"type":"string","description":"The certificate in PEM format.\nThe certificate chain must be no greater than 5 certs long.\nThe chain must include at least one intermediate cert.","description_kind":"plain","computed":true},"certificate_id":{"type":"number","description":"The unique identifier for the resource.","description_kind":"plain","computed":true},"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Expire time of the certificate in RFC3339 text format.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.\n\n\nThese are in the same namespace as the managed SSL certificates.","description_kind":"plain","required":true},"name_prefix":{"type":"string","description":"Creates a unique name beginning with the specified prefix. Conflicts with name.","description_kind":"plain","computed":true},"private_key":{"type":"string","description":"The write-only private key in PEM format.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_ssl_policy":{"version":0,"block":{"attributes":{"creation_timestamp":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"custom_features":{"type":["set","string"],"description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. This can be one of\n'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor which ciphers are available to use. **Note**: this argument\n*must* be present when using the 'CUSTOM' profile. This argument\n*must not* be present when using any other profile.","description_kind":"plain","computed":true},"description":{"type":"string","description":"An optional description of this resource.","description_kind":"plain","computed":true},"enabled_features":{"type":["set","string"],"description":"The list of features enabled in the SSL policy.","description_kind":"plain","computed":true},"fingerprint":{"type":"string","description":"Fingerprint of this resource. A hash of the contents stored in this\nobject. This field is used in optimistic locking.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"min_tls_version":{"type":"string","description":"The minimum version of SSL protocol that can be used by the clients\nto establish a connection with the load balancer. Default value: \"TLS_1_0\" Possible values: [\"TLS_1_0\", \"TLS_1_1\", \"TLS_1_2\"]","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the resource. Provided by the client when the resource is\ncreated. The name must be 1-63 characters long, and comply with\nRFC1035. Specifically, the name must be 1-63 characters long and match\nthe regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the\nfirst character must be a lowercase letter, and all following\ncharacters must be a dash, lowercase letter, or digit, except the last\ncharacter, which cannot be a dash.","description_kind":"plain","required":true},"profile":{"type":"string","description":"Profile specifies the set of SSL features that can be used by the\nload balancer when negotiating SSL with clients. If using 'CUSTOM',\nthe set of SSL features to enable must be specified in the\n'customFeatures' field.\n\nSee the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)\nfor information on what cipher suites each profile provides. If\n'CUSTOM' is used, the 'custom_features' attribute **must be set**. Default value: \"COMPATIBLE\" Possible values: [\"COMPATIBLE\", \"MODERN\", \"RESTRICTED\", \"CUSTOM\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_subnetwork":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"gateway_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ipv6_prefix":{"type":"string","description_kind":"plain","computed":true},"ip_cidr_range":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","optional":true},"network":{"type":"string","description_kind":"plain","computed":true},"private_ip_google_access":{"type":"bool","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secondary_ip_range":{"type":["list",["object",{"ip_cidr_range":"string","range_name":"string"}]],"description_kind":"plain","computed":true},"self_link":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_compute_subnetwork_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subnetwork":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_compute_vpn_gateway":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_compute_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"names":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"status":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_analysis_note_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"note":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_container_attached_install_manifest":{"version":0,"block":{"attributes":{"cluster_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"manifest":{"type":"string","description_kind":"plain","computed":true},"platform_version":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_container_attached_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","required":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_aws_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_azure_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"supported_regions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_versions":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_cluster":{"version":2,"block":{"attributes":{"addons_config":{"type":["list",["object",{"cloudrun_config":["list",["object",{"disabled":"bool","load_balancer_type":"string"}]],"config_connector_config":["list",["object",{"enabled":"bool"}]],"dns_cache_config":["list",["object",{"enabled":"bool"}]],"gce_persistent_disk_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcp_filestore_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gcs_fuse_csi_driver_config":["list",["object",{"enabled":"bool"}]],"gke_backup_agent_config":["list",["object",{"enabled":"bool"}]],"horizontal_pod_autoscaling":["list",["object",{"disabled":"bool"}]],"http_load_balancing":["list",["object",{"disabled":"bool"}]],"network_policy_config":["list",["object",{"disabled":"bool"}]],"stateful_ha_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The configuration for addons supported by GKE.","description_kind":"plain","computed":true},"allow_net_admin":{"type":"bool","description":"Enable NET_ADMIN for this cluster.","description_kind":"plain","computed":true},"authenticator_groups_config":{"type":["list",["object",{"security_group":"string"}]],"description":"Configuration for the Google Groups for GKE feature.","description_kind":"plain","computed":true},"binary_authorization":{"type":["list",["object",{"enabled":"bool","evaluation_mode":"string"}]],"description":"Configuration options for the Binary Authorization feature.","description_kind":"plain","computed":true},"cluster_autoscaling":{"type":["list",["object",{"auto_provisioning_defaults":["list",["object",{"boot_disk_kms_key":"string","disk_size":"number","disk_type":"string","image_type":"string","management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool","upgrade_options":["list",["object",{"auto_upgrade_start_time":"string","description":"string"}]]}]],"min_cpu_platform":"string","oauth_scopes":["list","string"],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]]}]],"autoscaling_profile":"string","enabled":"bool","resource_limits":["list",["object",{"maximum":"number","minimum":"number","resource_type":"string"}]]}]],"description":"Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.","description_kind":"plain","computed":true},"cluster_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.","description_kind":"plain","computed":true},"confidential_nodes":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.","description_kind":"plain","computed":true},"cost_management_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Cost management configuration for the cluster.","description_kind":"plain","computed":true},"database_encryption":{"type":["list",["object",{"key_name":"string","state":"string"}]],"description":"Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key.","description_kind":"plain","computed":true},"datapath_provider":{"type":"string","description":"The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.","description_kind":"plain","computed":true},"default_max_pods_per_node":{"type":"number","description":"The default maximum number of pods per node in this cluster. This doesn't work on \"routes-based\" clusters, clusters that don't have IP Aliasing enabled.","description_kind":"plain","computed":true},"default_snat_status":{"type":["list",["object",{"disabled":"bool"}]],"description":"Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.","description_kind":"plain","computed":true},"description":{"type":"string","description":" Description of the cluster.","description_kind":"plain","computed":true},"dns_config":{"type":["list",["object",{"cluster_dns":"string","cluster_dns_domain":"string","cluster_dns_scope":"string"}]],"description":"Configuration for Cloud DNS for Kubernetes Engine.","description_kind":"plain","computed":true},"enable_autopilot":{"type":"bool","description":"Enable Autopilot for this cluster.","description_kind":"plain","computed":true},"enable_cilium_clusterwide_network_policy":{"type":"bool","description":"Whether Cilium cluster-wide network policy is enabled on this cluster.","description_kind":"plain","computed":true},"enable_intranode_visibility":{"type":"bool","description":"Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.","description_kind":"plain","computed":true},"enable_k8s_beta_apis":{"type":["list",["object",{"enabled_apis":["set","string"]}]],"description":"Configuration for Kubernetes Beta APIs.","description_kind":"plain","computed":true},"enable_kubernetes_alpha":{"type":"bool","description":"Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.","description_kind":"plain","computed":true},"enable_l4_ilb_subsetting":{"type":"bool","description":"Whether L4ILB Subsetting is enabled for this cluster.","description_kind":"plain","computed":true},"enable_legacy_abac":{"type":"bool","description":"Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.","description_kind":"plain","computed":true},"enable_shielded_nodes":{"type":"bool","description":"Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.","description_kind":"plain","computed":true},"enable_tpu":{"type":"bool","description":"Whether to enable Cloud TPU resources in this cluster.","description_kind":"plain","computed":true},"endpoint":{"type":"string","description":"The IP address of this cluster's Kubernetes master.","description_kind":"plain","computed":true},"fleet":{"type":["list",["object",{"membership":"string","membership_id":"string","membership_location":"string","pre_registered":"bool","project":"string"}]],"description":"Fleet configuration of the cluster.","description_kind":"plain","computed":true},"gateway_api_config":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration for GKE Gateway API controller.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"identity_service_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"Configuration for Identity Service which allows customers to use external identity providers with the K8S API.","description_kind":"plain","computed":true},"initial_node_count":{"type":"number","description":"The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.","description_kind":"plain","computed":true},"ip_allocation_policy":{"type":["list",["object",{"additional_pod_ranges_config":["list",["object",{"pod_range_names":["set","string"]}]],"cluster_ipv4_cidr_block":"string","cluster_secondary_range_name":"string","pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"services_ipv4_cidr_block":"string","services_secondary_range_name":"string","stack_type":"string"}]],"description":"Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.","description_kind":"plain","computed":true},"label_fingerprint":{"type":"string","description":"The fingerprint of the set of labels for this cluster.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.","description_kind":"plain","optional":true},"logging_config":{"type":["list",["object",{"enable_components":["list","string"]}]],"description":"Logging configuration for the cluster.","description_kind":"plain","computed":true},"logging_service":{"type":"string","description":"The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"daily_maintenance_window":["list",["object",{"duration":"string","start_time":"string"}]],"maintenance_exclusion":["set",["object",{"end_time":"string","exclusion_name":"string","exclusion_options":["list",["object",{"scope":"string"}]],"start_time":"string"}]],"recurring_window":["list",["object",{"end_time":"string","recurrence":"string","start_time":"string"}]]}]],"description":"The maintenance policy to use for the cluster.","description_kind":"plain","computed":true},"master_auth":{"type":["list",["object",{"client_certificate":"string","client_certificate_config":["list",["object",{"issue_client_certificate":"bool"}]],"client_key":"string","cluster_ca_certificate":"string"}]],"description":"The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.","description_kind":"plain","computed":true},"master_authorized_networks_config":{"type":["list",["object",{"cidr_blocks":["set",["object",{"cidr_block":"string","display_name":"string"}]],"gcp_public_cidrs_access_enabled":"bool"}]],"description":"The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).","description_kind":"plain","computed":true},"master_version":{"type":"string","description":"The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.","description_kind":"plain","computed":true},"mesh_certificates":{"type":["list",["object",{"enable_certificates":"bool"}]],"description":"If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.","description_kind":"plain","computed":true},"min_master_version":{"type":"string","description":"The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).","description_kind":"plain","computed":true},"monitoring_config":{"type":["list",["object",{"advanced_datapath_observability_config":["list",["object",{"enable_metrics":"bool","enable_relay":"bool","relay_mode":"string"}]],"enable_components":["list","string"],"managed_prometheus":["list",["object",{"enabled":"bool"}]]}]],"description":"Monitoring configuration for the cluster.","description_kind":"plain","computed":true},"monitoring_service":{"type":"string","description":"The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the cluster, unique within the project and location.","description_kind":"plain","required":true},"network":{"type":"string","description":"The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.","description_kind":"plain","computed":true},"network_policy":{"type":["list",["object",{"enabled":"bool","provider":"string"}]],"description":"Configuration options for the NetworkPolicy feature.","description_kind":"plain","computed":true},"networking_mode":{"type":"string","description":"Determines whether alias IPs or routes will be used for pod IPs in the cluster. Defaults to VPC_NATIVE for new clusters.","description_kind":"plain","computed":true},"node_config":{"type":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"description":"The configuration of the nodepool","description_kind":"plain","computed":true},"node_locations":{"type":["set","string"],"description":"The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.","description_kind":"plain","computed":true},"node_pool":{"type":["list",["object",{"autoscaling":["list",["object",{"location_policy":"string","max_node_count":"number","min_node_count":"number","total_max_node_count":"number","total_min_node_count":"number"}]],"initial_node_count":"number","instance_group_urls":["list","string"],"managed_instance_group_urls":["list","string"],"management":["list",["object",{"auto_repair":"bool","auto_upgrade":"bool"}]],"max_pods_per_node":"number","name":"string","name_prefix":"string","network_config":["list",["object",{"create_pod_range":"bool","enable_private_nodes":"bool","network_performance_config":["list",["object",{"total_egress_bandwidth_tier":"string"}]],"pod_cidr_overprovision_config":["list",["object",{"disabled":"bool"}]],"pod_ipv4_cidr_block":"string","pod_range":"string"}]],"node_config":["list",["object",{"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"boot_disk_kms_key":"string","confidential_nodes":["list",["object",{"enabled":"bool"}]],"disk_size_gb":"number","disk_type":"string","effective_taints":["list",["object",{"effect":"string","key":"string","value":"string"}]],"enable_confidential_storage":"bool","ephemeral_storage_local_ssd_config":["list",["object",{"local_ssd_count":"number"}]],"fast_socket":["list",["object",{"enabled":"bool"}]],"gcfs_config":["list",["object",{"enabled":"bool"}]],"guest_accelerator":["list",["object",{"count":"number","gpu_driver_installation_config":["list",["object",{"gpu_driver_version":"string"}]],"gpu_partition_size":"string","gpu_sharing_config":["list",["object",{"gpu_sharing_strategy":"string","max_shared_clients_per_gpu":"number"}]],"type":"string"}]],"gvnic":["list",["object",{"enabled":"bool"}]],"host_maintenance_policy":["list",["object",{"maintenance_interval":"string"}]],"image_type":"string","kubelet_config":["list",["object",{"cpu_cfs_quota":"bool","cpu_cfs_quota_period":"string","cpu_manager_policy":"string","pod_pids_limit":"number"}]],"labels":["map","string"],"linux_node_config":["list",["object",{"cgroup_mode":"string","sysctls":["map","string"]}]],"local_nvme_ssd_block_config":["list",["object",{"local_ssd_count":"number"}]],"local_ssd_count":"number","logging_variant":"string","machine_type":"string","metadata":["map","string"],"min_cpu_platform":"string","node_group":"string","oauth_scopes":["set","string"],"preemptible":"bool","reservation_affinity":["list",["object",{"consume_reservation_type":"string","key":"string","values":["set","string"]}]],"resource_labels":["map","string"],"resource_manager_tags":["map","string"],"secondary_boot_disks":["list",["object",{"disk_image":"string","mode":"string"}]],"service_account":"string","shielded_instance_config":["list",["object",{"enable_integrity_monitoring":"bool","enable_secure_boot":"bool"}]],"sole_tenant_config":["list",["object",{"node_affinity":["set",["object",{"key":"string","operator":"string","values":["list","string"]}]]}]],"spot":"bool","tags":["list","string"],"taint":["list",["object",{"effect":"string","key":"string","value":"string"}]],"workload_metadata_config":["list",["object",{"mode":"string"}]]}]],"node_count":"number","node_locations":["set","string"],"placement_policy":["list",["object",{"policy_name":"string","tpu_topology":"string","type":"string"}]],"queued_provisioning":["list",["object",{"enabled":"bool"}]],"upgrade_settings":["list",["object",{"blue_green_settings":["list",["object",{"node_pool_soak_duration":"string","standard_rollout_policy":["list",["object",{"batch_node_count":"number","batch_percentage":"number","batch_soak_duration":"string"}]]}]],"max_surge":"number","max_unavailable":"number","strategy":"string"}]],"version":"string"}]],"description":"List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say \"these are the only node pools associated with this cluster\", use the google_container_node_pool resource instead of this property.","description_kind":"plain","computed":true},"node_pool_auto_config":{"type":["list",["object",{"network_tags":["list",["object",{"tags":["list","string"]}]],"resource_manager_tags":["map","string"]}]],"description":"Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.","description_kind":"plain","computed":true},"node_pool_defaults":{"type":["list",["object",{"node_config_defaults":["list",["object",{"logging_variant":"string"}]]}]],"description":"The default nodel pool settings for the entire cluster.","description_kind":"plain","computed":true},"node_version":{"type":"string","description":"The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.","description_kind":"plain","computed":true},"notification_config":{"type":["list",["object",{"pubsub":["list",["object",{"enabled":"bool","filter":["list",["object",{"event_type":["list","string"]}]],"topic":"string"}]]}]],"description":"The notification config for sending cluster upgrade notifications","description_kind":"plain","computed":true},"operation":{"type":"string","description_kind":"plain","computed":true},"private_cluster_config":{"type":["list",["object",{"enable_private_endpoint":"bool","enable_private_nodes":"bool","master_global_access_config":["list",["object",{"enabled":"bool"}]],"master_ipv4_cidr_block":"string","peering_name":"string","private_endpoint":"string","private_endpoint_subnetwork":"string","public_endpoint":"string"}]],"description":"Configuration for private clusters, clusters with private nodes.","description_kind":"plain","computed":true},"private_ipv6_google_access":{"type":"string","description":"The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"release_channel":{"type":["list",["object",{"channel":"string"}]],"description":"Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the \"UNSPECIFIED\" channel.","description_kind":"plain","computed":true},"remove_default_node_pool":{"type":"bool","description":"If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.","description_kind":"plain","computed":true},"resource_labels":{"type":["map","string"],"description":"The GCE resource labels (a map of key/value pairs) to be applied to the cluster.","description_kind":"plain","computed":true},"resource_usage_export_config":{"type":["list",["object",{"bigquery_destination":["list",["object",{"dataset_id":"string"}]],"enable_network_egress_metering":"bool","enable_resource_consumption_metering":"bool"}]],"description":"Configuration for the ResourceUsageExportConfig feature.","description_kind":"plain","computed":true},"security_posture_config":{"type":["list",["object",{"mode":"string","vulnerability_mode":"string"}]],"description":"Defines the config needed to enable/disable features for the Security Posture API","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"Server-defined URL for the resource.","description_kind":"plain","computed":true},"service_external_ips_config":{"type":["list",["object",{"enabled":"bool"}]],"description":"If set, and enabled=true, services with external ips field will not be blocked","description_kind":"plain","computed":true},"services_ipv4_cidr":{"type":"string","description":"The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.","description_kind":"plain","computed":true},"subnetwork":{"type":"string","description":"The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.","description_kind":"plain","computed":true},"tpu_ipv4_cidr_block":{"type":"string","description":"The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).","description_kind":"plain","computed":true},"vertical_pod_autoscaling":{"type":["list",["object",{"enabled":"bool"}]],"description":"Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.","description_kind":"plain","computed":true},"workload_identity_config":{"type":["list",["object",{"workload_pool":"string"}]],"description":"Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_container_engine_versions":{"version":0,"block":{"attributes":{"default_cluster_version":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"latest_master_version":{"type":"string","description_kind":"plain","computed":true},"latest_node_version":{"type":"string","description_kind":"plain","computed":true},"location":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel_default_version":{"type":["map","string"],"description_kind":"plain","computed":true},"release_channel_latest_version":{"type":["map","string"],"description_kind":"plain","computed":true},"valid_master_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"valid_node_versions":{"type":["list","string"],"description_kind":"plain","computed":true},"version_prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_image":{"version":0,"block":{"attributes":{"digest":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"image_url":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"tag":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_container_registry_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true},"repository_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_data_catalog_entry_group_iam_policy":{"version":0,"block":{"attributes":{"entry_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_data_catalog_policy_tag_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_tag":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_tag_template_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"tag_template":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_catalog_taxonomy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"taxonomy":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_data_fusion_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_asset_iam_policy":{"version":0,"block":{"attributes":{"asset":{"type":"string","description_kind":"plain","required":true},"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_datascan_iam_policy":{"version":0,"block":{"attributes":{"data_scan_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_lake_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataplex_task_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"task_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_dataplex_zone_iam_policy":{"version":0,"block":{"attributes":{"dataplex_zone":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lake":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_autoscaling_policy_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"policy_id":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_cluster_iam_policy":{"version":0,"block":{"attributes":{"cluster":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_job_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"job_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service":{"version":0,"block":{"attributes":{"artifact_gcs_uri":{"type":"string","description":"A Cloud Storage URI (starting with gs://) that specifies where artifacts related to the metastore service are stored.","description_kind":"plain","computed":true},"database_type":{"type":"string","description":"The database type that the Metastore service stores its data. Default value: \"MYSQL\" Possible values: [\"MYSQL\", \"SPANNER\"]","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"encryption_config":{"type":["list",["object",{"kms_key":"string"}]],"description":"Information used to configure the Dataproc Metastore service to encrypt\ncustomer data at rest.","description_kind":"plain","computed":true},"endpoint_uri":{"type":"string","description":"The URI of the endpoint used to access the metastore service.","description_kind":"plain","computed":true},"hive_metastore_config":{"type":["list",["object",{"auxiliary_versions":["set",["object",{"config_overrides":["map","string"],"key":"string","version":"string"}]],"config_overrides":["map","string"],"endpoint_protocol":"string","kerberos_config":["list",["object",{"keytab":["list",["object",{"cloud_secret":"string"}]],"krb5_config_gcs_uri":"string","principal":"string"}]],"version":"string"}]],"description":"Configuration information specific to running Hive metastore software as the metastore service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"User-defined labels for the metastore service.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The location where the metastore service should reside.\nThe default value is 'global'.","description_kind":"plain","required":true},"maintenance_window":{"type":["list",["object",{"day_of_week":"string","hour_of_day":"number"}]],"description":"The one hour maintenance window of the metastore service.\nThis specifies when the service can be restarted for maintenance purposes in UTC time.\nMaintenance window is not needed for services with the 'SPANNER' database type.","description_kind":"plain","computed":true},"metadata_integration":{"type":["list",["object",{"data_catalog_config":["list",["object",{"enabled":"bool"}]]}]],"description":"The setting that defines how metastore metadata should be integrated with external services and systems.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The relative resource name of the metastore service.","description_kind":"plain","computed":true},"network":{"type":"string","description":"The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form:\n\n\"projects/{projectNumber}/global/networks/{network_id}\".","description_kind":"plain","computed":true},"network_config":{"type":["list",["object",{"consumers":["list",["object",{"endpoint_uri":"string","subnetwork":"string"}]]}]],"description":"The configuration specifying the network settings for the Dataproc Metastore service.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The TCP port at which the metastore service is reached. Default: 9083.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"release_channel":{"type":"string","description":"The release channel of the service. If unspecified, defaults to 'STABLE'. Default value: \"STABLE\" Possible values: [\"CANARY\", \"STABLE\"]","description_kind":"plain","computed":true},"scaling_config":{"type":["list",["object",{"instance_size":"string","scaling_factor":"number"}]],"description":"Represents the scaling configuration of a metastore service.","description_kind":"plain","computed":true},"scheduled_backup":{"type":["list",["object",{"backup_location":"string","cron_schedule":"string","enabled":"bool","time_zone":"string"}]],"description":"The configuration of scheduled backup for the metastore service.","description_kind":"plain","computed":true},"service_id":{"type":"string","description":"The ID of the metastore service. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_),\nand hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between\n3 and 63 characters.","description_kind":"plain","required":true},"state":{"type":"string","description":"The current state of the metastore service.","description_kind":"plain","computed":true},"state_message":{"type":"string","description":"Additional information about the current state of the metastore service, if available.","description_kind":"plain","computed":true},"telemetry_config":{"type":["list",["object",{"log_format":"string"}]],"description":"The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The tier of the service. Possible values: [\"DEVELOPER\", \"ENTERPRISE\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"The globally unique resource identifier of the metastore service.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dataproc_metastore_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_datastream_static_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"static_ips":{"type":["list","string"],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"ds_record":"string","id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone_signing_keys":{"type":["list",["object",{"algorithm":"string","creation_time":"string","description":"string","digests":["list",["object",{"digest":"string","type":"string"}]],"id":"string","is_active":"bool","key_length":"number","key_tag":"number","public_key":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone":{"version":0,"block":{"attributes":{"description":{"type":"string","description_kind":"plain","computed":true},"dns_name":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"managed_zone_id":{"type":"number","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"name_servers":{"type":["list","string"],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"visibility":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_dns_managed_zone_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_dns_managed_zones":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","computed":true},"managed_zones":{"type":["list",["object",{"description":"string","dns_name":"string","id":"string","managed_zone_id":"number","name":"string","name_servers":["list","string"],"project":"string","visibility":"string"}]],"description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_dns_record_set":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"managed_zone":{"type":"string","description_kind":"plain","required":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"rrdatas":{"type":["list","string"],"description_kind":"plain","computed":true},"ttl":{"type":"number","description_kind":"plain","computed":true},"type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_consumers_iam_policy":{"version":0,"block":{"attributes":{"consumer_project":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_endpoints_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_filestore_instance":{"version":1,"block":{"attributes":{"create_time":{"type":"string","description":"Creation timestamp in RFC3339 text format.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Server-specified ETag for the instance resource to prevent\nsimultaneous updates from overwriting each other.","description_kind":"plain","computed":true},"file_shares":{"type":["list",["object",{"capacity_gb":"number","name":"string","nfs_export_options":["list",["object",{"access_mode":"string","anon_gid":"number","anon_uid":"number","ip_ranges":["list","string"],"squash_mode":"string"}]],"source_backup":"string"}]],"description":"File system shares on the instance. For this version, only a\nsingle file share is supported.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"KMS key name used for data encryption.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user-provided metadata.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The name of the location of the instance. This can be a region for ENTERPRISE tier instances.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name of the instance.","description_kind":"plain","required":true},"networks":{"type":["list",["object",{"connect_mode":"string","ip_addresses":["list","string"],"modes":["list","string"],"network":"string","reserved_ip_range":"string"}]],"description":"VPC networks to which the instance is connected. For this version,\nonly a single network is supported.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance.\nPossible values include: STANDARD, PREMIUM, BASIC_HDD, BASIC_SSD, HIGH_SCALE_SSD, ZONAL, REGIONAL and ENTERPRISE","description_kind":"plain","computed":true},"zone":{"type":"string","description":"The name of the Filestore zone of the instance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"folder_id":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"lookup_organization":{"type":"bool","description_kind":"plain","optional":true},"name":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"folder":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folder_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The resource name of the folder to set the policy for. Its format is folders/{folder_id}.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_folders":{"version":0,"block":{"attributes":{"folders":{"type":["list",["object",{"create_time":"string","delete_time":"string","display_name":"string","etag":"string","name":"string","parent":"string","state":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_gke_backup_backup_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_backup_restore_plan_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_feature_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_membership_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"membership_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_gke_hub_scope_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"scope_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_healthcare_consent_store_iam_policy":{"version":0,"block":{"attributes":{"consent_store_id":{"type":"string","description_kind":"plain","required":true},"dataset":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dataset_iam_policy":{"version":0,"block":{"attributes":{"dataset_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_dicom_store_iam_policy":{"version":0,"block":{"attributes":{"dicom_store_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_fhir_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"fhir_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_healthcare_hl7_v2_store_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"hl7_v2_store_id":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_policy":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"block_types":{"audit_config":{"nesting_mode":"set","block":{"attributes":{"service":{"type":"string","description_kind":"plain","required":true}},"block_types":{"audit_log_configs":{"nesting_mode":"set","block":{"attributes":{"exempted_members":{"type":["set","string"],"description_kind":"plain","optional":true},"log_type":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"min_items":1}},"description_kind":"plain"}},"binding":{"nesting_mode":"set","block":{"attributes":{"members":{"type":["set","string"],"description_kind":"plain","required":true},"role":{"type":"string","description_kind":"plain","required":true}},"block_types":{"condition":{"nesting_mode":"list","block":{"attributes":{"description":{"type":"string","description_kind":"plain","optional":true},"expression":{"type":"string","description_kind":"plain","required":true},"title":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"},"max_items":1}},"description_kind":"plain"}}},"description_kind":"plain"}},"google_iam_role":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"included_permissions":{"type":["list","string"],"description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"stage":{"type":"string","description_kind":"plain","computed":true},"title":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iam_testable_permissions":{"version":0,"block":{"attributes":{"custom_support_level":{"type":"string","description_kind":"plain","optional":true},"full_resource_name":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"permissions":{"type":["list",["object",{"api_disabled":"bool","custom_support_level":"string","name":"string","stage":"string","title":"string"}]],"description_kind":"plain","computed":true},"stages":{"type":["list","string"],"description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_iap_app_engine_service_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_app_engine_version_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"service":{"type":"string","description_kind":"plain","required":true},"version_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_client":{"version":0,"block":{"attributes":{"brand":{"type":"string","description":"Identifier of the brand to which this client\nis attached to. The format is\n'projects/{project_number}/brands/{brand_id}/identityAwareProxyClients/{client_id}'.","description_kind":"plain","required":true},"client_id":{"type":"string","description":"Output only. Unique identifier of the OAuth client.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Human-friendly name given to the OAuth client.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description":"Output only. Client secret of the OAuth client.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_iap_tunnel_dest_group_iam_policy":{"version":0,"block":{"attributes":{"dest_group":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_tunnel_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_region_backend_service_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"region":{"type":"string","description_kind":"plain","optional":true,"computed":true},"web_region_backend_service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_iap_web_type_app_engine_iam_policy":{"version":0,"block":{"attributes":{"app_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_iap_web_type_compute_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_kms_crypto_key":{"version":1,"block":{"attributes":{"crypto_key_backend":{"type":"string","description":"The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey.\nThe resource name is in the format \"projects/*/locations/*/ekmConnections/*\" and only applies to \"EXTERNAL_VPC\" keys.","description_kind":"plain","computed":true},"destroy_scheduled_duration":{"type":"string","description":"The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED.\nIf not specified at creation time, the default duration is 24 hours.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_only":{"type":"bool","description":"Whether this key may contain imported versions only.","description_kind":"plain","computed":true},"key_ring":{"type":"string","description":"The KeyRing that this key belongs to.\nFormat: ''projects/{{project}}/locations/{{location}}/keyRings/{{keyRing}}''.","description_kind":"plain","required":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata to apply to this resource.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name for the CryptoKey.","description_kind":"plain","required":true},"primary":{"type":["list",["object",{"name":"string","state":"string"}]],"description":"A copy of the primary CryptoKeyVersion that will be used by cryptoKeys.encrypt when this CryptoKey is given in EncryptRequest.name.\nKeys with purpose ENCRYPT_DECRYPT may have a primary. For other keys, this field will be unset.","description_kind":"plain","computed":true},"purpose":{"type":"string","description":"The immutable purpose of this CryptoKey. See the\n[purpose reference](https://cloud.google.com/kms/docs/reference/rest/v1/projects.locations.keyRings.cryptoKeys#CryptoKeyPurpose)\nfor possible inputs.\nDefault value is \"ENCRYPT_DECRYPT\".","description_kind":"plain","computed":true},"rotation_period":{"type":"string","description":"Every time this period passes, generate a new CryptoKeyVersion and set it as the primary.\nThe first rotation will take place after the specified period. The rotation period has\nthe format of a decimal number with up to 9 fractional digits, followed by the\nletter 's' (seconds). It must be greater than a day (ie, 86400).","description_kind":"plain","computed":true},"skip_initial_version_creation":{"type":"bool","description":"If set to true, the request will create a CryptoKey without any CryptoKeyVersions.\nYou must use the 'google_kms_key_ring_import_job' resource to import the CryptoKeyVersion.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"version_template":{"type":["list",["object",{"algorithm":"string","protection_level":"string"}]],"description":"A template describing settings for new crypto key versions.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_iam_policy":{"version":0,"block":{"attributes":{"crypto_key_id":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_crypto_key_version":{"version":0,"block":{"attributes":{"algorithm":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"protection_level":{"type":"string","description_kind":"plain","computed":true},"public_key":{"type":["list",["object",{"algorithm":"string","pem":"string"}]],"description_kind":"plain","computed":true},"state":{"type":"string","description_kind":"plain","computed":true},"version":{"type":"number","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location for the KeyRing.\nA full list of valid locations can be found by running 'gcloud kms locations list'.","description_kind":"plain","required":true},"name":{"type":"string","description":"The resource name for the KeyRing.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_kms_key_ring_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_ring_id":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_kms_secret":{"version":0,"block":{"attributes":{"additional_authenticated_data":{"type":"string","description_kind":"plain","optional":true},"ciphertext":{"type":"string","description_kind":"plain","required":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","computed":true,"sensitive":true}},"description_kind":"plain"}},"google_kms_secret_ciphertext":{"version":0,"block":{"attributes":{"ciphertext":{"type":"string","description_kind":"plain","computed":true},"crypto_key":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"plaintext":{"type":"string","description_kind":"plain","required":true,"sensitive":true}},"description_kind":"plain","deprecated":true}},"google_logging_folder_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"folder":{"type":"string","description":"The folder for which to retrieve settings.","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_organization_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"organization":{"type":"string","description":"The organization for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_cmek_settings":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","optional":true},"kms_key_version_name":{"type":"string","description":"The CryptoKeyVersion resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]/cryptoKeyVersions/[VERSION]\"\n\t\t\t\tFor example:\n\t\t\t\t\"projects/my-project/locations/us-central1/keyRings/my-ring/cryptoKeys/my-key/cryptoKeyVersions/1\"\n\t\t\t\tThis is a read-only field used to convey the specific configured CryptoKeyVersion of kms_key that has been configured. It will be populated in cases where the CMEK settings are bound to a single key version.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_project_settings":{"version":0,"block":{"attributes":{"disable_default_sink":{"type":"bool","description":"If set to true, the _Default sink in newly created projects and folders will created in a disabled state. This can be used to automatically disable log storage if there is already an aggregated sink configured in the hierarchy. The _Default sink can be re-enabled manually if needed.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"The resource name for the configured Cloud KMS key.\n\t\t\t\tKMS key name format:\n\t\t\t\t\"projects/[PROJECT_ID]/locations/[LOCATION]/keyRings/[KEYRING]/cryptoKeys/[KEY]\"\n\t\t\t\tTo enable CMEK for the bucket, set this field to a valid kmsKeyName for which the associated service account has the required cloudkms.cryptoKeyEncrypterDecrypter roles assigned for the key.\n\t\t\t\tThe Cloud KMS key used by the bucket can be updated by changing the kmsKeyName to a new valid key name. Encryption operations that are in progress will be completed with the key that was in use when they started. Decryption operations will be completed using the key that was used at the time of encryption unless access to that key has been revoked.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"kms_service_account_id":{"type":"string","description":"The service account associated with a project for which CMEK will apply.\n\t\t\t\tBefore enabling CMEK for a logging bucket, you must first assign the cloudkms.cryptoKeyEncrypterDecrypter role to the service account associated with the project for which CMEK will apply. Use [v2.getCmekSettings](https://cloud.google.com/logging/docs/reference/v2/rest/v2/TopLevel/getCmekSettings#google.logging.v2.ConfigServiceV2.GetCmekSettings) to obtain the service account ID.\n\t\t\t\tSee [Enabling CMEK for Logging Buckets](https://cloud.google.com/logging/docs/routing/managed-encryption-storage) for more information.","description_kind":"plain","computed":true},"logging_service_account_id":{"type":"string","description":"The service account for the given container. Sinks use this service account as their writerIdentity if no custom service account is provided.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the CMEK settings.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project for which to retrieve settings.","description_kind":"plain","required":true},"storage_location":{"type":"string","description":"The storage location that Cloud Logging will use to create new resources when a location is needed but not explicitly provided.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_logging_sink":{"version":0,"block":{"attributes":{"bigquery_options":{"type":["list",["object",{"use_partitioned_tables":"bool"}]],"description":"Options that affect sinks exporting data to BigQuery.","description_kind":"plain","computed":true},"description":{"type":"string","description":"A description of this sink. The maximum length of the description is 8000 characters.","description_kind":"plain","computed":true},"destination":{"type":"string","description":"The destination of the sink (or, in other words, where logs are written to). Can be a Cloud Storage bucket, a PubSub topic, or a BigQuery dataset. Examples: \"storage.googleapis.com/[GCS_BUCKET]\" \"bigquery.googleapis.com/projects/[PROJECT_ID]/datasets/[DATASET]\" \"pubsub.googleapis.com/projects/[PROJECT_ID]/topics/[TOPIC_ID]\" The writer associated with the sink must have access to write to the above resource.","description_kind":"plain","computed":true},"disabled":{"type":"bool","description":"If set to True, then this sink is disabled and it does not export any log entries.","description_kind":"plain","computed":true},"exclusions":{"type":["list",["object",{"description":"string","disabled":"bool","filter":"string","name":"string"}]],"description":"Log entries that match any of the exclusion filters will not be exported. If a log entry is matched by both filter and one of exclusion's filters, it will not be exported.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The filter to apply when exporting logs. Only log entries that match the filter are exported.","description_kind":"plain","computed":true},"id":{"type":"string","description":"Required. An identifier for the resource in format: \"projects/[PROJECT_ID]/sinks/[SINK_NAME]\", \"organizations/[ORGANIZATION_ID]/sinks/[SINK_NAME]\", \"billingAccounts/[BILLING_ACCOUNT_ID]/sinks/[SINK_NAME]\", \"folders/[FOLDER_ID]/sinks/[SINK_NAME]\"","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the logging sink.","description_kind":"plain","computed":true},"writer_identity":{"type":"string","description":"The identity associated with this sink. This identity must be granted write access to the configured destination.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_app_engine_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"module_id":{"type":"string","description":"The ID of the App Engine module underlying this service. \nCorresponds to the 'moduleId' resource label for a 'gae_app'\nmonitored resource(see https://cloud.google.com/monitoring/api/resources#tag_gae_app)","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_cluster_istio_service":{"version":0,"block":{"attributes":{"cluster_name":{"type":"string","description":"The name of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the clusterName resource label in k8s_cluster resources.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location of the Kubernetes cluster in which this Istio service is defined. \n Corresponds to the location resource label in k8s_cluster resources.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service. \n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_istio_canonical_service":{"version":0,"block":{"attributes":{"canonical_service":{"type":"string","description":"The name of the canonical service underlying this service.. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"canonical_service_namespace":{"type":"string","description":"The namespace of the canonical service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the Istio mesh in which this canonical service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_mesh_istio_service":{"version":0,"block":{"attributes":{"display_name":{"type":"string","description":"Name used for UI elements listing this Service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"mesh_uid":{"type":"string","description":"Identifier for the mesh in which this Istio service is defined.\n Corresponds to the meshUid metric label in Istio metrics.","description_kind":"plain","required":true},"name":{"type":"string","description":"The full resource name for this service. The syntax is:\nprojects/[PROJECT_ID]/services/[SERVICE_ID].","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service_id":{"type":"string","description":"An optional service ID to use. If not given, the server will generate a\nservice ID.","description_kind":"plain","computed":true},"service_name":{"type":"string","description":"The name of the Istio service underlying this service. \n Corresponds to the destination_service_name metric label in Istio metrics.","description_kind":"plain","required":true},"service_namespace":{"type":"string","description":"The namespace of the Istio service underlying this service.\n Corresponds to the destination_service_namespace metric label in Istio metrics.","description_kind":"plain","required":true},"telemetry":{"type":["list",["object",{"resource_name":"string"}]],"description":"Configuration for how to query telemetry on a Service.","description_kind":"plain","computed":true},"user_labels":{"type":["map","string"],"description":"Labels which have been used to annotate the service. Label keys must start\nwith a letter. Label keys and values may contain lowercase letters,\nnumbers, underscores, and dashes. Label keys and values have a maximum\nlength of 63 characters, and must be less than 128 bytes in size. Up to 64\nlabel entries may be stored. For labels which do not have a semantic value,\nthe empty string may be supplied for the label value.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_notification_channel":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"An optional human-readable description of this notification channel. This description may provide additional details, beyond the display name, for the channel. This may not exceed 1024 Unicode characters.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An optional human-readable name for this notification channel. It is recommended that you specify a non-empty and unique name in order to make it easier to identify the channels in your project, though this is not enforced. The display name is limited to 512 Unicode characters.","description_kind":"plain","optional":true},"enabled":{"type":"bool","description":"Whether notifications are forwarded to the described channel. This makes it possible to disable delivery of notifications to a particular channel without removing the channel from all alerting policies that reference the channel. This is a more convenient approach when the change is temporary and you want to receive notifications from the same set of alerting policies on the channel at some point in the future.","description_kind":"plain","computed":true},"force_delete":{"type":"bool","description":"If true, the notification channel will be deleted regardless\nof its use in alert policies (the policies will be updated\nto remove the channel). If false, channels that are still\nreferenced by an existing alerting policy will fail to be\ndeleted in a delete operation.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Configuration fields that define the channel and its behavior. The\npermissible and required labels are specified in the\nNotificationChannelDescriptor corresponding to the type field.\n\nLabels with sensitive data are obfuscated by the API and therefore Terraform cannot\ndetermine if there are upstream changes to these fields. They can also be configured via\nthe sensitive_labels block, but cannot be configured in both places.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The full REST resource name for this channel. The syntax is:\nprojects/[PROJECT_ID]/notificationChannels/[CHANNEL_ID]\nThe [CHANNEL_ID] is automatically assigned by the server on creation.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"sensitive_labels":{"type":["list",["object",{"auth_token":"string","password":"string","service_key":"string"}]],"description":"Different notification type behaviors are configured primarily using the the 'labels' field on this\nresource. This block contains the labels which contain secrets or passwords so that they can be marked\nsensitive and hidden from plan output. The name of the field, eg: password, will be the key\nin the 'labels' map in the api request.\n\nCredentials may not be specified in both locations and will cause an error. Changing from one location\nto a different credential configuration in the config will require an apply to update state.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the notification channel. This field matches the value of the NotificationChannelDescriptor.type field. See https://cloud.google.com/monitoring/api/ref_v3/rest/v3/projects.notificationChannelDescriptors/list to get the list of valid values such as \"email\", \"slack\", etc...","description_kind":"plain","optional":true},"user_labels":{"type":["map","string"],"description":"User-supplied key/value data that does not need to conform to the corresponding NotificationChannelDescriptor's schema, unlike the labels field. This field is intended to be used for organizing and identifying the NotificationChannel objects.The field can contain up to 64 entries. Each key and value is limited to 63 Unicode characters or 128 bytes, whichever is smaller. Labels and values can contain only lowercase letters, numerals, underscores, and dashes. Keys must begin with a letter.","description_kind":"plain","optional":true},"verification_status":{"type":"string","description":"Indicates whether this channel has been verified or not. On a ListNotificationChannels or GetNotificationChannel operation, this field is expected to be populated.If the value is UNVERIFIED, then it indicates that the channel is non-functioning (it both requires verification and lacks verification); otherwise, it is assumed that the channel works.If the channel is neither VERIFIED nor UNVERIFIED, it implies that the channel is of a type that does not require verification or that this specific channel has been exempted from verification because it was created prior to verification being required for channels of this type.This field cannot be modified using a standard UpdateNotificationChannel operation. To change the value of this field, you must call VerifyNotificationChannel.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_monitoring_uptime_check_ips":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"uptime_check_ips":{"type":["list",["object",{"ip_address":"string","location":"string","region":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_netblock_ip_ranges":{"version":0,"block":{"attributes":{"cidr_blocks":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv4":{"type":["list","string"],"description_kind":"plain","computed":true},"cidr_blocks_ipv6":{"type":["list","string"],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"range_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_network_security_address_group_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_name":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_notebooks_runtime_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"runtime_name":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_organization":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"directory_customer_id":{"type":"string","description_kind":"plain","computed":true},"domain":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifecycle_state":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"org_id":{"type":"string","description_kind":"plain","computed":true},"organization":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_organization_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization in which you want to manage the audit logging config.","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_ca_pool_iam_policy":{"version":0,"block":{"attributes":{"ca_pool":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_privateca_certificate_authority":{"version":0,"block":{"attributes":{"access_urls":{"type":["list",["object",{"ca_certificate_access_url":"string","crl_access_urls":["list","string"]}]],"description":"URLs for accessing content published by this CA, such as the CA certificate and CRLs.","description_kind":"plain","computed":true},"certificate_authority_id":{"type":"string","description":"The user provided Resource ID for this Certificate Authority.","description_kind":"plain","optional":true},"config":{"type":["list",["object",{"subject_config":["list",["object",{"subject":["list",["object",{"common_name":"string","country_code":"string","locality":"string","organization":"string","organizational_unit":"string","postal_code":"string","province":"string","street_address":"string"}]],"subject_alt_name":["list",["object",{"dns_names":["list","string"],"email_addresses":["list","string"],"ip_addresses":["list","string"],"uris":["list","string"]}]]}]],"subject_key_id":["list",["object",{"key_id":"string"}]],"x509_config":["list",["object",{"additional_extensions":["list",["object",{"critical":"bool","object_id":["list",["object",{"object_id_path":["list","number"]}]],"value":"string"}]],"aia_ocsp_servers":["list","string"],"ca_options":["list",["object",{"is_ca":"bool","max_issuer_path_length":"number","non_ca":"bool","zero_max_issuer_path_length":"bool"}]],"key_usage":["list",["object",{"base_key_usage":["list",["object",{"cert_sign":"bool","content_commitment":"bool","crl_sign":"bool","data_encipherment":"bool","decipher_only":"bool","digital_signature":"bool","encipher_only":"bool","key_agreement":"bool","key_encipherment":"bool"}]],"extended_key_usage":["list",["object",{"client_auth":"bool","code_signing":"bool","email_protection":"bool","ocsp_signing":"bool","server_auth":"bool","time_stamping":"bool"}]],"unknown_extended_key_usages":["list",["object",{"object_id_path":["list","number"]}]]}]],"name_constraints":["list",["object",{"critical":"bool","excluded_dns_names":["list","string"],"excluded_email_addresses":["list","string"],"excluded_ip_ranges":["list","string"],"excluded_uris":["list","string"],"permitted_dns_names":["list","string"],"permitted_email_addresses":["list","string"],"permitted_ip_ranges":["list","string"],"permitted_uris":["list","string"]}]],"policy_ids":["list",["object",{"object_id_path":["list","number"]}]]}]]}]],"description":"The config used to create a self-signed X.509 certificate or CSR.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which this CertificateAuthority was created.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Whether or not to allow Terraform to destroy the CertificateAuthority. Unless this field is set to false\nin Terraform state, a 'terraform destroy' or 'terraform apply' that would delete the instance will fail.","description_kind":"plain","computed":true},"desired_state":{"type":"string","description":"Desired state of the CertificateAuthority. Set this field to 'STAGED' to create a 'STAGED' root CA.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"gcs_bucket":{"type":"string","description":"The name of a Cloud Storage bucket where this CertificateAuthority will publish content,\nsuch as the CA certificate and CRLs. This must be a bucket name, without any prefixes\n(such as 'gs://') or suffixes (such as '.googleapis.com'). For example, to use a bucket named\nmy-bucket, you would simply specify 'my-bucket'. If not specified, a managed bucket will be\ncreated.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ignore_active_certificates_on_deletion":{"type":"bool","description":"This field allows the CA to be deleted even if the CA has active certs. Active certs include both unrevoked and unexpired certs.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"key_spec":{"type":["list",["object",{"algorithm":"string","cloud_kms_key_version":"string"}]],"description":"Used when issuing certificates for this CertificateAuthority. If this CertificateAuthority\nis a self-signed CertificateAuthority, this key is also used to sign the self-signed CA\ncertificate. Otherwise, it is used to sign a CSR.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"Labels with user-defined metadata.\n\nAn object containing a list of \"key\": value pairs. Example: { \"name\": \"wrench\", \"mass\":\n\"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"lifetime":{"type":"string","description":"The desired lifetime of the CA certificate. Used to create the \"notBeforeTime\" and\n\"notAfterTime\" fields inside an X.509 certificate. A duration in seconds with up to nine\nfractional digits, terminated by 's'. Example: \"3.5s\".","description_kind":"plain","computed":true},"location":{"type":"string","description":"Location of the CertificateAuthority. A full list of valid locations can be found by\nrunning 'gcloud privateca locations list'.","description_kind":"plain","optional":true},"name":{"type":"string","description":"The resource name for this CertificateAuthority in the format\nprojects/*/locations/*/certificateAuthorities/*.","description_kind":"plain","computed":true},"pem_ca_certificate":{"type":"string","description":"The signed CA certificate issued from the subordinated CA's CSR. This is needed when activating the subordiante CA with a third party issuer.","description_kind":"plain","computed":true},"pem_ca_certificates":{"type":["list","string"],"description":"This CertificateAuthority's certificate chain, including the current\nCertificateAuthority's certificate. Ordered such that the root issuer is the final\nelement (consistent with RFC 5246). For a self-signed CA, this will only list the current\nCertificateAuthority's certificate.","description_kind":"plain","computed":true},"pem_csr":{"type":"string","description_kind":"plain","computed":true},"pool":{"type":"string","description":"The name of the CaPool this Certificate Authority belongs to.","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true},"skip_grace_period":{"type":"bool","description":"If this flag is set, the Certificate Authority will be deleted as soon as\npossible without a 30-day grace period where undeletion would have been\nallowed. If you proceed, there will be no way to recover this CA.\nUse with care. Defaults to 'false'.","description_kind":"plain","computed":true},"state":{"type":"string","description":"The State for this CertificateAuthority.","description_kind":"plain","computed":true},"subordinate_config":{"type":["list",["object",{"certificate_authority":"string","pem_issuer_chain":["list",["object",{"pem_certificates":["list","string"]}]]}]],"description":"If this is a subordinate CertificateAuthority, this field will be set\nwith the subordinate configuration, which describes its issuers.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The Type of this CertificateAuthority.\n\n~\u003e **Note:** For 'SUBORDINATE' Certificate Authorities, they need to\nbe activated before they can issue certificates. Default value: \"SELF_SIGNED\" Possible values: [\"SELF_SIGNED\", \"SUBORDINATE\"]","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The time at which this CertificateAuthority was updated.\n\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_privateca_certificate_template_iam_policy":{"version":0,"block":{"attributes":{"certificate_template":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_project":{"version":1,"block":{"attributes":{"auto_create_network":{"type":"bool","description":"Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.","description_kind":"plain","computed":true},"billing_account":{"type":"string","description":"The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"folder_id":{"type":"string","description":"The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the project.\n\t\t\t\t\n\t\t\t\t**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\n\t\t\t\tPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The display name of the project.","description_kind":"plain","computed":true},"number":{"type":"string","description":"The numeric identifier of the project.","description_kind":"plain","computed":true},"org_id":{"type":"string","description":"The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.","description_kind":"plain","computed":true},"project_id":{"type":"string","description":"The project ID. Changing this forces a new project to be created.","description_kind":"plain","optional":true},"skip_delete":{"type":"bool","description":"If true, the Terraform resource can be deleted without deleting the Project via the Google API.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_project_organization_policy":{"version":0,"block":{"attributes":{"boolean_policy":{"type":["list",["object",{"enforced":"bool"}]],"description":"A boolean policy is a constraint that is either enforced or not.","description_kind":"plain","computed":true},"constraint":{"type":"string","description":"The name of the Constraint the Policy is configuring, for example, serviceuser.services.","description_kind":"plain","required":true},"etag":{"type":"string","description":"The etag of the organization policy. etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"list_policy":{"type":["list",["object",{"allow":["list",["object",{"all":"bool","values":["set","string"]}]],"deny":["list",["object",{"all":"bool","values":["set","string"]}]],"inherit_from_parent":"bool","suggested_value":"string"}]],"description":"A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. ","description_kind":"plain","computed":true},"project":{"type":"string","description":"The project ID.","description_kind":"plain","required":true},"restore_policy":{"type":["list",["object",{"default":"bool"}]],"description":"A restore policy is a constraint to restore the default policy.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp in RFC3339 UTC \"Zulu\" format, accurate to nanoseconds, representing when the variable was last updated. Example: \"2016-10-09T12:33:37.578138407Z\".","description_kind":"plain","computed":true},"version":{"type":"number","description":"Version of the Policy. Default version is 0.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_project_service":{"version":0,"block":{"attributes":{"disable_dependent_services":{"type":"bool","description_kind":"plain","computed":true},"disable_on_destroy":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_projects":{"version":0,"block":{"attributes":{"filter":{"type":"string","description_kind":"plain","required":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"projects":{"type":["list",["object",{"create_time":"string","labels":["map","string"],"lifecycle_state":"string","name":"string","number":"string","parent":["map","string"],"project_id":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_schema_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"schema":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_subscription":{"version":0,"block":{"attributes":{"ack_deadline_seconds":{"type":"number","description":"This value is the maximum time after a subscriber receives a message\nbefore the subscriber should acknowledge the message. After message\ndelivery but before the ack deadline expires and before the message is\nacknowledged, it is an outstanding message and will not be delivered\nagain during that time (on a best-effort basis).\n\nFor pull subscriptions, this value is used as the initial value for\nthe ack deadline. To override this value for a given message, call\nsubscriptions.modifyAckDeadline with the corresponding ackId if using\npull. The minimum custom deadline you can specify is 10 seconds. The\nmaximum custom deadline you can specify is 600 seconds (10 minutes).\nIf this parameter is 0, a default value of 10 seconds is used.\n\nFor push delivery, this value is also used to set the request timeout\nfor the call to the push endpoint.\n\nIf the subscriber never acknowledges the message, the Pub/Sub system\nwill eventually redeliver the message.","description_kind":"plain","computed":true},"bigquery_config":{"type":["list",["object",{"drop_unknown_fields":"bool","table":"string","use_table_schema":"bool","use_topic_schema":"bool","write_metadata":"bool"}]],"description":"If delivery to BigQuery is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"cloud_storage_config":{"type":["list",["object",{"avro_config":["list",["object",{"write_metadata":"bool"}]],"bucket":"string","filename_prefix":"string","filename_suffix":"string","max_bytes":"number","max_duration":"string","state":"string"}]],"description":"If delivery to Cloud Storage is used with this subscription, this field is used to configure it.\nEither pushConfig, bigQueryConfig or cloudStorageConfig can be set, but not combined.\nIf all three are empty, then the subscriber will pull and ack messages using API methods.","description_kind":"plain","computed":true},"dead_letter_policy":{"type":["list",["object",{"dead_letter_topic":"string","max_delivery_attempts":"number"}]],"description":"A policy that specifies the conditions for dead lettering messages in\nthis subscription. If dead_letter_policy is not set, dead lettering\nis disabled.\n\nThe Cloud Pub/Sub service account associated with this subscription's\nparent project (i.e.,\nservice-{project_number}@gcp-sa-pubsub.iam.gserviceaccount.com) must have\npermission to Acknowledge() messages on this subscription.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_exactly_once_delivery":{"type":"bool","description":"If 'true', Pub/Sub provides the following guarantees for the delivery\nof a message with a given value of messageId on this Subscriptions':\n\n- The message sent to a subscriber is guaranteed not to be resent before the message's acknowledgement deadline expires.\n\n- An acknowledged message will not be resent to a subscriber.\n\nNote that subscribers may still receive multiple copies of a message when 'enable_exactly_once_delivery'\nis true if the message was published multiple times by a publisher client. These copies are considered distinct by Pub/Sub and have distinct messageId values","description_kind":"plain","computed":true},"enable_message_ordering":{"type":"bool","description":"If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to\nthe subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they\nmay be delivered in any order.","description_kind":"plain","computed":true},"expiration_policy":{"type":["list",["object",{"ttl":"string"}]],"description":"A policy that specifies the conditions for this subscription's expiration.\nA subscription is considered active as long as any connected subscriber\nis successfully consuming messages from the subscription or is issuing\noperations on the subscription. If expirationPolicy is not set, a default\npolicy with ttl of 31 days will be used. If it is set but ttl is \"\", the\nresource never expires. The minimum allowed value for expirationPolicy.ttl\nis 1 day.","description_kind":"plain","computed":true},"filter":{"type":"string","description":"The subscription only delivers the messages that match the filter.\nPub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages\nby their attributes. The maximum length of a filter is 256 bytes. After creating the subscription,\nyou can't modify the filter.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Subscription.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"How long to retain unacknowledged messages in the subscription's\nbacklog, from the moment a message is published. If\nretain_acked_messages is true, then this also configures the retention\nof acknowledged messages, and thus configures how far back in time a\nsubscriptions.seek can be done. Defaults to 7 days. Cannot be more\nthan 7 days ('\"604800s\"') or less than 10 minutes ('\"600s\"').\n\nA duration in seconds with up to nine fractional digits, terminated\nby 's'. Example: '\"600.5s\"'.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the subscription.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"push_config":{"type":["list",["object",{"attributes":["map","string"],"no_wrapper":["list",["object",{"write_metadata":"bool"}]],"oidc_token":["list",["object",{"audience":"string","service_account_email":"string"}]],"push_endpoint":"string"}]],"description":"If push delivery is used with this subscription, this field is used to\nconfigure it. An empty pushConfig signifies that the subscriber will\npull and ack messages using API methods.","description_kind":"plain","computed":true},"retain_acked_messages":{"type":"bool","description":"Indicates whether to retain acknowledged messages. If 'true', then\nmessages are not expunged from the subscription's backlog, even if\nthey are acknowledged, until they fall out of the\nmessageRetentionDuration window.","description_kind":"plain","computed":true},"retry_policy":{"type":["list",["object",{"maximum_backoff":"string","minimum_backoff":"string"}]],"description":"A policy that specifies how Pub/Sub retries message delivery for this subscription.\n\nIf not set, the default retry policy is applied. This generally implies that messages will be retried as soon as possible for healthy subscribers.\nRetryPolicy will be triggered on NACKs or acknowledgement deadline exceeded events for a given message","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topic":{"type":"string","description":"A reference to a Topic resource, of the form projects/{project}/topics/{{name}}\n(as in the id property of a google_pubsub_topic), or just a topic name if\nthe topic is in the same project as the subscription.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_subscription_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subscription":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_pubsub_topic":{"version":0,"block":{"attributes":{"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ingestion_data_source_settings":{"type":["list",["object",{"aws_kinesis":["list",["object",{"aws_role_arn":"string","consumer_arn":"string","gcp_service_account":"string","stream_arn":"string"}]]}]],"description":"Settings for ingestion from a data source into this topic.","description_kind":"plain","computed":true},"kms_key_name":{"type":"string","description":"The resource name of the Cloud KMS CryptoKey to be used to protect access\nto messages published on this topic. Your project's PubSub service account\n('service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com') must have\n'roles/cloudkms.cryptoKeyEncrypterDecrypter' to use this feature.\nThe expected format is 'projects/*/locations/*/keyRings/*/cryptoKeys/*'","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to this Topic.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"message_retention_duration":{"type":"string","description":"Indicates the minimum duration to retain a message after it is published\nto the topic. If this field is set, messages published to the topic in\nthe last messageRetentionDuration are always available to subscribers.\nFor instance, it allows any attached subscription to seek to a timestamp\nthat is up to messageRetentionDuration in the past. If this field is not\nset, message retention is controlled by settings on individual subscriptions.\nThe rotation period has the format of a decimal number, followed by the\nletter 's' (seconds). Cannot be more than 31 days or less than 10 minutes.","description_kind":"plain","computed":true},"message_storage_policy":{"type":["list",["object",{"allowed_persistence_regions":["list","string"]}]],"description":"Policy constraining the set of Google Cloud Platform regions where\nmessages published to the topic may be stored. If not present, then no\nconstraints are in effect.","description_kind":"plain","computed":true},"name":{"type":"string","description":"Name of the topic.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"schema_settings":{"type":["list",["object",{"encoding":"string","schema":"string"}]],"description":"Settings for validating messages published against a schema.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_pubsub_topic_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"topic":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_redis_instance":{"version":0,"block":{"attributes":{"alternative_location_id":{"type":"string","description":"Only applicable to STANDARD_HA tier which protects the instance\nagainst zonal failures by provisioning it across two zones.\nIf provided, it must be a different zone from the one provided in\n[locationId].","description_kind":"plain","computed":true},"auth_enabled":{"type":"bool","description":"Optional. Indicates whether OSS Redis AUTH is enabled for the\ninstance. If set to \"true\" AUTH is enabled on the instance.\nDefault value is \"false\" meaning AUTH is disabled.","description_kind":"plain","computed":true},"auth_string":{"type":"string","description":"AUTH String set on the instance. This field will only be populated if auth_enabled is true.","description_kind":"plain","computed":true},"authorized_network":{"type":"string","description":"The full name of the Google Compute Engine network to which the\ninstance is connected. If left unspecified, the default network\nwill be used.","description_kind":"plain","computed":true},"connect_mode":{"type":"string","description":"The connection mode of the Redis instance. Default value: \"DIRECT_PEERING\" Possible values: [\"DIRECT_PEERING\", \"PRIVATE_SERVICE_ACCESS\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time the instance was created in RFC3339 UTC \"Zulu\" format,\naccurate to nanoseconds.","description_kind":"plain","computed":true},"current_location_id":{"type":"string","description":"The current zone where the Redis endpoint is placed.\nFor Basic Tier instances, this will always be the same as the\n[locationId] provided by the user at creation time. For Standard Tier\ninstances, this can be either [locationId] or [alternativeLocationId]\nand can change after a failover event.","description_kind":"plain","computed":true},"customer_managed_key":{"type":"string","description":"Optional. The KMS key reference that you want to use to encrypt the data at rest for this Redis\ninstance. If this is provided, CMEK is enabled.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"An arbitrary and optional user-provided name for the instance.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"host":{"type":"string","description":"Hostname or IP address of the exposed Redis endpoint used by clients\nto connect to the service.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"Resource labels to represent user provided metadata.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"location_id":{"type":"string","description":"The zone where the instance will be provisioned. If not provided,\nthe service will choose a zone for the instance. For STANDARD_HA tier,\ninstances will be created across two zones for protection against\nzonal failures. If [alternativeLocationId] is also provided, it must\nbe different from [locationId].","description_kind":"plain","computed":true},"maintenance_policy":{"type":["list",["object",{"create_time":"string","description":"string","update_time":"string","weekly_maintenance_window":["list",["object",{"day":"string","duration":"string","start_time":["list",["object",{"hours":"number","minutes":"number","nanos":"number","seconds":"number"}]]}]]}]],"description":"Maintenance policy for an instance.","description_kind":"plain","computed":true},"maintenance_schedule":{"type":["list",["object",{"end_time":"string","schedule_deadline_time":"string","start_time":"string"}]],"description":"Upcoming maintenance schedule.","description_kind":"plain","computed":true},"memory_size_gb":{"type":"number","description":"Redis memory size in GiB.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the instance or a fully qualified identifier for the instance.","description_kind":"plain","required":true},"nodes":{"type":["list",["object",{"id":"string","zone":"string"}]],"description":"Output only. Info per node.","description_kind":"plain","computed":true},"persistence_config":{"type":["list",["object",{"persistence_mode":"string","rdb_next_snapshot_time":"string","rdb_snapshot_period":"string","rdb_snapshot_start_time":"string"}]],"description":"Persistence configuration for an instance.","description_kind":"plain","computed":true},"persistence_iam_identity":{"type":"string","description":"Output only. Cloud IAM identity used by import / export operations\nto transfer data to/from Cloud Storage. Format is \"serviceAccount:\".\nThe value may change over time for a given instance so should be\nchecked before each import/export operation.","description_kind":"plain","computed":true},"port":{"type":"number","description":"The port number of the exposed Redis endpoint.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"read_endpoint":{"type":"string","description":"Output only. Hostname or IP address of the exposed readonly Redis endpoint. Standard tier only.\nTargets all healthy replica nodes in instance. Replication is asynchronous and replica nodes\nwill exhibit some lag behind the primary. Write requests must target 'host'.","description_kind":"plain","computed":true},"read_endpoint_port":{"type":"number","description":"Output only. The port number of the exposed readonly redis endpoint. Standard tier only.\nWrite requests should target 'port'.","description_kind":"plain","computed":true},"read_replicas_mode":{"type":"string","description":"Optional. Read replica mode. Can only be specified when trying to create the instance.\nIf not set, Memorystore Redis backend will default to READ_REPLICAS_DISABLED.\n- READ_REPLICAS_DISABLED: If disabled, read endpoint will not be provided and the\ninstance cannot scale up or down the number of replicas.\n- READ_REPLICAS_ENABLED: If enabled, read endpoint will be provided and the instance\ncan scale up and down the number of replicas. Possible values: [\"READ_REPLICAS_DISABLED\", \"READ_REPLICAS_ENABLED\"]","description_kind":"plain","computed":true},"redis_configs":{"type":["map","string"],"description":"Redis configuration parameters, according to http://redis.io/topics/config.\nPlease check Memorystore documentation for the list of supported parameters:\nhttps://cloud.google.com/memorystore/docs/redis/reference/rest/v1/projects.locations.instances#Instance.FIELDS.redis_configs","description_kind":"plain","computed":true},"redis_version":{"type":"string","description":"The version of Redis software. If not provided, latest supported\nversion will be used. Please check the API documentation linked\nat the top for the latest valid values.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The name of the Redis region of the instance.","description_kind":"plain","optional":true},"replica_count":{"type":"number","description":"Optional. The number of replica nodes. The valid range for the Standard Tier with\nread replicas enabled is [1-5] and defaults to 2. If read replicas are not enabled\nfor a Standard Tier instance, the only valid value is 1 and the default is 1.\nThe valid value for basic tier is 0 and the default is also 0.","description_kind":"plain","computed":true},"reserved_ip_range":{"type":"string","description":"The CIDR range of internal addresses that are reserved for this\ninstance. If not provided, the service will choose an unused /29\nblock, for example, 10.0.0.0/29 or 192.168.0.0/29. Ranges must be\nunique and non-overlapping with existing subnets in an authorized\nnetwork.","description_kind":"plain","computed":true},"secondary_ip_range":{"type":"string","description":"Optional. Additional IP range for node placement. Required when enabling read replicas on\nan existing instance. For DIRECT_PEERING mode value must be a CIDR range of size /28, or\n\"auto\". For PRIVATE_SERVICE_ACCESS mode value must be the name of an allocated address\nrange associated with the private service access connection, or \"auto\".","description_kind":"plain","computed":true},"server_ca_certs":{"type":["list",["object",{"cert":"string","create_time":"string","expire_time":"string","serial_number":"string","sha1_fingerprint":"string"}]],"description":"List of server CA certificates for the instance.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"tier":{"type":"string","description":"The service tier of the instance. Must be one of these values:\n\n- BASIC: standalone instance\n- STANDARD_HA: highly available primary/replica instances Default value: \"BASIC\" Possible values: [\"BASIC\", \"STANDARD_HA\"]","description_kind":"plain","computed":true},"transit_encryption_mode":{"type":"string","description":"The TLS mode of the Redis instance, If not provided, TLS is disabled for the instance.\n\n- SERVER_AUTHENTICATION: Client to Server traffic encryption enabled with server authentication Default value: \"DISABLED\" Possible values: [\"SERVER_AUTHENTICATION\", \"DISABLED\"]","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_scc_source_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"organization":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"source":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret":{"version":0,"block":{"attributes":{"annotations":{"type":["map","string"],"description":"Custom metadata about the secret.\n\nAnnotations are distinct from various forms of labels. Annotations exist to allow\nclient tools to store their own state information without requiring a database.\n\nAnnotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of\nmaximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and\nmay have dashes (-), underscores (_), dots (.), and alphanumerics in between these\nsymbols.\n\nThe total size of annotation keys and values must be less than 16KiB.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.\nPlease refer to the field 'effective_annotations' for all of the annotations present on the resource.","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"The time at which the Secret was created.","description_kind":"plain","computed":true},"effective_annotations":{"type":["map","string"],"description":"All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"expire_time":{"type":"string","description":"Timestamp in UTC when the Secret is scheduled to expire. This is always provided on output, regardless of what was sent on input.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".\nOnly one of 'expire_time' or 'ttl' can be provided.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"The labels assigned to this Secret.\n\nLabel keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}][\\p{Ll}\\p{Lo}\\p{N}_-]{0,62}\n\nLabel values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes,\nand must conform to the following PCRE regular expression: [\\p{Ll}\\p{Lo}\\p{N}_-]{0,63}\n\nNo more than 64 labels can be assigned to a given resource.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Secret. Format:\n'projects/{{project}}/secrets/{{secret_id}}'","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"replication":{"type":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"description":"The replication policy of the secret data attached to the Secret. It cannot be changed\nafter the Secret has been created.","description_kind":"plain","computed":true},"rotation":{"type":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"description":"The rotation time and period for a Secret. At 'next_rotation_time', Secret Manager will send a Pub/Sub notification to the topics configured on the Secret. 'topics' must be set to configure rotation.","description_kind":"plain","computed":true},"secret_id":{"type":"string","description":"This must be unique within the project.","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"topics":{"type":["list",["object",{"name":"string"}]],"description":"A list of up to 10 Pub/Sub topics to which messages are published when control plane operations are called on the secret or its versions.","description_kind":"plain","computed":true},"ttl":{"type":"string","description":"The TTL for the Secret.\nA duration in seconds with up to nine fractional digits, terminated by 's'. Example: \"3.5s\".\nOnly one of 'ttl' or 'expire_time' can be provided.","description_kind":"plain","computed":true},"version_aliases":{"type":["map","string"],"description":"Mapping from version alias to version name.\n\nA version alias is a string with a maximum length of 63 characters and can contain\nuppercase and lowercase letters, numerals, and the hyphen (-) and underscore ('_')\ncharacters. An alias string must start with a letter and cannot be the string\n'latest' or 'NEW'. No more than 50 aliases can be assigned to a given secret.\n\nAn object containing a list of \"key\": value pairs. Example:\n{ \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.","description_kind":"plain","computed":true},"version_destroy_ttl":{"type":"string","description":"Secret Version TTL after destruction request.\nThis is a part of the delayed delete feature on Secret Version.\nFor secret with versionDestroyTtl\u003e0, version destruction doesn't happen immediately\non calling destroy instead the version goes to a disabled state and\nthe actual destruction happens after this TTL expires.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_secret_manager_secret_version":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"destroy_time":{"type":"string","description_kind":"plain","computed":true},"enabled":{"type":"bool","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secret_version_access":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secret":{"type":"string","description_kind":"plain","required":true},"secret_data":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"version":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_secret_manager_secrets":{"version":0,"block":{"attributes":{"filter":{"type":"string","description":"Filter string, adhering to the rules in List-operation filtering (https://cloud.google.com/secret-manager/docs/filtering).\nList only secrets matching the filter. If filter is empty, all secrets are listed.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"secrets":{"type":["list",["object",{"annotations":["map","string"],"create_time":"string","effective_annotations":["map","string"],"effective_labels":["map","string"],"expire_time":"string","labels":["map","string"],"name":"string","project":"string","replication":["list",["object",{"auto":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]]}]],"user_managed":["list",["object",{"replicas":["list",["object",{"customer_managed_encryption":["list",["object",{"kms_key_name":"string"}]],"location":"string"}]]}]]}]],"rotation":["list",["object",{"next_rotation_time":"string","rotation_period":"string"}]],"secret_id":"string","terraform_labels":["map","string"],"topics":["list",["object",{"name":"string"}]],"ttl":"string","version_aliases":["map","string"],"version_destroy_ttl":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_secure_source_manager_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_id":{"type":"string","description_kind":"plain","required":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_service_account":{"version":0,"block":{"attributes":{"account_id":{"type":"string","description_kind":"plain","required":true},"display_name":{"type":"string","description_kind":"plain","computed":true},"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"unique_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_service_account_access_token":{"version":0,"block":{"attributes":{"access_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"lifetime":{"type":"string","description_kind":"plain","optional":true},"scopes":{"type":["set","string"],"description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"service_account_id":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_id_token":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"id_token":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"include_email":{"type":"bool","description_kind":"plain","optional":true},"target_audience":{"type":"string","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_account_jwt":{"version":0,"block":{"attributes":{"delegates":{"type":["set","string"],"description_kind":"plain","optional":true},"expires_in":{"type":"number","description":"Number of seconds until the JWT expires. If set and non-zero an `exp` claim will be added to the payload derived from the current timestamp plus expires_in seconds.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"jwt":{"type":"string","description_kind":"plain","computed":true,"sensitive":true},"payload":{"type":"string","description":"A JSON-encoded JWT claims set that will be included in the signed JWT.","description_kind":"plain","required":true},"target_service_account":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_service_account_key":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"key_algorithm":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"public_key":{"type":"string","description_kind":"plain","computed":true},"public_key_type":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_service_networking_peered_dns_domain":{"version":0,"block":{"attributes":{"dns_suffix":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"network":{"type":"string","description_kind":"plain","required":true},"parent":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","required":true},"service":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_sourcerepo_repository":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description":"Resource name of the repository, of the form '{{repo}}'.\nThe repo name may contain slashes. eg, 'name/with/slash'","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"pubsub_configs":{"type":["set",["object",{"message_format":"string","service_account_email":"string","topic":"string"}]],"description":"How this repository publishes a change in the repository through Cloud Pub/Sub.\nKeyed by the topic names.","description_kind":"plain","computed":true},"size":{"type":"number","description":"The disk usage of the repo, in bytes.","description_kind":"plain","computed":true},"url":{"type":"string","description":"URL to clone the repository from Google Cloud Source Repositories.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sourcerepo_repository_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"repository":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_spanner_database_iam_policy":{"version":0,"block":{"attributes":{"database":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_spanner_instance":{"version":0,"block":{"attributes":{"autoscaling_config":{"type":["list",["object",{"autoscaling_limits":["list",["object",{"max_nodes":"number","max_processing_units":"number","min_nodes":"number","min_processing_units":"number"}]],"autoscaling_targets":["list",["object",{"high_priority_cpu_utilization_percent":"number","storage_utilization_percent":"number"}]]}]],"description":"The autoscaling configuration. Autoscaling is enabled if this field is set.\nWhen autoscaling is enabled, num_nodes and processing_units are treated as,\nOUTPUT_ONLY fields and reflect the current compute capacity allocated to\nthe instance.","description_kind":"plain","computed":true},"config":{"type":"string","description":"The name of the instance's configuration (similar but not\nquite the same as a region) which defines the geographic placement and\nreplication of your databases in this instance. It determines where your data\nis stored. Values are typically of the form 'regional-europe-west1' , 'us-central' etc.\nIn order to obtain a valid list please consult the\n[Configuration section of the docs](https://cloud.google.com/spanner/docs/instances).","description_kind":"plain","optional":true},"display_name":{"type":"string","description":"The descriptive name for this instance as it appears in UIs. Must be\nunique per project and between 4 and 30 characters in length.","description_kind":"plain","optional":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a spanner instance, this boolean option will delete all backups of this instance.\nThis must be set to true if you created a backup manually in the console.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"An object containing a list of \"key\": value pairs.\nExample: { \"name\": \"wrench\", \"mass\": \"1.3kg\", \"count\": \"3\" }.\n\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"name":{"type":"string","description":"A unique identifier for the instance, which cannot be changed after\nthe instance is created. The name must be between 6 and 30 characters\nin length.\n\n\nIf not provided, a random string starting with 'tf-' will be selected.","description_kind":"plain","required":true},"num_nodes":{"type":"number","description":"The number of nodes allocated to this instance. Exactly one of either node_count or processing_units\nmust be present in terraform.","description_kind":"plain","computed":true},"processing_units":{"type":"number","description":"The number of processing units allocated to this instance. Exactly one of processing_units\nor node_count must be present in terraform.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"Instance status: 'CREATING' or 'READY'.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_spanner_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_backup_run":{"version":0,"block":{"attributes":{"backup_id":{"type":"number","description":"The identifier for this backup run. Unique only for a specific Cloud SQL instance. If left empty and multiple backups exist for the instance, most_recent must be set to true.","description_kind":"plain","optional":true,"computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"Name of the database instance.","description_kind":"plain","required":true},"location":{"type":"string","description":"Location of the backups.","description_kind":"plain","computed":true},"most_recent":{"type":"bool","description":"Toggles use of the most recent backup run if multiple backups exist for a Cloud SQL instance.","description_kind":"plain","optional":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true,"computed":true},"start_time":{"type":"string","description":"The time the backup operation actually started in UTC timezone in RFC 3339 format, for example 2012-11-15T16:19:00.094Z.","description_kind":"plain","computed":true},"status":{"type":"string","description":"The status of this run.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_ca_certs":{"version":0,"block":{"attributes":{"active_version":{"type":"string","description_kind":"plain","computed":true},"certs":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database":{"version":0,"block":{"attributes":{"charset":{"type":"string","description":"The charset value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html)\nfor more details and supported values. Postgres databases only support\na value of 'UTF8' at creation time.","description_kind":"plain","computed":true},"collation":{"type":"string","description":"The collation value. See MySQL's\n[Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html)\nand Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html)\nfor more details and supported values. Postgres databases only support\na value of 'en_US.UTF8' at creation time.","description_kind":"plain","computed":true},"deletion_policy":{"type":"string","description":"The deletion policy for the database. Setting ABANDON allows the resource\nto be abandoned rather than deleted. This is useful for Postgres, where databases cannot be\ndeleted from the API if there are users other than cloudsqlsuperuser with access. Possible\nvalues are: \"ABANDON\", \"DELETE\". Defaults to \"DELETE\".","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL instance. This does not include the project\nID.","description_kind":"plain","required":true},"name":{"type":"string","description":"The name of the database in the Cloud SQL instance.\nThis does not include the project ID or instance name.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"self_link":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance":{"version":0,"block":{"attributes":{"available_maintenance_versions":{"type":["list","string"],"description":"Available Maintenance versions.","description_kind":"plain","computed":true},"clone":{"type":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"description":"Configuration for creating a new instance as a clone of another instance.","description_kind":"plain","computed":true},"connection_name":{"type":"string","description":"The connection name of the instance to be used in connection strings. For example, when connecting with Cloud SQL Proxy.","description_kind":"plain","computed":true},"database_version":{"type":"string","description":"The MySQL, PostgreSQL or SQL Server (beta) version to use. Supported values include MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB. Database Version Policies includes an up-to-date reference of supported versions.","description_kind":"plain","computed":true},"deletion_protection":{"type":"bool","description":"Used to block Terraform from deleting a SQL Instance. Defaults to true.","description_kind":"plain","computed":true},"dns_name":{"type":"string","description":"The dns name of the instance.","description_kind":"plain","computed":true},"encryption_key_name":{"type":"string","description_kind":"plain","computed":true},"first_ip_address":{"type":"string","description":"The first IPv4 address of any type assigned. This is to support accessing the first address in the list in a terraform output when the resource is configured with a count.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance_type":{"type":"string","description":"The type of the instance. The valid values are:- 'SQL_INSTANCE_TYPE_UNSPECIFIED', 'CLOUD_SQL_INSTANCE', 'ON_PREMISES_INSTANCE' and 'READ_REPLICA_INSTANCE'.","description_kind":"plain","computed":true},"ip_address":{"type":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"description_kind":"plain","computed":true},"maintenance_version":{"type":"string","description":"Maintenance version.","description_kind":"plain","computed":true},"master_instance_name":{"type":"string","description":"The name of the instance that will act as the master in the replication setup. Note, this requires the master to have binary_log_enabled set, as well as existing backups.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the instance. If the name is left blank, Terraform will randomly generate one when the instance is first created. This is done because after a name is used, it cannot be reused for up to one week.","description_kind":"plain","required":true},"private_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"psc_service_attachment_link":{"type":"string","description":"The link to service attachment of PSC instance.","description_kind":"plain","computed":true},"public_ip_address":{"type":"string","description":"IPv4 address assigned. This is a workaround for an issue fixed in Terraform 0.12 but also provides a convenient way to access an IP of a specific type without performing filtering in a Terraform config.","description_kind":"plain","computed":true},"region":{"type":"string","description":"The region the instance will sit in. Note, Cloud SQL is not available in all regions. A valid region must be provided to use this resource. If a region is not provided in the resource definition, the provider region will be used instead, but this will be an apply-time error for instances if the provider region is not supported with Cloud SQL. If you choose not to provide the region argument for this resource, make sure you understand this.","description_kind":"plain","computed":true},"replica_configuration":{"type":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"description":"The configuration for replication.","description_kind":"plain","computed":true},"restore_backup_context":{"type":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"description_kind":"plain","computed":true},"root_password":{"type":"string","description":"Initial root password. Required for MS SQL Server.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"server_ca_cert":{"type":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"description_kind":"plain","computed":true},"service_account_email_address":{"type":"string","description":"The service account email address assigned to the instance.","description_kind":"plain","computed":true},"settings":{"type":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]],"description":"The settings to use for the database. The configuration is detailed below.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_sql_database_instance_latest_recovery_time":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description_kind":"plain","required":true},"latest_recovery_time":{"type":"string","description":"Timestamp, identifies the latest recovery time of the source instance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_sql_database_instances":{"version":0,"block":{"attributes":{"database_version":{"type":"string","description":"To filter out the database instances which are of the specified database version.","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instances":{"type":["list",["object",{"available_maintenance_versions":["list","string"],"clone":["list",["object",{"allocated_ip_range":"string","database_names":["list","string"],"point_in_time":"string","preferred_zone":"string","source_instance_name":"string"}]],"connection_name":"string","database_version":"string","deletion_protection":"bool","dns_name":"string","encryption_key_name":"string","first_ip_address":"string","instance_type":"string","ip_address":["list",["object",{"ip_address":"string","time_to_retire":"string","type":"string"}]],"maintenance_version":"string","master_instance_name":"string","name":"string","private_ip_address":"string","project":"string","psc_service_attachment_link":"string","public_ip_address":"string","region":"string","replica_configuration":["list",["object",{"ca_certificate":"string","client_certificate":"string","client_key":"string","connect_retry_interval":"number","dump_file_path":"string","failover_target":"bool","master_heartbeat_period":"number","password":"string","ssl_cipher":"string","username":"string","verify_server_certificate":"bool"}]],"restore_backup_context":["list",["object",{"backup_run_id":"number","instance_id":"string","project":"string"}]],"root_password":"string","self_link":"string","server_ca_cert":["list",["object",{"cert":"string","common_name":"string","create_time":"string","expiration_time":"string","sha1_fingerprint":"string"}]],"service_account_email_address":"string","settings":["list",["object",{"activation_policy":"string","active_directory_config":["list",["object",{"domain":"string"}]],"advanced_machine_features":["list",["object",{"threads_per_core":"number"}]],"availability_type":"string","backup_configuration":["list",["object",{"backup_retention_settings":["list",["object",{"retained_backups":"number","retention_unit":"string"}]],"binary_log_enabled":"bool","enabled":"bool","location":"string","point_in_time_recovery_enabled":"bool","start_time":"string","transaction_log_retention_days":"number"}]],"collation":"string","connector_enforcement":"string","data_cache_config":["list",["object",{"data_cache_enabled":"bool"}]],"database_flags":["set",["object",{"name":"string","value":"string"}]],"deletion_protection_enabled":"bool","deny_maintenance_period":["list",["object",{"end_date":"string","start_date":"string","time":"string"}]],"disk_autoresize":"bool","disk_autoresize_limit":"number","disk_size":"number","disk_type":"string","edition":"string","enable_google_ml_integration":"bool","insights_config":["list",["object",{"query_insights_enabled":"bool","query_plans_per_minute":"number","query_string_length":"number","record_application_tags":"bool","record_client_address":"bool"}]],"ip_configuration":["list",["object",{"allocated_ip_range":"string","authorized_networks":["set",["object",{"expiration_time":"string","name":"string","value":"string"}]],"enable_private_path_for_google_cloud_services":"bool","ipv4_enabled":"bool","private_network":"string","psc_config":["set",["object",{"allowed_consumer_projects":["set","string"],"psc_enabled":"bool"}]],"require_ssl":"bool","ssl_mode":"string"}]],"location_preference":["list",["object",{"follow_gae_application":"string","secondary_zone":"string","zone":"string"}]],"maintenance_window":["list",["object",{"day":"number","hour":"number","update_track":"string"}]],"password_validation_policy":["list",["object",{"complexity":"string","disallow_username_substring":"bool","enable_password_policy":"bool","min_length":"number","password_change_interval":"string","reuse_interval":"number"}]],"pricing_plan":"string","sql_server_audit_config":["list",["object",{"bucket":"string","retention_interval":"string","upload_interval":"string"}]],"tier":"string","time_zone":"string","user_labels":["map","string"],"version":"number"}]]}]],"description_kind":"plain","computed":true},"project":{"type":"string","description":"Project ID of the project that contains the instances.","description_kind":"plain","optional":true},"region":{"type":"string","description":"To filter out the database instances which are located in this specified region.","description_kind":"plain","optional":true},"state":{"type":"string","description":"To filter out the database instances based on the current state of the database instance, valid values include : \"SQL_INSTANCE_STATE_UNSPECIFIED\", \"RUNNABLE\", \"SUSPENDED\", \"PENDING_DELETE\", \"PENDING_CREATE\", \"MAINTENANCE\" and \"FAILED\".","description_kind":"plain","optional":true},"tier":{"type":"string","description":"To filter out the database instances based on the machine type.","description_kind":"plain","optional":true},"zone":{"type":"string","description":"To filter out the database instances which are located in this specified zone.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_databases":{"version":0,"block":{"attributes":{"databases":{"type":["list",["object",{"charset":"string","collation":"string","deletion_policy":"string","instance":"string","name":"string","project":"string","self_link":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"instance":{"type":"string","description":"The name of the Cloud SQL database instance in which the database belongs.","description_kind":"plain","required":true},"project":{"type":"string","description":"Project ID of the project that contains the instance.","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_sql_tiers":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description":"Project ID of the project for which to list tiers.","description_kind":"plain","optional":true,"computed":true},"tiers":{"type":["list",["object",{"disk_quota":"number","ram":"number","region":["list","string"],"tier":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket":{"version":1,"block":{"attributes":{"autoclass":{"type":["list",["object",{"enabled":"bool","terminal_storage_class":"string"}]],"description":"The bucket's autoclass configuration.","description_kind":"plain","computed":true},"cors":{"type":["list",["object",{"max_age_seconds":"number","method":["list","string"],"origin":["list","string"],"response_header":["list","string"]}]],"description":"The bucket's Cross-Origin Resource Sharing (CORS) configuration.","description_kind":"plain","computed":true},"custom_placement_config":{"type":["list",["object",{"data_locations":["set","string"]}]],"description":"The bucket's custom location configuration, which specifies the individual regions that comprise a dual-region bucket. If the bucket is designated a single or multi-region, the parameters are empty.","description_kind":"plain","computed":true},"default_event_based_hold":{"type":"bool","description":"Whether or not to automatically apply an eventBasedHold to new objects added to the bucket.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"enable_object_retention":{"type":"bool","description":"Enables each object in the bucket to have its own retention policy, which prevents deletion until stored for a specific length of time.","description_kind":"plain","computed":true},"encryption":{"type":["list",["object",{"default_kms_key_name":"string"}]],"description":"The bucket's encryption configuration.","description_kind":"plain","computed":true},"force_destroy":{"type":"bool","description":"When deleting a bucket, this boolean option will delete all contained objects. If you try to delete a bucket that contains objects, Terraform will fail that run.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"labels":{"type":["map","string"],"description":"A set of key/value label pairs to assign to the bucket.","description_kind":"plain","computed":true},"lifecycle_rule":{"type":["list",["object",{"action":["set",["object",{"storage_class":"string","type":"string"}]],"condition":["set",["object",{"age":"number","created_before":"string","custom_time_before":"string","days_since_custom_time":"number","days_since_noncurrent_time":"number","matches_prefix":["list","string"],"matches_storage_class":["list","string"],"matches_suffix":["list","string"],"no_age":"bool","noncurrent_time_before":"string","num_newer_versions":"number","with_state":"string"}]]}]],"description":"The bucket's Lifecycle Rules configuration.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The Google Cloud Storage location","description_kind":"plain","computed":true},"logging":{"type":["list",["object",{"log_bucket":"string","log_object_prefix":"string"}]],"description":"The bucket's Access \u0026 Storage Logs configuration.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the bucket.","description_kind":"plain","required":true},"project":{"type":"string","description":"The ID of the project in which the resource belongs. If it is not provided, the provider project is used.","description_kind":"plain","optional":true},"project_number":{"type":"number","description":"The project number of the project in which the resource belongs.","description_kind":"plain","computed":true},"public_access_prevention":{"type":"string","description":"Prevents public access to a bucket.","description_kind":"plain","computed":true},"requester_pays":{"type":"bool","description":"Enables Requester Pays on a storage bucket.","description_kind":"plain","computed":true},"retention_policy":{"type":["list",["object",{"is_locked":"bool","retention_period":"number"}]],"description":"Configuration of the bucket's data retention policy for how long objects in the bucket should be retained.","description_kind":"plain","computed":true},"rpo":{"type":"string","description":"Specifies the RPO setting of bucket. If set 'ASYNC_TURBO', The Turbo Replication will be enabled for the dual-region bucket. Value 'DEFAULT' will set RPO setting to default. Turbo Replication is only for buckets in dual-regions.See the docs for more details.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"The URI of the created resource.","description_kind":"plain","computed":true},"soft_delete_policy":{"type":["list",["object",{"effective_time":"string","retention_duration_seconds":"number"}]],"description":"The bucket's soft delete policy, which defines the period of time that soft-deleted objects will be retained, and cannot be permanently deleted. If it is not provided, by default Google Cloud Storage sets this to default soft delete policy","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE.","description_kind":"plain","computed":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource and default labels configured on the provider.","description_kind":"plain","computed":true},"uniform_bucket_level_access":{"type":"bool","description":"Enables uniform bucket-level access on a bucket.","description_kind":"plain","computed":true},"url":{"type":"string","description":"The base URL of the bucket, in the format gs://\u003cbucket-name\u003e.","description_kind":"plain","computed":true},"versioning":{"type":["list",["object",{"enabled":"bool"}]],"description":"The bucket's Versioning configuration.","description_kind":"plain","computed":true},"website":{"type":["list",["object",{"main_page_suffix":"string","not_found_page":"string"}]],"description":"Configuration if the bucket acts as a website.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_iam_policy":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","optional":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","computed":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","optional":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_object_content":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description":"The name of the containing bucket.","description_kind":"plain","required":true},"cache_control":{"type":"string","description":"Cache-Control directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600","description_kind":"plain","computed":true},"content":{"type":"string","description":"Data as string to be uploaded. Must be defined if source is not. Note: The content field is marked as sensitive. To view the raw contents of the object, please define an output.","description_kind":"plain","optional":true},"content_disposition":{"type":"string","description":"Content-Disposition of the object data.","description_kind":"plain","computed":true},"content_encoding":{"type":"string","description":"Content-Encoding of the object data.","description_kind":"plain","computed":true},"content_language":{"type":"string","description":"Content-Language of the object data.","description_kind":"plain","computed":true},"content_type":{"type":"string","description":"Content-Type of the object data. Defaults to \"application/octet-stream\" or \"text/plain; charset=utf-8\".","description_kind":"plain","computed":true},"crc32c":{"type":"string","description":"Base 64 CRC32 hash of the uploaded data.","description_kind":"plain","computed":true},"customer_encryption":{"type":["list",["object",{"encryption_algorithm":"string","encryption_key":"string"}]],"description":"Encryption key; encoded using base64.","description_kind":"plain","computed":true},"detect_md5hash":{"type":"string","description_kind":"plain","computed":true},"event_based_hold":{"type":"bool","description":"Whether an object is under event-based hold. Event-based hold is a way to retain objects until an event occurs, which is signified by the hold's release (i.e. this value is set to false). After being released (set to false), such objects will be subject to bucket-level retention (if any).","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"kms_key_name":{"type":"string","description":"Resource name of the Cloud KMS key that will be used to encrypt the object. Overrides the object metadata's kmsKeyName value, if any.","description_kind":"plain","computed":true},"md5hash":{"type":"string","description":"Base 64 MD5 hash of the uploaded data.","description_kind":"plain","computed":true},"media_link":{"type":"string","description":"A url reference to download this object.","description_kind":"plain","computed":true},"metadata":{"type":["map","string"],"description":"User-provided metadata, in key/value pairs.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the object. If you're interpolating the name of this object, see output_name instead.","description_kind":"plain","required":true},"output_name":{"type":"string","description":"The name of the object. Use this field in interpolations with google_storage_object_acl to recreate google_storage_object_acl resources when your google_storage_bucket_object is recreated.","description_kind":"plain","computed":true},"retention":{"type":["list",["object",{"mode":"string","retain_until_time":"string"}]],"description":"Object level retention configuration.","description_kind":"plain","computed":true},"self_link":{"type":"string","description":"A url reference to this object.","description_kind":"plain","computed":true},"source":{"type":"string","description":"A path to the data you want to upload. Must be defined if content is not.","description_kind":"plain","computed":true},"storage_class":{"type":"string","description":"The StorageClass of the new bucket object. Supported values include: MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE. If not provided, this defaults to the bucket's default storage class or to a standard class.","description_kind":"plain","computed":true},"temporary_hold":{"type":"bool","description":"Whether an object is under temporary hold. While this flag is set to true, the object is protected against deletion and overwrites.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_bucket_objects":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"bucket_objects":{"type":["list",["object",{"content_type":"string","media_link":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"match_glob":{"type":"string","description_kind":"plain","optional":true},"prefix":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_buckets":{"version":0,"block":{"attributes":{"buckets":{"type":["list",["object",{"labels":["map","string"],"location":"string","name":"string","self_link":"string","storage_class":"string"}]],"description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"prefix":{"type":"string","description_kind":"plain","optional":true},"project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_object_signed_url":{"version":0,"block":{"attributes":{"bucket":{"type":"string","description_kind":"plain","required":true},"content_md5":{"type":"string","description_kind":"plain","optional":true},"content_type":{"type":"string","description_kind":"plain","optional":true},"credentials":{"type":"string","description_kind":"plain","optional":true,"sensitive":true},"duration":{"type":"string","description_kind":"plain","optional":true},"extension_headers":{"type":["map","string"],"description_kind":"plain","optional":true},"http_method":{"type":"string","description_kind":"plain","optional":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"path":{"type":"string","description_kind":"plain","required":true},"signed_url":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_storage_project_service_account":{"version":0,"block":{"attributes":{"email_address":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"user_project":{"type":"string","description_kind":"plain","optional":true}},"description_kind":"plain"}},"google_storage_transfer_project_service_account":{"version":0,"block":{"attributes":{"email":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"member":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"subject_id":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_key_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_key":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_keys":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"keys":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","purpose":"string","purpose_data":["map","string"],"short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_value":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description_kind":"plain","computed":true},"description":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","computed":true},"name":{"type":"string","description_kind":"plain","computed":true},"namespaced_name":{"type":"string","description_kind":"plain","computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"short_name":{"type":"string","description_kind":"plain","required":true},"update_time":{"type":"string","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tags_tag_value_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"tag_value":{"type":"string","description_kind":"plain","required":true}},"description_kind":"plain"}},"google_tags_tag_values":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description_kind":"plain","required":true},"values":{"type":["list",["object",{"create_time":"string","description":"string","name":"string","namespaced_name":"string","parent":"string","short_name":"string","update_time":"string"}]],"description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_tpu_tensorflow_versions":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true},"versions":{"type":["list","string"],"description_kind":"plain","computed":true},"zone":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}},"google_vertex_ai_index":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"The timestamp of when the Index was created in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true},"deployed_indexes":{"type":["list",["object",{"deployed_index_id":"string","index_endpoint":"string"}]],"description":"The pointers to DeployedIndexes created from this Index. An Index can be only deleted if all its DeployedIndexes had been undeployed first.","description_kind":"plain","computed":true},"description":{"type":"string","description":"The description of the Index.","description_kind":"plain","computed":true},"display_name":{"type":"string","description":"The display name of the Index. The name can be up to 128 characters long and can consist of any UTF-8 characters.","description_kind":"plain","computed":true},"effective_labels":{"type":["map","string"],"description":"All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.","description_kind":"plain","computed":true},"etag":{"type":"string","description":"Used to perform consistent read-modify-write updates.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"index_stats":{"type":["list",["object",{"shards_count":"number","vectors_count":"string"}]],"description":"Stats of the index resource.","description_kind":"plain","computed":true},"index_update_method":{"type":"string","description":"The update method to use with this Index. The value must be the followings. If not set, BATCH_UPDATE will be used by default.\n* BATCH_UPDATE: user can call indexes.patch with files on Cloud Storage of datapoints to update.\n* STREAM_UPDATE: user can call indexes.upsertDatapoints/DeleteDatapoints to update the Index and the updates will be applied in corresponding DeployedIndexes in nearly real-time.","description_kind":"plain","computed":true},"labels":{"type":["map","string"],"description":"The labels with user-defined metadata to organize your Indexes.\n\n**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.\nPlease refer to the field 'effective_labels' for all of the labels present on the resource.","description_kind":"plain","computed":true},"metadata":{"type":["list",["object",{"config":["list",["object",{"algorithm_config":["list",["object",{"brute_force_config":["list",["object",{}]],"tree_ah_config":["list",["object",{"leaf_node_embedding_count":"number","leaf_nodes_to_search_percent":"number"}]]}]],"approximate_neighbors_count":"number","dimensions":"number","distance_measure_type":"string","feature_norm_type":"string","shard_size":"string"}]],"contents_delta_uri":"string","is_complete_overwrite":"bool"}]],"description":"An additional information about the Index","description_kind":"plain","computed":true},"metadata_schema_uri":{"type":"string","description":"Points to a YAML file stored on Google Cloud Storage describing additional information about the Index, that is specific to it. Unset if the Index does not have any additional information.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The resource name of the Index.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"The region of the index. eg us-central1","description_kind":"plain","required":true},"terraform_labels":{"type":["map","string"],"description":"The combination of labels configured directly on the resource\n and default labels configured on the provider.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"The timestamp of when the Index was last updated in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine fractional digits.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_cluster":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"management":{"type":"bool","description":"True if the cluster is a management cluster; false otherwise.\nThere can only be one management cluster in a private cloud and it has to be the first one.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Cluster.","description_kind":"plain","required":true},"node_type_configs":{"type":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"description":"The map of cluster node types in this cluster,\nwhere the key is canonical identifier of the node type (corresponds to the NodeType).","description_kind":"plain","computed":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new cluster in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_access_rule":{"version":0,"block":{"attributes":{"action":{"type":"string","description":"The action that the external access rule performs. Possible values: [\"ALLOW\", \"DENY\"]","description_kind":"plain","computed":true},"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for the external access rule.","description_kind":"plain","computed":true},"destination_ip_ranges":{"type":["list",["object",{"external_address":"string","ip_address_range":"string"}]],"description":"If destination ranges are specified, the external access rule applies only to\ntraffic that has a destination IP address in these ranges.","description_kind":"plain","computed":true},"destination_ports":{"type":["list","string"],"description":"A list of destination ports to which the external access rule applies.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_protocol":{"type":"string","description":"The IP protocol to which the external access rule applies.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external access rule.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the network policy.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/networkPolicies/my-policy","description_kind":"plain","required":true},"priority":{"type":"number","description":"External access rule priority, which determines the external access rule to use when multiple rules apply.","description_kind":"plain","computed":true},"source_ip_ranges":{"type":["list",["object",{"ip_address":"string","ip_address_range":"string"}]],"description":"If source ranges are specified, the external access rule applies only to\ntraffic that has a source IP address in these ranges.","description_kind":"plain","computed":true},"source_ports":{"type":["list","string"],"description":"A list of source ports to which the external access rule applies.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the Cluster.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_external_address":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this resource.","description_kind":"plain","computed":true},"external_ip":{"type":"string","description":"The external IP address of a workload VM.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internal_ip":{"type":"string","description":"The internal IP address of a workload VM.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the external IP Address.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new external address in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"state":{"type":"string","description":"State of the resource.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this VMware Engine network.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the VMwareEngineNetwork should reside.","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the VMwareEngineNetwork.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the VMware Engine network.","description_kind":"plain","computed":true},"type":{"type":"string","description":"VMware Engine network type. Possible values: [\"LEGACY\", \"STANDARD\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vpc_networks":{"type":["list",["object",{"network":"string","type":"string"}]],"description":"VMware Engine service VPC networks that provide connectivity from a private cloud to customer projects,\nthe internet, and other Google Cloud services.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_peering":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network peering.","description_kind":"plain","computed":true},"export_custom_routes":{"type":"bool","description":"True if custom routes are exported to the peered network; false otherwise.","description_kind":"plain","computed":true},"export_custom_routes_with_public_ip":{"type":"bool","description":"True if all subnet routes with a public IP address range are exported; false otherwise.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"import_custom_routes":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"import_custom_routes_with_public_ip":{"type":"bool","description":"True if custom routes are imported from the peered network; false otherwise.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the Network Peering.","description_kind":"plain","required":true},"peer_network":{"type":"string","description":"The relative resource name of the network to peer with a standard VMware Engine network.\nThe provided network can be a consumer VPC network or another standard VMware Engine network.","description_kind":"plain","computed":true},"peer_network_type":{"type":"string","description":"The type of the network to peer with the VMware Engine network. Possible values: [\"STANDARD\", \"VMWARE_ENGINE_NETWORK\", \"PRIVATE_SERVICES_ACCESS\", \"NETAPP_CLOUD_VOLUMES\", \"THIRD_PARTY_SERVICE\", \"DELL_POWERSCALE\"]","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the network peering.\nThis field has a value of 'ACTIVE' when there's a matching configuration in the peer network.\nNew values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"state_details":{"type":"string","description":"Details about the current state of the network peering.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_network_policy":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"description":{"type":"string","description":"User-provided description for this network policy.","description_kind":"plain","computed":true},"edge_services_cidr":{"type":"string","description":"IP address range in CIDR notation used to create internet access and external IP access.\nAn RFC 1918 CIDR block, with a \"/26\" prefix, is required. The range cannot overlap with any\nprefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.","description_kind":"plain","computed":true},"external_ip":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows External IP addresses to be assigned to VMware workloads.\nThis service can only be enabled when internetAccess is also enabled.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"internet_access":{"type":["list",["object",{"enabled":"bool","state":"string"}]],"description":"Network service that allows VMware workloads to access the internet.","description_kind":"plain","computed":true},"location":{"type":"string","description":"The resource name of the location (region) to create the new network policy in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-central1","description_kind":"plain","required":true},"name":{"type":"string","description":"The ID of the Network Policy.","description_kind":"plain","required":true},"project":{"type":"string","description_kind":"plain","optional":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vmware_engine_network":{"type":"string","description":"The relative resource name of the VMware Engine network. Specify the name in the following form:\nprojects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project}\ncan either be a project number or a project ID.","description_kind":"plain","computed":true},"vmware_engine_network_canonical":{"type":"string","description":"The canonical name of the VMware Engine network in the form:\nprojects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_nsx_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains NSX.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_private_cloud":{"version":0,"block":{"attributes":{"description":{"type":"string","description":"User-provided description for this private cloud.","description_kind":"plain","computed":true},"hcx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a HCX Cloud Manager appliance.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description":"The location where the PrivateCloud should reside.","description_kind":"plain","required":true},"management_cluster":{"type":["list",["object",{"cluster_id":"string","node_type_configs":["set",["object",{"custom_core_count":"number","node_count":"number","node_type_id":"string"}]],"stretched_cluster_config":["list",["object",{"preferred_location":"string","secondary_location":"string"}]]}]],"description":"The management cluster for this private cloud. This used for creating and managing the default cluster.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the PrivateCloud.","description_kind":"plain","required":true},"network_config":{"type":["list",["object",{"dns_server_ip":"string","management_cidr":"string","management_ip_address_layout_version":"number","vmware_engine_network":"string","vmware_engine_network_canonical":"string"}]],"description":"Network configuration in the consumer project with which the peering has to be done.","description_kind":"plain","computed":true},"nsx":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a NSX Manager appliance.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"state":{"type":"string","description":"State of the resource. New values may be added to this enum when appropriate.","description_kind":"plain","computed":true},"type":{"type":"string","description":"Initial type of the private cloud. Possible values: [\"STANDARD\", \"TIME_LIMITED\", \"STRETCHED\"]","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"vcenter":{"type":["list",["object",{"fqdn":"string","internal_ip":"string","state":"string","version":"string"}]],"description":"Details about a vCenter Server management appliance.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_subnet":{"version":0,"block":{"attributes":{"create_time":{"type":"string","description":"Creation time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and\nup to nine fractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"dhcp_address_ranges":{"type":["list",["object",{"first_address":"string","last_address":"string"}]],"description":"DHCP address ranges.","description_kind":"plain","computed":true},"gateway_id":{"type":"string","description":"The canonical identifier of the logical router that this subnet is attached to.","description_kind":"plain","computed":true},"gateway_ip":{"type":"string","description":"The IP address of the gateway of this subnet. Must fall within the IP prefix defined above.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The IP address range of the subnet in CIDR format.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The ID of the subnet. For userDefined subnets, this name should be in the format of \"service-n\",\nwhere n ranges from 1 to 5.","description_kind":"plain","required":true},"parent":{"type":"string","description":"The resource name of the private cloud to create a new subnet in.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"standard_config":{"type":"bool","description":"Whether the NSX-T configuration in the backend follows the standard configuration supported by Google Cloud.\nIf false, the subnet cannot be modified through Google Cloud, only through NSX-T directly.","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the subnet.","description_kind":"plain","computed":true},"type":{"type":"string","description":"The type of the subnet.","description_kind":"plain","computed":true},"uid":{"type":"string","description":"System-generated unique identifier for the resource.","description_kind":"plain","computed":true},"update_time":{"type":"string","description":"Last updated time of this resource.\nA timestamp in RFC3339 UTC \"Zulu\" format, with nanosecond resolution and up to nine\nfractional digits. Examples: \"2014-10-02T15:01:23Z\" and \"2014-10-02T15:01:23.045123456Z\".","description_kind":"plain","computed":true},"vlan_id":{"type":"number","description":"VLAN ID of the VLAN on which the subnet is configured.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vmwareengine_vcenter_credentials":{"version":0,"block":{"attributes":{"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"parent":{"type":"string","description":"The resource name of the private cloud which contains vcenter.\nResource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names.\nFor example: projects/my-project/locations/us-west1-a/privateClouds/my-cloud","description_kind":"plain","required":true},"password":{"type":"string","description":"Initial password.","description_kind":"plain","computed":true},"username":{"type":"string","description":"Initial username.","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_vpc_access_connector":{"version":0,"block":{"attributes":{"connected_projects":{"type":["list","string"],"description":"List of projects using the connector.","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"ip_cidr_range":{"type":"string","description":"The range of internal addresses that follows RFC 4632 notation. Example: '10.132.0.0/28'.","description_kind":"plain","computed":true},"machine_type":{"type":"string","description":"Machine type of VM Instance underlying connector. Default is e2-micro","description_kind":"plain","computed":true},"max_instances":{"type":"number","description":"Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be\nhigher than the value specified by min_instances.","description_kind":"plain","computed":true},"max_throughput":{"type":"number","description":"Maximum throughput of the connector in Mbps, must be greater than 'min_throughput'. Default is 300. Refers to the expected throughput\nwhen using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by\nmin_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of\nmax_throughput is discouraged in favor of max_instances.","description_kind":"plain","computed":true},"min_instances":{"type":"number","description":"Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be\nlower than the value specified by max_instances.","description_kind":"plain","computed":true},"min_throughput":{"type":"number","description":"Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type.\nValue must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and\nmin_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances.","description_kind":"plain","computed":true},"name":{"type":"string","description":"The name of the resource (Max 25 characters).","description_kind":"plain","required":true},"network":{"type":"string","description":"Name or self_link of the VPC network. Required if 'ip_cidr_range' is set.","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true},"region":{"type":"string","description":"Region where the VPC Access connector resides. If it is not provided, the provider region is used.","description_kind":"plain","optional":true},"self_link":{"type":"string","description":"The fully qualified name of this VPC connector","description_kind":"plain","computed":true},"state":{"type":"string","description":"State of the VPC access connector.","description_kind":"plain","computed":true},"subnet":{"type":["list",["object",{"name":"string","project_id":"string"}]],"description":"The subnet in which to house the connector","description_kind":"plain","computed":true}},"description_kind":"plain"}},"google_workbench_instance_iam_policy":{"version":0,"block":{"attributes":{"etag":{"type":"string","description_kind":"plain","computed":true},"id":{"type":"string","description_kind":"plain","optional":true,"computed":true},"location":{"type":"string","description_kind":"plain","optional":true,"computed":true},"name":{"type":"string","description_kind":"plain","required":true},"policy_data":{"type":"string","description_kind":"plain","computed":true},"project":{"type":"string","description_kind":"plain","optional":true,"computed":true}},"description_kind":"plain"}}}}}} diff --git a/go.mod b/go.mod index 2133aa23c..26d66a2d0 100644 --- a/go.mod +++ b/go.mod @@ -11,9 +11,9 @@ require ( github.com/crossplane/crossplane-runtime v1.16.0-rc.2.0.20240510094504-3f697876fa57 github.com/crossplane/crossplane-tools v0.0.0-20230925130601-628280f8bf79 github.com/crossplane/upjet v1.4.1-0.20240612123927-37c7f4e91d57 - github.com/hashicorp/terraform-json v0.18.0 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 - github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14 + github.com/hashicorp/terraform-json v0.21.0 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 + github.com/hashicorp/terraform-provider-google v1.20.1-0.20240506161918-03933998a429 github.com/pkg/errors v0.9.1 gopkg.in/alecthomas/kingpin.v2 v2.2.6 k8s.io/apimachinery v0.29.4 @@ -30,8 +30,8 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v1.1.6 // indirect cloud.google.com/go/longrunning v0.5.5 // indirect - github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect + github.com/GoogleCloudPlatform/declarative-resource-client-library v1.64.0 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alecthomas/kingpin/v2 v2.4.0 // indirect github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect @@ -47,12 +47,12 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe // indirect - github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 // indirect + github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect github.com/dave/jennifer v1.4.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/envoyproxy/go-control-plane v0.11.1 // indirect - github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect + github.com/envoyproxy/go-control-plane v0.12.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fatih/camelcase v1.0.0 // indirect @@ -69,7 +69,7 @@ require ( github.com/go-openapi/swag v0.22.3 // indirect github.com/gobuffalo/flect v1.0.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/glog v1.1.2 // indirect + github.com/golang/glog v1.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/mock v1.6.0 // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -80,7 +80,7 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.1 // indirect + github.com/googleapis/gax-go/v2 v2.12.3 // indirect github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect @@ -91,18 +91,18 @@ require ( github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/go-version v1.6.0 // indirect - github.com/hashicorp/hc-install v0.6.2 // indirect + github.com/hashicorp/hc-install v0.6.3 // indirect github.com/hashicorp/hcl/v2 v2.19.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-exec v0.19.0 // indirect - github.com/hashicorp/terraform-plugin-framework v1.5.0 // indirect + github.com/hashicorp/terraform-exec v0.20.0 // indirect + github.com/hashicorp/terraform-plugin-framework v1.7.0 // indirect github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.20.0 // indirect + github.com/hashicorp/terraform-plugin-go v0.22.1 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/iancoleman/strcase v0.2.0 // indirect + github.com/iancoleman/strcase v0.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -139,34 +139,34 @@ require ( github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect github.com/yuin/goldmark v1.4.13 // indirect - github.com/zclconf/go-cty v1.14.1 // indirect + github.com/zclconf/go-cty v1.14.2 // indirect github.com/zclconf/go-cty-yaml v1.0.3 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect + go.opentelemetry.io/otel v1.24.0 // indirect + go.opentelemetry.io/otel/metric v1.24.0 // indirect + go.opentelemetry.io/otel/trace v1.24.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/crypto v0.22.0 // indirect + golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/oauth2 v0.18.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.166.0 // indirect + google.golang.org/api v0.171.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 // indirect - google.golang.org/grpc v1.61.1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c // indirect + google.golang.org/grpc v1.62.1 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 3b5a55ced..d82a1be7e 100644 --- a/go.sum +++ b/go.sum @@ -16,12 +16,12 @@ cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDn dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0 h1:s4Y6r6RrYLBnqosGXLwR0h1Gqr0VT3wgd6rqvHsD9OE= -github.com/GoogleCloudPlatform/declarative-resource-client-library v1.62.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.64.0 h1:QA90iKudX8ijAW795f/jVbo0oEo7VoevwxLCNyi2qRc= +github.com/GoogleCloudPlatform/declarative-resource-client-library v1.64.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= -github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.0-alpha.0 h1:nHGfwXmFvJrSR9xu8qL7BkO4DqTHXE9N5vPhgY2I+j0= +github.com/ProtonMail/go-crypto v1.1.0-alpha.0/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -50,7 +50,6 @@ github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bufbuild/protocompile v0.6.0 h1:Uu7WiSQ6Yj9DbkdnOe7U4mNKp58y9WDMKDn28/ZlunY= github.com/bufbuild/protocompile v0.6.0/go.mod h1:YNP35qEYoYGme7QMtz5SBCoN4kL4g12jTtjuzRNdjpE= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -59,15 +58,14 @@ github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe h1:QQ3GSy+MqSHxm/d8nCtnAiZdYFd45cYZPs8vOOIYKfk= github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creachadair/staticfile v0.1.2/go.mod h1:a3qySzCIXEprDGxk6tSxSI+dBBdLzqeBOMhZ+o2d3pM= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -93,11 +91,11 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.11.1 h1:wSUXTlLfiAQRWs2F+p+EKOY9rUyis1MyGqJ2DIk5HpM= -github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= +github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI= +github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= @@ -119,8 +117,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.10.1 h1:tu8/D8i+TWxgKpzQ3Vc43e+kkhXqtsZCKI/egajKnxk= -github.com/go-git/go-git/v5 v5.10.1/go.mod h1:uEuHjxkHap8kAl//V5F/nNWwqIYtP/402ddd05mp0wg= +github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= +github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -148,8 +146,8 @@ github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnD github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo= -github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= +github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= +github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -203,8 +201,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.1 h1:9F8GV9r9ztXyAi00gsMQHNoF51xPZm8uj1dpYt2ZETM= -github.com/googleapis/gax-go/v2 v2.12.1/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= +github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= +github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -228,39 +226,39 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.6.2 h1:V1k+Vraqz4olgZ9UzKiAcbman9i9scg9GgSt/U3mw/M= -github.com/hashicorp/hc-install v0.6.2/go.mod h1:2JBpd+NCFKiHiu/yYCGaPyPHhZLxXTpz8oreHa/a3Ps= +github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs= +github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0= github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.19.0 h1:FpqZ6n50Tk95mItTSS9BjeOVUb4eg81SpgVtZNNtFSM= -github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8KiNPZ0FkuTE3H4urQg= -github.com/hashicorp/terraform-json v0.18.0 h1:pCjgJEqqDESv4y0Tzdqfxr/edOIGkjs8keY42xfNBwU= -github.com/hashicorp/terraform-json v0.18.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= -github.com/hashicorp/terraform-plugin-framework v1.5.0 h1:8kcvqJs/x6QyOFSdeAyEgsenVOUeC/IyKpi2ul4fjTg= -github.com/hashicorp/terraform-plugin-framework v1.5.0/go.mod h1:6waavirukIlFpVpthbGd2PUNYaFedB0RwW3MDzJ/rtc= +github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= +github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= +github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= +github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= +github.com/hashicorp/terraform-plugin-framework v1.7.0 h1:wOULbVmfONnJo9iq7/q+iBOBJul5vRovaYJIu2cY/Pw= +github.com/hashicorp/terraform-plugin-framework v1.7.0/go.mod h1:jY9Id+3KbZ17OMpulgnWLSfwxNVYSoYBQFTgsx044CI= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0 h1:LYz4bXh3t7bTEydXOmPDPupRRnA480B/9+jV8yZvxBA= github.com/hashicorp/terraform-plugin-framework-validators v0.9.0/go.mod h1:+BVERsnfdlhYR2YkXMBtPnmn9UsL19U3qUtSZ+Y/5MY= -github.com/hashicorp/terraform-plugin-go v0.20.0 h1:oqvoUlL+2EUbKNsJbIt3zqqZ7wi6lzn4ufkn/UA51xQ= -github.com/hashicorp/terraform-plugin-go v0.20.0/go.mod h1:Rr8LBdMlY53a3Z/HpP+ZU3/xCDqtKNCkeI9qOyT10QE= +github.com/hashicorp/terraform-plugin-go v0.22.1 h1:iTS7WHNVrn7uhe3cojtvWWn83cm2Z6ryIUDTRO0EV7w= +github.com/hashicorp/terraform-plugin-go v0.22.1/go.mod h1:qrjnqRghvQ6KnDbB12XeZ4FluclYwptntoWCr9QaXTI= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-mux v0.13.0 h1:79U401/3nd8CWwDGtTHc8F3miSCAS9XGtVarxSTDgwA= -github.com/hashicorp/terraform-plugin-mux v0.13.0/go.mod h1:Ndv0FtwDG2ogzH59y64f2NYimFJ6I0smRgFUKfm6dyQ= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0 h1:Bl3e2ei2j/Z3Hc2HIS15Gal2KMKyLAZ2om1HCEvK6es= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.31.0/go.mod h1:i2C41tszDjiWfziPQDL5R/f3Zp0gahXe5No/MIO9rCE= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14 h1:BB+BOupNZUkimKK9K50vb/pF+I9rcTyn4XtB4U7Kn6g= -github.com/hashicorp/terraform-provider-google v1.20.1-0.20240304172718-a9e2f2c89f14/go.mod h1:K9mobUNaEYRKutF6EbPghE9FSFM8RJCVs22DMRH6NaA= +github.com/hashicorp/terraform-plugin-mux v0.15.0 h1:+/+lDx0WUsIOpkAmdwBIoFU8UP9o2eZASoOnLsWbKME= +github.com/hashicorp/terraform-plugin-mux v0.15.0/go.mod h1:9ezplb1Dyq394zQ+ldB0nvy/qbNAz3mMoHHseMTMaKo= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20240506161918-03933998a429 h1:jvVifl8ro3+v1UkQTgB7hyJwo+C9r4PCB9r6Ydq/azI= +github.com/hashicorp/terraform-provider-google v1.20.1-0.20240506161918-03933998a429/go.mod h1:h3wr2cJDqr1ZbyP4ap9cRIyjoIiC2nlbjEYo/lavct0= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= github.com/hashicorp/yamux v0.1.1/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= -github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= -github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= +github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= +github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -356,8 +354,8 @@ github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lne github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= @@ -411,25 +409,25 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.8.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= -github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA= -github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI= +github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-yaml v1.0.3 h1:og/eOQ7lvA/WWhHGFETVWNduJM7Rjsv2RRpx1sdFMLc= github.com/zclconf/go-cty-yaml v1.0.3/go.mod h1:9YLUH4g7lOhVWqUbctnVlZ5KLpg7JAprQNgxSZ1Gyxs= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 h1:P+/g8GpuJGYbOp2tAdKrIPUX9JO02q8Q0YNlHolpibA= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0/go.mod h1:tIKj3DbO8N9Y2xo52og3irLsPI4GW02DSMtrVgNMgxg= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 h1:doUP+ExOpH3spVTLS0FcWGLnQrPct/hD/bCPbDRUEAU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0/go.mod h1:rdENBZMT2OE6Ne/KLwpiXudnAsbdrdBaqBvTN8M8BgA= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= +go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= +go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= +go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= +go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= +go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= +go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -444,13 +442,11 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3 h1:hNQpMuAJe5CtcUqCXaWga3FHu+kQvCqcsoVaQgSV60o= -golang.org/x/exp v0.0.0-20240112132812-db7319d0e0e3/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= +golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -458,9 +454,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -477,14 +472,11 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -492,9 +484,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -516,28 +507,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -553,17 +535,16 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= +golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.166.0 h1:6m4NUwrZYhAaVIHZWxaKjw1L1vNAjtMwORmKRyEEo24= -google.golang.org/api v0.166.0/go.mod h1:4FcBc686KFi7QI/U51/2GKKevfZMpM17sCdibqe/bSA= +google.golang.org/api v0.171.0 h1:w174hnBPqut76FzW5Qaupt7zY8Kql6fiVjgys4f58sU= +google.golang.org/api v0.171.0/go.mod h1:Hnq5AHm4OTMt2BUVjael2CWZFD6vksJdWCWiUAmjC9o= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= @@ -575,18 +556,18 @@ google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240205150955-31a09d347014 h1:g/4bk7P6TPMkAUbUhquq98xey1slwvuVJPosdBqYJlU= google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 h1:x9PwdEgd11LgK+orcck69WVRo7DezSO4VUMPI4xpc8A= -google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9 h1:hZB7eLIaYlW9qXRfCq/qDaPdbeY3757uARz5Vvfv+cY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:YUWgXUFRPfoYK1IHMuxH5K6nPEXSCzIMljnQ59lLRCk= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2 h1:rIo7ocm2roD9DcFIX67Ym8icoGCKSARAiPljFhh5suQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c h1:lfpJ/2rWPa/kJgxyyXM8PrNnfCzcmxJ265mADgwmvLI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240314234333-6e1732d8331c/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeterresources.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeterresources.yaml index 89e5d8cec..f8ae62c39 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeterresources.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeterresources.yaml @@ -35,8 +35,8 @@ spec: schema: openAPIV3Schema: description: ServicePerimeterResource is the Schema for the ServicePerimeterResources - API. Allows configuring a single GCP resource that should be inside of a - service perimeter. + API. Allows configuring a single GCP resource that should be inside the + 'status' block of a service perimeter. properties: apiVersion: description: |- diff --git a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml index 221d2d80f..919c21da7 100644 --- a/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml +++ b/package/crds/accesscontextmanager.gcp.upbound.io_serviceperimeters.yaml @@ -3035,9 +3035,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -3155,9 +3156,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -3411,9 +3413,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -3531,9 +3534,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -3928,9 +3932,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -4048,9 +4053,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -4304,9 +4310,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -4424,9 +4431,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -4920,9 +4928,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -5040,9 +5049,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -5217,9 +5227,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array @@ -5337,9 +5348,10 @@ spec: properties: identities: description: |- - A list of identities that are allowed access through this ingress policy. - Should be in the format of email address. The email address should represent - individual user or service account only. + 'A list of identities that are allowed access through this IngressPolicy. + To specify an identity or identity group, use the IAM v1 + format specified here. + The following prefixes are supprted: user, group, serviceAccount, principal, and principalSet.' items: type: string type: array diff --git a/package/crds/alloydb.gcp.upbound.io_clusters.yaml b/package/crds/alloydb.gcp.upbound.io_clusters.yaml index 1d518a3b0..6aae2f508 100644 --- a/package/crds/alloydb.gcp.upbound.io_clusters.yaml +++ b/package/crds/alloydb.gcp.upbound.io_clusters.yaml @@ -2161,6 +2161,49 @@ spec: location: description: The location where the alloydb cluster should reside. type: string + maintenanceUpdatePolicy: + description: |- + MaintenanceUpdatePolicy defines the policy for system updates. + Structure is documented below. + properties: + maintenanceWindows: + description: |- + Preferred windows to perform maintenance. Currently limited to 1. + Structure is documented below. + items: + properties: + day: + description: |- + Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + type: string + startTime: + description: |- + Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the + value "24:00:00" for scenarios like business closing + time. + type: number + minutes: + description: Minutes of hour of day. Currently, + only the value 0 is supported. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Currently, only the value 0 is supported. + type: number + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: number + type: object + type: object + type: array + type: object network: description: |- The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: @@ -2741,6 +2784,49 @@ spec: Please refer to the field effective_labels for all of the labels present on the resource. type: object x-kubernetes-map-type: granular + maintenanceUpdatePolicy: + description: |- + MaintenanceUpdatePolicy defines the policy for system updates. + Structure is documented below. + properties: + maintenanceWindows: + description: |- + Preferred windows to perform maintenance. Currently limited to 1. + Structure is documented below. + items: + properties: + day: + description: |- + Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + type: string + startTime: + description: |- + Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the + value "24:00:00" for scenarios like business closing + time. + type: number + minutes: + description: Minutes of hour of day. Currently, + only the value 0 is supported. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Currently, only the value 0 is supported. + type: number + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: number + type: object + type: object + type: array + type: object network: description: |- The relative resource name of the VPC network on which the instance can be accessed. It is specified in the following form: @@ -3556,6 +3642,49 @@ spec: location: description: The location where the alloydb cluster should reside. type: string + maintenanceUpdatePolicy: + description: |- + MaintenanceUpdatePolicy defines the policy for system updates. + Structure is documented below. + properties: + maintenanceWindows: + description: |- + Preferred windows to perform maintenance. Currently limited to 1. + Structure is documented below. + items: + properties: + day: + description: |- + Preferred day of the week for maintenance, e.g. MONDAY, TUESDAY, etc. + Possible values are: MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, SUNDAY. + type: string + startTime: + description: |- + Preferred time to start the maintenance operation on the specified day. Maintenance will start within 1 hour of this time. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. Should + be from 0 to 23. An API may choose to allow the + value "24:00:00" for scenarios like business closing + time. + type: number + minutes: + description: Minutes of hour of day. Currently, + only the value 0 is supported. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + Currently, only the value 0 is supported. + type: number + seconds: + description: Seconds of minutes of the time. Currently, + only the value 0 is supported. + type: number + type: object + type: object + type: array + type: object migrationSource: description: |- Cluster created via DMS migration. diff --git a/package/crds/alloydb.gcp.upbound.io_instances.yaml b/package/crds/alloydb.gcp.upbound.io_instances.yaml index 2c6d82043..4a97c0cc0 100644 --- a/package/crds/alloydb.gcp.upbound.io_instances.yaml +++ b/package/crds/alloydb.gcp.upbound.io_instances.yaml @@ -1300,6 +1300,32 @@ spec: description: The number of CPU's in the VM instance. type: number type: object + networkConfig: + description: |- + Instance level network configuration. + Structure is documented below. + properties: + authorizedExternalNetworks: + description: |- + A list of external networks authorized to access this instance. This + field is only allowed to be set when enable_public_ip is set to + true. + Structure is documented below. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of + the instance. + type: string + type: object + type: array + enablePublicIp: + description: |- + Enabling public ip for the instance. If a user wishes to disable this, + please also clear the list of the authorized external networks set on + the same instance. + type: boolean + type: object queryInsightsConfig: description: |- Configuration for query insights. @@ -1511,6 +1537,32 @@ spec: description: The number of CPU's in the VM instance. type: number type: object + networkConfig: + description: |- + Instance level network configuration. + Structure is documented below. + properties: + authorizedExternalNetworks: + description: |- + A list of external networks authorized to access this instance. This + field is only allowed to be set when enable_public_ip is set to + true. + Structure is documented below. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of + the instance. + type: string + type: object + type: array + enablePublicIp: + description: |- + Enabling public ip for the instance. If a user wishes to disable this, + please also clear the list of the authorized external networks set on + the same instance. + type: boolean + type: object queryInsightsConfig: description: |- Configuration for query insights. @@ -1835,6 +1887,38 @@ spec: name: description: The name of the instance resource. type: string + networkConfig: + description: |- + Instance level network configuration. + Structure is documented below. + properties: + authorizedExternalNetworks: + description: |- + A list of external networks authorized to access this instance. This + field is only allowed to be set when enable_public_ip is set to + true. + Structure is documented below. + items: + properties: + cidrRange: + description: CIDR range for one authorized network of + the instance. + type: string + type: object + type: array + enablePublicIp: + description: |- + Enabling public ip for the instance. If a user wishes to disable this, + please also clear the list of the authorized external networks set on + the same instance. + type: boolean + type: object + publicIpAddress: + description: |- + The public IP addresses for the Instance. This is available ONLY when + networkConfig.enablePublicIp is set to true. This is the connection + endpoint for an end-user application. + type: string queryInsightsConfig: description: |- Configuration for query insights. diff --git a/package/crds/apigee.gcp.upbound.io_environments.yaml b/package/crds/apigee.gcp.upbound.io_environments.yaml index 8f215997c..ce1ea3f80 100644 --- a/package/crds/apigee.gcp.upbound.io_environments.yaml +++ b/package/crds/apigee.gcp.upbound.io_environments.yaml @@ -646,6 +646,12 @@ spec: displayName: description: Display name of the environment. type: string + forwardProxyUri: + description: Optional. URI of the forward proxy to be applied + to the runtime instances in this environment. Must be in the + format of {scheme}://{hostname}:{port}. Note that the scheme + must be one of "http" or "https", and the port must be supplied. + type: string nodeConfig: description: |- NodeConfig for setting the min/max number of nodes associated with the environment. @@ -790,6 +796,12 @@ spec: displayName: description: Display name of the environment. type: string + forwardProxyUri: + description: Optional. URI of the forward proxy to be applied + to the runtime instances in this environment. Must be in the + format of {scheme}://{hostname}:{port}. Note that the scheme + must be one of "http" or "https", and the port must be supplied. + type: string nodeConfig: description: |- NodeConfig for setting the min/max number of nodes associated with the environment. @@ -1012,6 +1024,12 @@ spec: displayName: description: Display name of the environment. type: string + forwardProxyUri: + description: Optional. URI of the forward proxy to be applied + to the runtime instances in this environment. Must be in the + format of {scheme}://{hostname}:{port}. Note that the scheme + must be one of "http" or "https", and the port must be supplied. + type: string id: description: an identifier for the resource with format {{org_id}}/environments/{{name}} type: string diff --git a/package/crds/apigee.gcp.upbound.io_organizations.yaml b/package/crds/apigee.gcp.upbound.io_organizations.yaml index 59cb0040b..ba844c690 100644 --- a/package/crds/apigee.gcp.upbound.io_organizations.yaml +++ b/package/crds/apigee.gcp.upbound.io_organizations.yaml @@ -924,6 +924,16 @@ spec: description: Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. type: string + apiConsumerDataEncryptionKeyName: + description: Cloud KMS key name used for encrypting API consumer + data. + type: string + apiConsumerDataLocation: + description: |- + This field is needed only for customers using non-default data residency regions. + Apigee stores some control plane data only in single region. + This field determines which single region Apigee should use. + type: string authorizedNetwork: description: |- Compute Engine network used for Service Networking to be peered with Apigee runtime instances. @@ -1008,6 +1018,11 @@ spec: description: Billing type of the Apigee organization. See Apigee pricing. type: string + controlPlaneEncryptionKeyName: + description: |- + Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + Only used for the data residency region "US" or "EU". + type: string description: description: Description of the Apigee organization. type: string @@ -1159,6 +1174,16 @@ spec: description: Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. type: string + apiConsumerDataEncryptionKeyName: + description: Cloud KMS key name used for encrypting API consumer + data. + type: string + apiConsumerDataLocation: + description: |- + This field is needed only for customers using non-default data residency regions. + Apigee stores some control plane data only in single region. + This field determines which single region Apigee should use. + type: string authorizedNetwork: description: |- Compute Engine network used for Service Networking to be peered with Apigee runtime instances. @@ -1243,6 +1268,11 @@ spec: description: Billing type of the Apigee organization. See Apigee pricing. type: string + controlPlaneEncryptionKeyName: + description: |- + Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + Only used for the data residency region "US" or "EU". + type: string description: description: Description of the Apigee organization. type: string @@ -1558,6 +1588,16 @@ spec: description: Primary GCP region for analytics data storage. For valid values, see Create an Apigee organization. type: string + apiConsumerDataEncryptionKeyName: + description: Cloud KMS key name used for encrypting API consumer + data. + type: string + apiConsumerDataLocation: + description: |- + This field is needed only for customers using non-default data residency regions. + Apigee stores some control plane data only in single region. + This field determines which single region Apigee should use. + type: string apigeeProjectId: description: Output only. Project ID of the Apigee Tenant Project. type: string @@ -1576,6 +1616,11 @@ spec: Output only. Base64-encoded public certificate for the root CA of the Apigee organization. Valid only when RuntimeType is CLOUD. A base64-encoded string. type: string + controlPlaneEncryptionKeyName: + description: |- + Cloud KMS key name used for encrypting control plane data that is stored in a multi region. + Only used for the data residency region "US" or "EU". + type: string description: description: Description of the Apigee organization. type: string diff --git a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml index 0f592a78c..27f5e2768 100644 --- a/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml +++ b/package/crds/artifact.gcp.upbound.io_registryrepositories.yaml @@ -1870,11 +1870,25 @@ spec: description: description: The description of the remote source. type: string + disableUpstreamValidation: + description: |- + If true, the remote repository upstream and upstream credentials will + not be validated. + type: boolean dockerRepository: description: |- Specific settings for a Docker remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -1886,6 +1900,15 @@ spec: Specific settings for a Maven remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -1897,6 +1920,15 @@ spec: Specific settings for an Npm remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -1908,6 +1940,15 @@ spec: Specific settings for a Python remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2325,11 +2366,25 @@ spec: description: description: The description of the remote source. type: string + disableUpstreamValidation: + description: |- + If true, the remote repository upstream and upstream credentials will + not be validated. + type: boolean dockerRepository: description: |- Specific settings for a Docker remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2341,6 +2396,15 @@ spec: Specific settings for a Maven remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2352,6 +2416,15 @@ spec: Specific settings for an Npm remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2363,6 +2436,15 @@ spec: Specific settings for a Python remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2965,11 +3047,25 @@ spec: description: description: The description of the remote source. type: string + disableUpstreamValidation: + description: |- + If true, the remote repository upstream and upstream credentials will + not be validated. + type: boolean dockerRepository: description: |- Specific settings for a Docker remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2981,6 +3077,15 @@ spec: Specific settings for a Maven remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -2992,6 +3097,15 @@ spec: Specific settings for an Npm remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. @@ -3003,6 +3117,15 @@ spec: Specific settings for a Python remote repository. Structure is documented below. properties: + customRepository: + description: |- + Settings for a remote repository with a custom uri. + Structure is documented below. + properties: + uri: + description: Specific uri to the registry, e.g. "https://registry-1.docker.io" + type: string + type: object publicRepository: description: |- One of the publicly available Yum repositories supported by Artifact Registry. diff --git a/package/crds/bigquery.gcp.upbound.io_datasets.yaml b/package/crds/bigquery.gcp.upbound.io_datasets.yaml index 3b911b0ac..e35a61132 100644 --- a/package/crds/bigquery.gcp.upbound.io_datasets.yaml +++ b/package/crds/bigquery.gcp.upbound.io_datasets.yaml @@ -2539,6 +2539,20 @@ spec: description: description: A user-friendly description of the dataset type: string + externalDatasetReference: + description: |- + Information about the external metadata storage where the dataset is defined. + Structure is documented below. + properties: + connection: + description: |- + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + type: string + externalSource: + description: External source that backs this dataset. + type: string + type: object friendlyName: description: A descriptive name for the dataset type: string @@ -3198,6 +3212,20 @@ spec: description: description: A user-friendly description of the dataset type: string + externalDatasetReference: + description: |- + Information about the external metadata storage where the dataset is defined. + Structure is documented below. + properties: + connection: + description: |- + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + type: string + externalSource: + description: External source that backs this dataset. + type: string + type: object friendlyName: description: A descriptive name for the dataset type: string @@ -3571,6 +3599,20 @@ spec: etag: description: A hash of the resource. type: string + externalDatasetReference: + description: |- + Information about the external metadata storage where the dataset is defined. + Structure is documented below. + properties: + connection: + description: |- + The connection id that is used to access the externalSource. + Format: projects/{projectId}/locations/{locationId}/connections/{connectionId} + type: string + externalSource: + description: External source that backs this dataset. + type: string + type: object friendlyName: description: A descriptive name for the dataset type: string diff --git a/package/crds/bigquery.gcp.upbound.io_routines.yaml b/package/crds/bigquery.gcp.upbound.io_routines.yaml index ebc9a09bf..61479b3ae 100644 --- a/package/crds/bigquery.gcp.upbound.io_routines.yaml +++ b/package/crds/bigquery.gcp.upbound.io_routines.yaml @@ -1389,6 +1389,11 @@ spec: type: string type: object type: array + dataGovernanceType: + description: |- + If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + Possible values are: DATA_MASKING. + type: string datasetId: description: The ID of the dataset containing this routine type: string @@ -1818,6 +1823,11 @@ spec: type: string type: object type: array + dataGovernanceType: + description: |- + If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + Possible values are: DATA_MASKING. + type: string definitionBody: description: |- The body of the routine. For functions, this is the expression in the AS clause. @@ -2343,6 +2353,11 @@ spec: The time when this routine was created, in milliseconds since the epoch. type: number + dataGovernanceType: + description: |- + If set to DATA_MASKING, the function is validated and made available as a masking function. For more information, see https://cloud.google.com/bigquery/docs/user-defined-functions#custom-mask + Possible values are: DATA_MASKING. + type: string datasetId: description: The ID of the dataset containing this routine type: string diff --git a/package/crds/bigquery.gcp.upbound.io_tables.yaml b/package/crds/bigquery.gcp.upbound.io_tables.yaml index 32dc3e70f..6dfe682e6 100644 --- a/package/crds/bigquery.gcp.upbound.io_tables.yaml +++ b/package/crds/bigquery.gcp.upbound.io_tables.yaml @@ -2243,6 +2243,12 @@ spec: many bad records, an invalid error is returned in the job result. The default value is false. type: boolean + jsonExtension: + description: 'Used to indicate that a JSON variant, rather + than normal JSON, is being used as the sourceFormat. This + should only be used in combination with the JSON source + format. Valid values are: GEOJSON.' + type: string jsonOptions: description: |- Additional properties to set if @@ -2717,6 +2723,12 @@ spec: many bad records, an invalid error is returned in the job result. The default value is false. type: boolean + jsonExtension: + description: 'Used to indicate that a JSON variant, rather + than normal JSON, is being used as the sourceFormat. This + should only be used in combination with the JSON source + format. Valid values are: GEOJSON.' + type: string jsonOptions: description: |- Additional properties to set if @@ -3360,6 +3372,12 @@ spec: many bad records, an invalid error is returned in the job result. The default value is false. type: boolean + jsonExtension: + description: 'Used to indicate that a JSON variant, rather + than normal JSON, is being used as the sourceFormat. This + should only be used in combination with the JSON source + format. Valid values are: GEOJSON.' + type: string jsonOptions: description: |- Additional properties to set if diff --git a/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml b/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml index a69646862..165eccca6 100644 --- a/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml +++ b/package/crds/certificatemanager.gcp.upbound.io_dnsauthorizations.yaml @@ -100,6 +100,16 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + type: + description: |- + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + FIXED_RECORD DNS authorization uses DNS-01 validation method + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + type: string type: object initProvider: description: |- @@ -137,6 +147,16 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + type: + description: |- + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + FIXED_RECORD DNS authorization uses DNS-01 validation method + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + type: string type: object managementPolicies: default: @@ -384,6 +404,16 @@ spec: and default labels configured on the provider. type: object x-kubernetes-map-type: granular + type: + description: |- + type of DNS authorization. If unset during the resource creation, FIXED_RECORD will + be used for global resources, and PER_PROJECT_RECORD will be used for other locations. + FIXED_RECORD DNS authorization uses DNS-01 validation method + PER_PROJECT_RECORD DNS authorization allows for independent management + of Google-managed certificates with DNS authorization across multiple + projects. + Possible values are: FIXED_RECORD, PER_PROJECT_RECORD. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml b/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml index 7d069b51c..6ec774ba1 100644 --- a/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml +++ b/package/crds/cloudfunctions.gcp.upbound.io_functions.yaml @@ -1443,16 +1443,17 @@ spec: type: string dockerRegistry: description: Docker Registry to use for storing the function's - Docker images. Allowed values are CONTAINER_REGISTRY (default) - and ARTIFACT_REGISTRY. + Docker images. Allowed values are ARTIFACT_REGISTRY (default) + and CONTAINER_REGISTRY. type: string dockerRepository: - description: User managed repository created in Artifact Registry - optionally with a customer managed encryption key. If specified, - deployments will use Artifact Registry. This is the repository - to which the function docker image will be pushed after it is - built by Cloud Build. If unspecified, Container Registry will - be used by default, unless specified otherwise by other means. + description: User-managed repository created in Artifact Registry + to which the function's Docker image will be pushed after it + is built by Cloud Build. May optionally be encrypted with a + customer-managed encryption key (CMEK). If unspecified and docker_registry + is not explicitly set to CONTAINER_REGISTRY, GCF will create + and use a default Artifact Registry repository named 'gcf-artifacts' + in the region. type: string entryPoint: description: Name of the function that will be executed when the @@ -1843,16 +1844,17 @@ spec: type: string dockerRegistry: description: Docker Registry to use for storing the function's - Docker images. Allowed values are CONTAINER_REGISTRY (default) - and ARTIFACT_REGISTRY. + Docker images. Allowed values are ARTIFACT_REGISTRY (default) + and CONTAINER_REGISTRY. type: string dockerRepository: - description: User managed repository created in Artifact Registry - optionally with a customer managed encryption key. If specified, - deployments will use Artifact Registry. This is the repository - to which the function docker image will be pushed after it is - built by Cloud Build. If unspecified, Container Registry will - be used by default, unless specified otherwise by other means. + description: User-managed repository created in Artifact Registry + to which the function's Docker image will be pushed after it + is built by Cloud Build. May optionally be encrypted with a + customer-managed encryption key (CMEK). If unspecified and docker_registry + is not explicitly set to CONTAINER_REGISTRY, GCF will create + and use a default Artifact Registry repository named 'gcf-artifacts' + in the region. type: string entryPoint: description: Name of the function that will be executed when the @@ -2401,16 +2403,17 @@ spec: type: string dockerRegistry: description: Docker Registry to use for storing the function's - Docker images. Allowed values are CONTAINER_REGISTRY (default) - and ARTIFACT_REGISTRY. + Docker images. Allowed values are ARTIFACT_REGISTRY (default) + and CONTAINER_REGISTRY. type: string dockerRepository: - description: User managed repository created in Artifact Registry - optionally with a customer managed encryption key. If specified, - deployments will use Artifact Registry. This is the repository - to which the function docker image will be pushed after it is - built by Cloud Build. If unspecified, Container Registry will - be used by default, unless specified otherwise by other means. + description: User-managed repository created in Artifact Registry + to which the function's Docker image will be pushed after it + is built by Cloud Build. May optionally be encrypted with a + customer-managed encryption key (CMEK). If unspecified and docker_registry + is not explicitly set to CONTAINER_REGISTRY, GCF will create + and use a default Artifact Registry repository named 'gcf-artifacts' + in the region. type: string effectiveLabels: additionalProperties: diff --git a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml index 34245969d..f640acb08 100644 --- a/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml +++ b/package/crds/cloudfunctions2.gcp.upbound.io_functions.yaml @@ -3072,6 +3072,86 @@ spec: The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. type: string + serviceAccount: + description: The fully-qualified name of the service account + to be used for building the container. + type: string + serviceAccountRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccount. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccount. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object source: description: |- The location of the function source code. @@ -4170,6 +4250,86 @@ spec: The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. type: string + serviceAccount: + description: The fully-qualified name of the service account + to be used for building the container. + type: string + serviceAccountRef: + description: Reference to a ServiceAccount in cloudplatform + to populate serviceAccount. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + serviceAccountSelector: + description: Selector for a ServiceAccount in cloudplatform + to populate serviceAccount. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object source: description: |- The location of the function source code. @@ -5352,6 +5512,10 @@ spec: The runtime in which to run the function. Required when deploying a new function, optional when updating an existing function. type: string + serviceAccount: + description: The fully-qualified name of the service account + to be used for building the container. + type: string source: description: |- The location of the function source code. diff --git a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml index fb9b50e81..6062865c2 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2jobs.yaml @@ -2568,8 +2568,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager @@ -3130,8 +3130,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager @@ -3906,8 +3906,8 @@ spec: the Volume's default mode will be used. type: number path: - description: The relative path of the - secret in the container. + description: Path that is exported by + the NFS server. type: string version: description: The Cloud Secret Manager diff --git a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml index 59029e71b..77783840f 100644 --- a/package/crds/cloudrun.gcp.upbound.io_v2services.yaml +++ b/package/crds/cloudrun.gcp.upbound.io_v2services.yaml @@ -3502,18 +3502,16 @@ spec: List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on Structure is documented below. - items: - properties: - containerPort: - description: Port number the container listens - on. This must be a valid TCP port number, 0 - < containerPort < 65536. - type: number - name: - description: Volume's name. - type: string - type: object - type: array + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < containerPort + < 65536. + type: number + name: + description: Volume's name. + type: string + type: object resources: description: |- Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -3744,7 +3742,7 @@ spec: type: object gcs: description: |- - Represents a GCS Bucket mounted as a volume. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. Structure is documented below. properties: bucket: @@ -4395,18 +4393,16 @@ spec: List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on Structure is documented below. - items: - properties: - containerPort: - description: Port number the container listens - on. This must be a valid TCP port number, 0 - < containerPort < 65536. - type: number - name: - description: Volume's name. - type: string - type: object - type: array + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < containerPort + < 65536. + type: number + name: + description: Volume's name. + type: string + type: object resources: description: |- Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -4637,7 +4633,7 @@ spec: type: object gcs: description: |- - Represents a GCS Bucket mounted as a volume. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. Structure is documented below. properties: bucket: @@ -5489,18 +5485,16 @@ spec: List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on Structure is documented below. - items: - properties: - containerPort: - description: Port number the container listens - on. This must be a valid TCP port number, 0 - < containerPort < 65536. - type: number - name: - description: Volume's name. - type: string - type: object - type: array + properties: + containerPort: + description: Port number the container listens on. + This must be a valid TCP port number, 0 < containerPort + < 65536. + type: number + name: + description: Volume's name. + type: string + type: object resources: description: |- Compute Resource requirements by this container. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -5731,7 +5725,7 @@ spec: type: object gcs: description: |- - Represents a GCS Bucket mounted as a volume. + Cloud Storage bucket mounted as a volume using GCSFuse. This feature is only supported in the gen2 execution environment and requires launch-stage to be set to ALPHA or BETA. Structure is documented below. properties: bucket: diff --git a/package/crds/composer.gcp.upbound.io_environments.yaml b/package/crds/composer.gcp.upbound.io_environments.yaml index ab75d37a5..ee19ebcbb 100644 --- a/package/crds/composer.gcp.upbound.io_environments.yaml +++ b/package/crds/composer.gcp.upbound.io_environments.yaml @@ -3247,6 +3247,9 @@ spec: type: object x-kubernetes-map-type: granular imageVersion: + description: In Composer 1, use a specific Composer 1 + version in this parameter. If omitted, the default is + the latest version of Composer 2. type: string pypiPackages: additionalProperties: @@ -3323,8 +3326,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object triggerer: @@ -3356,8 +3359,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object worker: @@ -3384,8 +3387,8 @@ spec: environment does not go above this number, even if a lower number of workers can handle the load. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object type: object @@ -4080,6 +4083,9 @@ spec: type: object x-kubernetes-map-type: granular imageVersion: + description: In Composer 1, use a specific Composer 1 + version in this parameter. If omitted, the default is + the latest version of Composer 2. type: string pypiPackages: additionalProperties: @@ -4156,8 +4162,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object triggerer: @@ -4189,8 +4195,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object worker: @@ -4217,8 +4223,8 @@ spec: environment does not go above this number, even if a lower number of workers can handle the load. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object type: object @@ -4856,6 +4862,9 @@ spec: type: object x-kubernetes-map-type: granular imageVersion: + description: In Composer 1, use a specific Composer 1 + version in this parameter. If omitted, the default is + the latest version of Composer 2. type: string pypiPackages: additionalProperties: @@ -4932,8 +4941,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object triggerer: @@ -4965,8 +4974,8 @@ spec: Airflow worker. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object worker: @@ -4993,8 +5002,8 @@ spec: environment does not go above this number, even if a lower number of workers can handle the load. type: number storageGb: - description: The amount of storage (GB) for the Airflow - web server. + description: The amount of storage (GB) for a single + Airflow worker. type: number type: object type: object diff --git a/package/crds/compute.gcp.upbound.io_disks.yaml b/package/crds/compute.gcp.upbound.io_disks.yaml index 7d847f109..ad310967f 100644 --- a/package/crds/compute.gcp.upbound.io_disks.yaml +++ b/package/crds/compute.gcp.upbound.io_disks.yaml @@ -1428,7 +1428,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -1751,7 +1751,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array @@ -2132,7 +2132,7 @@ spec: type: description: |- The type of supported feature. Read Enabling guest operating system features to see a list of available options. - Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE. + Possible values are: MULTI_IP_SUBNET, SECURE_BOOT, SEV_CAPABLE, UEFI_COMPATIBLE, VIRTIO_SCSI_MULTIQUEUE, WINDOWS, GVNIC, SEV_LIVE_MIGRATABLE, SEV_SNP_CAPABLE, SUSPEND_RESUME_COMPATIBLE, TDX_CAPABLE, SEV_LIVE_MIGRATABLE_V2. type: string type: object type: array diff --git a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml index bde3326c8..825678940 100644 --- a/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_instancegroupmanagers.yaml @@ -1949,8 +1949,14 @@ spec: type: string instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -2148,7 +2154,7 @@ spec: updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the - official documentation and API + official documentation and API. properties: maxSurgeFixed: description: ', The maximum number of instances that can be @@ -2481,8 +2487,14 @@ spec: type: string instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -2680,7 +2692,7 @@ spec: updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the - official documentation and API + official documentation and API. properties: maxSurgeFixed: description: ', The maximum number of instances that can be @@ -3093,6 +3105,7 @@ spec: name. type: string creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string description: description: |- @@ -3111,8 +3124,14 @@ spec: type: string instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -3223,13 +3242,18 @@ spec: items: properties: allInstancesConfig: - description: |- - Properties to set on all instances in the group. After setting - allInstancesConfig on the group, you must update the group's instances to - apply the configuration. + description: Status of all-instances configuration on the + group. items: properties: + currentRevision: + description: Current all-instances configuration revision. + This value is in RFC3339 text format. + type: string effective: + description: A bit indicating whether this configuration + has been applied to all managed instances in the + group. type: boolean type: object type: array @@ -3259,7 +3283,7 @@ spec: type: boolean perInstanceConfigs: description: Status of per-instance configs on the - instance. + instances. items: properties: allEffective: @@ -3303,7 +3327,7 @@ spec: updatePolicy: description: The update policy for this managed instance group. Structure is documented below. For more information, see the - official documentation and API + official documentation and API. properties: maxSurgeFixed: description: ', The maximum number of instances that can be diff --git a/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml b/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml index 84ab0fcc5..d1d4562e7 100644 --- a/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml +++ b/package/crds/compute.gcp.upbound.io_interconnectattachments.yaml @@ -658,6 +658,11 @@ spec: IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment. type: string + cloudRouterIpv6Address: + description: |- + IPv6 address + prefix length to be configured on Cloud Router + Interface for this interconnect attachment. + type: string creationTimestamp: description: Creation timestamp in RFC3339 text format. type: string @@ -666,6 +671,11 @@ spec: IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment. type: string + customerRouterIpv6Address: + description: |- + IPv6 address + prefix length to be configured on the customer + router subinterface for this interconnect attachment. + type: string description: description: An optional description of this resource. type: string diff --git a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml index 228b48a7a..465eab229 100644 --- a/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml +++ b/package/crds/compute.gcp.upbound.io_regionautoscalers.yaml @@ -1145,10 +1145,57 @@ spec: Structure is documented below. items: properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + If not specified, the type defaults to gce_instance. + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string name: description: The identifier for this object. Format specified above. type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + For example, a good metric to use with the target is + pubsub.googleapis.com/subscription/num_undelivered_messages + or a custom metric exporting the total number of requests coming to + your instances. + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number target: description: URL of the managed instance group that this autoscaler will scale. @@ -1408,10 +1455,57 @@ spec: Structure is documented below. items: properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + If not specified, the type defaults to gce_instance. + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string name: description: The identifier for this object. Format specified above. type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + For example, a good metric to use with the target is + pubsub.googleapis.com/subscription/num_undelivered_messages + or a custom metric exporting the total number of requests coming to + your instances. + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number target: description: URL of the managed instance group that this autoscaler will scale. @@ -1830,10 +1924,57 @@ spec: Structure is documented below. items: properties: + filter: + description: |- + A filter string to be used as the filter string for + a Stackdriver Monitoring TimeSeries.list API call. + This filter is used to select a specific TimeSeries for + the purpose of autoscaling and to determine whether the metric + is exporting per-instance or per-group data. + You can only use the AND operator for joining selectors. + You can only use direct equality comparison operator (=) without + any functions for each selector. + You can specify the metric in both the filter string and in the + metric field. However, if specified in both places, the metric must + be identical. + The monitored resource type determines what kind of values are + expected for the metric. If it is a gce_instance, the autoscaler + expects the metric to include a separate TimeSeries for each + instance in a group. In such a case, you cannot filter on resource + labels. + If the resource type is any other value, the autoscaler expects + this metric to contain values that apply to the entire autoscaled + instance group and resource label filtering can be performed to + point autoscaler at the correct TimeSeries to scale upon. + This is called a per-group metric for the purpose of autoscaling. + If not specified, the type defaults to gce_instance. + You should provide a filter that is selective enough to pick just + one TimeSeries for the autoscaled group or for each of the instances + (if you are using gce_instance resource type). If multiple + TimeSeries are returned upon the query execution, the autoscaler + will sum their respective values to obtain its scaling value. + type: string name: description: The identifier for this object. Format specified above. type: string + singleInstanceAssignment: + description: |- + If scaling is based on a per-group metric value that represents the + total amount of work to be done or resource usage, set this value to + an amount assigned for a single instance of the scaled group. + The autoscaler will keep the number of instances proportional to the + value of this metric, the metric itself should not change value due + to group resizing. + For example, a good metric to use with the target is + pubsub.googleapis.com/subscription/num_undelivered_messages + or a custom metric exporting the total number of requests coming to + your instances. + A bad example would be a metric exporting an average or median + latency, since this value can't include a chunk assignable to a + single instance, it could be better used with utilization_target + instead. + type: number target: description: URL of the managed instance group that this autoscaler will scale. diff --git a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml index 21fa63f41..be70e8deb 100644 --- a/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml +++ b/package/crds/compute.gcp.upbound.io_regionbackendservices.yaml @@ -4581,6 +4581,10 @@ spec: Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. type: string + generatedId: + description: The unique identifier for the resource. This identifier + is defined by the server. + type: number healthChecks: description: |- The set of URLs to HealthCheck resources for health checking diff --git a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml index 93fc85daf..2469ff6ea 100644 --- a/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml +++ b/package/crds/compute.gcp.upbound.io_regioninstancegroupmanagers.yaml @@ -2077,8 +2077,14 @@ spec: x-kubernetes-list-type: set instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -2642,8 +2648,14 @@ spec: x-kubernetes-list-type: set instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -3289,6 +3301,7 @@ spec: name. type: string creationTimestamp: + description: Creation timestamp in RFC3339 text format. type: string description: description: |- @@ -3320,8 +3333,14 @@ spec: type: string instanceLifecyclePolicy: properties: + defaultActionOnFailure: + description: ', Default behavior for all instance or health + check failures. Valid options are: REPAIR, DO_NOTHING. If + DO_NOTHING then instances will not be repaired. If REPAIR + (default), then failed instances will be repaired.' + type: string forceUpdateOnRepair: - description: '), Specifies whether to apply the group''s latest + description: ', Specifies whether to apply the group''s latest configuration when repairing a VM. Valid options are: YES, NO. If YES and you updated the group''s instance template or per-instance configurations after the VM was created, @@ -3443,13 +3462,18 @@ spec: items: properties: allInstancesConfig: - description: |- - Properties to set on all instances in the group. After setting - allInstancesConfig on the group, you must update the group's instances to - apply the configuration. + description: Status of all-instances configuration on the + group. items: properties: + currentRevision: + description: Current all-instances configuration revision. + This value is in RFC3339 text format. + type: string effective: + description: A bit indicating whether this configuration + has been applied to all managed instances in the + group. type: boolean type: object type: array @@ -3479,7 +3503,7 @@ spec: type: boolean perInstanceConfigs: description: Status of per-instance configs on the - instance. + instances. items: properties: allEffective: diff --git a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml index 7bcd6f961..e8c99df58 100644 --- a/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml +++ b/package/crds/compute.gcp.upbound.io_regiontargethttpsproxies.yaml @@ -96,6 +96,18 @@ spec: The Region in which the created target https proxy should reside. If it is not provided, the provider region is used. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. @@ -303,6 +315,18 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. @@ -685,6 +709,18 @@ spec: selfLink: description: The URI of the created resource. type: string + serverTlsPolicy: + description: |- + A URL referring to a networksecurity.ServerTlsPolicy + resource that describes how the proxy should authenticate inbound + traffic. serverTlsPolicy only applies to a global TargetHttpsProxy + attached to globalForwardingRules with the loadBalancingScheme + set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. + For details which ServerTlsPolicy resources are accepted with + INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED + loadBalancingScheme consult ServerTlsPolicy documentation. + If left blank, communications are not encrypted. + type: string sslCertificates: description: |- URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. diff --git a/package/crds/compute.gcp.upbound.io_regionurlmaps.yaml b/package/crds/compute.gcp.upbound.io_regionurlmaps.yaml index 3a2ab0f11..6e5007ef3 100644 --- a/package/crds/compute.gcp.upbound.io_regionurlmaps.yaml +++ b/package/crds/compute.gcp.upbound.io_regionurlmaps.yaml @@ -8132,6 +8132,17 @@ spec: type: string type: object type: array + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string prefixMatch: description: |- For satisfying the matchRule condition, the request's path must begin with the @@ -8410,6 +8421,20 @@ spec: portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string type: object weightedBackendServices: description: |- @@ -10340,6 +10365,17 @@ spec: type: string type: object type: array + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string prefixMatch: description: |- For satisfying the matchRule condition, the request's path must begin with the @@ -10618,6 +10654,20 @@ spec: portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string type: object weightedBackendServices: description: |- @@ -12181,6 +12231,17 @@ spec: type: string type: object type: array + pathTemplateMatch: + description: |- + For satisfying the matchRule condition, the path of the request + must match the wildcard pattern specified in pathTemplateMatch + after removing any query parameters and anchor that may be part + of the original URL. + pathTemplateMatch must be between 1 and 255 characters + (inclusive). The pattern specified by pathTemplateMatch may + have at most 5 wildcard operators and at most 5 variable + captures in total. + type: string prefixMatch: description: |- For satisfying the matchRule condition, the request's path must begin with the @@ -12459,6 +12520,20 @@ spec: portion of the request's path is replaced by pathPrefixRewrite. The value must be between 1 and 1024 characters. type: string + pathTemplateRewrite: + description: |- + Prior to forwarding the request to the selected origin, if the + request matched a pathTemplateMatch, the matching portion of the + request's path is replaced re-written using the pattern specified + by pathTemplateRewrite. + pathTemplateRewrite must be between 1 and 255 characters + (inclusive), must start with a '/', and must only use variables + captured by the route's pathTemplate matchers. + pathTemplateRewrite may only be used when all of a route's + MatchRules specify pathTemplate. + Only one of pathPrefixRewrite and pathTemplateRewrite may be + specified. + type: string type: object weightedBackendServices: description: |- diff --git a/package/crds/compute.gcp.upbound.io_routernats.yaml b/package/crds/compute.gcp.upbound.io_routernats.yaml index 10945566f..f8a19bd6b 100644 --- a/package/crds/compute.gcp.upbound.io_routernats.yaml +++ b/package/crds/compute.gcp.upbound.io_routernats.yaml @@ -1220,6 +1220,15 @@ spec: Enable endpoint independent mapping. For more information see the official documentation. type: boolean + endpointTypes: + description: |- + Specifies the endpoint Types supported by the NAT Gateway. + Supported values include: + ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + ENDPOINT_TYPE_MANAGED_PROXY_LB. + items: + type: string + type: array icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. @@ -1579,6 +1588,15 @@ spec: Enable endpoint independent mapping. For more information see the official documentation. type: boolean + endpointTypes: + description: |- + Specifies the endpoint Types supported by the NAT Gateway. + Supported values include: + ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + ENDPOINT_TYPE_MANAGED_PROXY_LB. + items: + type: string + type: array icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. @@ -2020,6 +2038,15 @@ spec: Enable endpoint independent mapping. For more information see the official documentation. type: boolean + endpointTypes: + description: |- + Specifies the endpoint Types supported by the NAT Gateway. + Supported values include: + ENDPOINT_TYPE_VM, ENDPOINT_TYPE_SWG, + ENDPOINT_TYPE_MANAGED_PROXY_LB. + items: + type: string + type: array icmpIdleTimeoutSec: description: Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. diff --git a/package/crds/compute.gcp.upbound.io_routerpeers.yaml b/package/crds/compute.gcp.upbound.io_routerpeers.yaml index a101dea16..df29b7cce 100644 --- a/package/crds/compute.gcp.upbound.io_routerpeers.yaml +++ b/package/crds/compute.gcp.upbound.io_routerpeers.yaml @@ -1730,10 +1730,14 @@ spec: assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string md5AuthenticationKey: + description: |- + Configuration for MD5 authentication on the BGP session. + Structure is documented below. properties: keySecretRef: - description: A SecretKeySelector is a reference to a secret - key in an arbitrary namespace. + description: The MD5 authentication key for this BGP peer. + Maximum length is 80 characters. Can only contain printable + ASCII characters properties: key: description: The key to select. @@ -1750,13 +1754,8 @@ spec: - namespace type: object name: - description: |- - Name of this BGP peer. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + description: Name used to identify the key. Must be unique + within a router. Must comply with RFC1035. type: string type: object peerAsn: @@ -2288,10 +2287,14 @@ spec: assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you. type: string md5AuthenticationKey: + description: |- + Configuration for MD5 authentication on the BGP session. + Structure is documented below. properties: keySecretRef: - description: A SecretKeySelector is a reference to a secret - key in an arbitrary namespace. + description: The MD5 authentication key for this BGP peer. + Maximum length is 80 characters. Can only contain printable + ASCII characters properties: key: description: The key to select. @@ -2308,13 +2311,8 @@ spec: - namespace type: object name: - description: |- - Name of this BGP peer. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + description: Name used to identify the key. Must be unique + within a router. Must comply with RFC1035. type: string required: - keySecretRef @@ -2865,15 +2863,13 @@ spec: peer. type: string md5AuthenticationKey: + description: |- + Configuration for MD5 authentication on the BGP session. + Structure is documented below. properties: name: - description: |- - Name of this BGP peer. The name must be 1-63 characters long, - and comply with RFC1035. Specifically, the name must be 1-63 characters - long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which - means the first character must be a lowercase letter, and all - following characters must be a dash, lowercase letter, or digit, - except the last character, which cannot be a dash. + description: Name used to identify the key. Must be unique + within a router. Must comply with RFC1035. type: string type: object peerAsn: diff --git a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml index d7ddee902..fbd99f1f8 100644 --- a/package/crds/compute.gcp.upbound.io_serviceattachments.yaml +++ b/package/crds/compute.gcp.upbound.io_serviceattachments.yaml @@ -90,9 +90,91 @@ spec: The number of consumer forwarding rules the consumer project can create. type: number + networkUrl: + description: |- + The network that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. + type: string + networkUrlRef: + description: Reference to a Network in compute to populate + networkUrl. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + networkUrlSelector: + description: Selector for a Network in compute to populate + networkUrl. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object projectIdOrNum: - description: A project that is allowed to connect to this - service attachment. + description: |- + A project that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. type: string type: object type: array @@ -333,9 +415,91 @@ spec: The number of consumer forwarding rules the consumer project can create. type: number + networkUrl: + description: |- + The network that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. + type: string + networkUrlRef: + description: Reference to a Network in compute to populate + networkUrl. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + networkUrlSelector: + description: Selector for a Network in compute to populate + networkUrl. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object projectIdOrNum: - description: A project that is allowed to connect to this - service attachment. + description: |- + A project that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. type: string type: object type: array @@ -759,9 +923,15 @@ spec: The number of consumer forwarding rules the consumer project can create. type: number + networkUrl: + description: |- + The network that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. + type: string projectIdOrNum: - description: A project that is allowed to connect to this - service attachment. + description: |- + A project that is allowed to connect to this service attachment. + Only one of project_id_or_num and network_url may be set. type: string type: object type: array diff --git a/package/crds/container.gcp.upbound.io_clusters.yaml b/package/crds/container.gcp.upbound.io_clusters.yaml index ea8bb7231..530f579f3 100644 --- a/package/crds/container.gcp.upbound.io_clusters.yaml +++ b/package/crds/container.gcp.upbound.io_clusters.yaml @@ -6536,6 +6536,16 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + statefulHaConfig: + description: |- + . + The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + It is disabled by default for Standard clusters. Set enabled = true to enable. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object type: object allowNetAdmin: description: |- @@ -6845,6 +6855,10 @@ spec: See the official documentation for available features. type: boolean + enableCiliumClusterwideNetworkPolicy: + description: Whether CiliumClusterWideNetworkPolicy is enabled + on this cluster. Defaults to false. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -7592,6 +7606,26 @@ spec: 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. type: object x-kubernetes-map-type: granular + secondaryBootDisks: + description: Parameters for secondary boot disks to preload + container images and data on new nodes. Structure is documented + below. gcfs_config must be enabled=true for this feature + to work. min_master_version must also be set to use GKE + 1.28.3-gke.106700 or later versions. + items: + properties: + diskImage: + description: Path to disk image to create the secondary + boot disk from. After using the gke-disk-image-builder, + this argument should be global/images/DISK_IMAGE_NAME. + type: string + mode: + description: |- + How to expose the node metadata to the workload running on the node. + Accepted values are: + type: string + type: object + type: array serviceAccount: description: |- The service account to be used by the Node VMs. @@ -7773,12 +7807,26 @@ spec: provisioned node pools. properties: tags: - description: List of network tags applied to auto-provisioned - node pools. + description: |- + The list of instance tags applied to all nodes. Tags are used to identify + valid sources or targets for network firewalls. items: type: string type: array type: object + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 tag + key-value pairs can be specified. Existing tags will be + replaced with new values. Tags must be in one of the following + formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular type: object nodePoolDefaults: description: Default NodePool settings for the entire cluster. @@ -8209,6 +8257,16 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + statefulHaConfig: + description: |- + . + The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + It is disabled by default for Standard clusters. Set enabled = true to enable. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object type: object allowNetAdmin: description: |- @@ -8518,6 +8576,10 @@ spec: See the official documentation for available features. type: boolean + enableCiliumClusterwideNetworkPolicy: + description: Whether CiliumClusterWideNetworkPolicy is enabled + on this cluster. Defaults to false. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -9256,6 +9318,26 @@ spec: 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. type: object x-kubernetes-map-type: granular + secondaryBootDisks: + description: Parameters for secondary boot disks to preload + container images and data on new nodes. Structure is documented + below. gcfs_config must be enabled=true for this feature + to work. min_master_version must also be set to use GKE + 1.28.3-gke.106700 or later versions. + items: + properties: + diskImage: + description: Path to disk image to create the secondary + boot disk from. After using the gke-disk-image-builder, + this argument should be global/images/DISK_IMAGE_NAME. + type: string + mode: + description: |- + How to expose the node metadata to the workload running on the node. + Accepted values are: + type: string + type: object + type: array serviceAccount: description: |- The service account to be used by the Node VMs. @@ -9437,12 +9519,26 @@ spec: provisioned node pools. properties: tags: - description: List of network tags applied to auto-provisioned - node pools. + description: |- + The list of instance tags applied to all nodes. Tags are used to identify + valid sources or targets for network firewalls. items: type: string type: array type: object + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 tag + key-value pairs can be specified. Existing tags will be + replaced with new values. Tags must be in one of the following + formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular type: object nodePoolDefaults: description: Default NodePool settings for the entire cluster. @@ -10030,6 +10126,16 @@ spec: cluster. It is disabled by default. Set disabled = false to enable. type: boolean type: object + statefulHaConfig: + description: |- + . + The status of the Stateful HA addon, which provides automatic configurable failover for stateful applications. + It is disabled by default for Standard clusters. Set enabled = true to enable. + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object type: object allowNetAdmin: description: |- @@ -10351,6 +10457,10 @@ spec: See the official documentation for available features. type: boolean + enableCiliumClusterwideNetworkPolicy: + description: Whether CiliumClusterWideNetworkPolicy is enabled + on this cluster. Defaults to false. + type: boolean enableIntranodeVisibility: description: Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for @@ -11089,6 +11199,26 @@ spec: 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. type: object x-kubernetes-map-type: granular + secondaryBootDisks: + description: Parameters for secondary boot disks to preload + container images and data on new nodes. Structure is documented + below. gcfs_config must be enabled=true for this feature + to work. min_master_version must also be set to use GKE + 1.28.3-gke.106700 or later versions. + items: + properties: + diskImage: + description: Path to disk image to create the secondary + boot disk from. After using the gke-disk-image-builder, + this argument should be global/images/DISK_IMAGE_NAME. + type: string + mode: + description: |- + How to expose the node metadata to the workload running on the node. + Accepted values are: + type: string + type: object + type: array serviceAccount: description: |- The service account to be used by the Node VMs. @@ -11611,6 +11741,27 @@ spec: {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. type: object x-kubernetes-map-type: granular + secondaryBootDisks: + description: Parameters for secondary boot disks to + preload container images and data on new nodes. Structure + is documented below. gcfs_config must be enabled=true + for this feature to work. min_master_version must + also be set to use GKE 1.28.3-gke.106700 or later + versions. + items: + properties: + diskImage: + description: Path to disk image to create the + secondary boot disk from. After using the gke-disk-image-builder, + this argument should be global/images/DISK_IMAGE_NAME. + type: string + mode: + description: |- + How to expose the node metadata to the workload running on the node. + Accepted values are: + type: string + type: object + type: array serviceAccount: description: |- The service account to be used by the Node VMs. @@ -11659,8 +11810,9 @@ spec: for more information. Defaults to false. type: boolean tags: - description: List of network tags applied to auto-provisioned - node pools. + description: |- + The list of instance tags applied to all nodes. Tags are used to identify + valid sources or targets for network firewalls. items: type: string type: array @@ -11721,6 +11873,12 @@ spec: to this instance. E.g. nvidia-tesla-k80. type: string type: object + queuedProvisioning: + properties: + enabled: + description: Enables vertical pod autoscaling + type: boolean + type: object upgradeSettings: description: Specifies the upgrade settings for NAP created node pools. Structure is documented below. @@ -11795,12 +11953,26 @@ spec: provisioned node pools. properties: tags: - description: List of network tags applied to auto-provisioned - node pools. + description: |- + The list of instance tags applied to all nodes. Tags are used to identify + valid sources or targets for network firewalls. items: type: string type: array type: object + resourceManagerTags: + additionalProperties: + type: string + description: A map of resource manager tag keys and values + to be attached to the nodes for managing Compute Engine + firewalls using Network Firewall Policies. Tags must be + according to specifications found here. A maximum of 5 tag + key-value pairs can be specified. Existing tags will be + replaced with new values. Tags must be in one of the following + formats ([KEY]=[VALUE]) 1. tagKeys/{tag_key_id}=tagValues/{tag_value_id} + 2. {org_id}/{tag_key_name}={tag_value_name} 3. {project_id}/{tag_key_name}={tag_value_name}. + type: object + x-kubernetes-map-type: granular type: object nodePoolDefaults: description: Default NodePool settings for the entire cluster. diff --git a/package/crds/container.gcp.upbound.io_nodepools.yaml b/package/crds/container.gcp.upbound.io_nodepools.yaml index c5325169c..44932e7b1 100644 --- a/package/crds/container.gcp.upbound.io_nodepools.yaml +++ b/package/crds/container.gcp.upbound.io_nodepools.yaml @@ -2434,6 +2434,15 @@ spec: type: string type: object x-kubernetes-map-type: granular + secondaryBootDisks: + items: + properties: + diskImage: + type: string + mode: + type: string + type: object + type: array serviceAccount: type: string serviceAccountRef: @@ -2600,6 +2609,16 @@ spec: The ID of the project in which to create the node pool. If blank, the provider-configured project will be used. type: string + queuedProvisioning: + description: |- + Specifies node pool-level settings of queued provisioning. + Structure is documented below. + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object upgradeSettings: description: |- Specify node upgrade settings to change how GKE upgrades nodes. @@ -2940,6 +2959,15 @@ spec: type: string type: object x-kubernetes-map-type: granular + secondaryBootDisks: + items: + properties: + diskImage: + type: string + mode: + type: string + type: object + type: array serviceAccount: type: string serviceAccountRef: @@ -3106,6 +3134,16 @@ spec: The ID of the project in which to create the node pool. If blank, the provider-configured project will be used. type: string + queuedProvisioning: + description: |- + Specifies node pool-level settings of queued provisioning. + Structure is documented below. + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object upgradeSettings: description: |- Specify node upgrade settings to change how GKE upgrades nodes. @@ -3640,6 +3678,15 @@ spec: type: string type: object x-kubernetes-map-type: granular + secondaryBootDisks: + items: + properties: + diskImage: + type: string + mode: + type: string + type: object + type: array serviceAccount: type: string shieldedInstanceConfig: @@ -3732,6 +3779,16 @@ spec: The ID of the project in which to create the node pool. If blank, the provider-configured project will be used. type: string + queuedProvisioning: + description: |- + Specifies node pool-level settings of queued provisioning. + Structure is documented below. + properties: + enabled: + description: Makes nodes obtainable through the ProvisioningRequest + API exclusively. + type: boolean + type: object upgradeSettings: description: |- Specify node upgrade settings to change how GKE upgrades nodes. diff --git a/package/crds/dataflow.gcp.upbound.io_jobs.yaml b/package/crds/dataflow.gcp.upbound.io_jobs.yaml index f18dcaa6e..ffd6e84f9 100644 --- a/package/crds/dataflow.gcp.upbound.io_jobs.yaml +++ b/package/crds/dataflow.gcp.upbound.io_jobs.yaml @@ -126,8 +126,10 @@ spec: parameters: additionalProperties: type: string - description: Key/Value pairs to be passed to the Dataflow job - (as used in the template). + description: |- + Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + case-sensitive based on the language on which the pipeline is coded, mostly Java. + Note: do not configure Dataflow options here in parameters. type: object project: description: The project in which the resource belongs. If it @@ -230,8 +232,10 @@ spec: parameters: additionalProperties: type: string - description: Key/Value pairs to be passed to the Dataflow job - (as used in the template). + description: |- + Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + case-sensitive based on the language on which the pipeline is coded, mostly Java. + Note: do not configure Dataflow options here in parameters. type: object project: description: The project in which the resource belongs. If it @@ -516,8 +520,10 @@ spec: parameters: additionalProperties: type: string - description: Key/Value pairs to be passed to the Dataflow job - (as used in the template). + description: |- + Template specific Key/Value pairs to be forwarded to the pipeline's options; keys are + case-sensitive based on the language on which the pipeline is coded, mostly Java. + Note: do not configure Dataflow options here in parameters. type: object project: description: The project in which the resource belongs. If it diff --git a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml index 8f6e434d8..7d86be1b6 100644 --- a/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml +++ b/package/crds/dataproc.gcp.upbound.io_metastoreservices.yaml @@ -1786,6 +1786,33 @@ spec: than 1.0. type: number type: object + scheduledBackup: + description: |- + The configuration of scheduled backup for the metastore service. + Structure is documented below. + properties: + backupLocation: + description: A Cloud Storage URI of a folder, in the format + gs:///. A sub-folder + containing backup files will be stored below it. + type: string + cronSchedule: + description: 'The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron + The default is empty: scheduled backup is not enabled. Must + be specified to enable scheduled backups.' + type: string + enabled: + description: Defines whether the scheduled backup is enabled. + The default value is false. + type: boolean + timeZone: + description: Specifies the time zone to be used when interpreting + cronSchedule. Must be a time zone name from the time zone + database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), + e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, + the default is UTC. + type: string + type: object telemetryConfig: description: |- The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. @@ -2163,6 +2190,33 @@ spec: than 1.0. type: number type: object + scheduledBackup: + description: |- + The configuration of scheduled backup for the metastore service. + Structure is documented below. + properties: + backupLocation: + description: A Cloud Storage URI of a folder, in the format + gs:///. A sub-folder + containing backup files will be stored below it. + type: string + cronSchedule: + description: 'The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron + The default is empty: scheduled backup is not enabled. Must + be specified to enable scheduled backups.' + type: string + enabled: + description: Defines whether the scheduled backup is enabled. + The default value is false. + type: boolean + timeZone: + description: Specifies the time zone to be used when interpreting + cronSchedule. Must be a time zone name from the time zone + database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), + e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, + the default is UTC. + type: string + type: object telemetryConfig: description: |- The configuration specifying telemetry settings for the Dataproc Metastore service. If unspecified defaults to JSON. @@ -2577,6 +2631,33 @@ spec: than 1.0. type: number type: object + scheduledBackup: + description: |- + The configuration of scheduled backup for the metastore service. + Structure is documented below. + properties: + backupLocation: + description: A Cloud Storage URI of a folder, in the format + gs:///. A sub-folder + containing backup files will be stored below it. + type: string + cronSchedule: + description: 'The scheduled interval in Cron format, see https://en.wikipedia.org/wiki/Cron + The default is empty: scheduled backup is not enabled. Must + be specified to enable scheduled backups.' + type: string + enabled: + description: Defines whether the scheduled backup is enabled. + The default value is false. + type: boolean + timeZone: + description: Specifies the time zone to be used when interpreting + cronSchedule. Must be a time zone name from the time zone + database (https://en.wikipedia.org/wiki/List_of_tz_database_time_zones), + e.g. America/Los_Angeles or Africa/Abidjan. If left unspecified, + the default is UTC. + type: string + type: object state: description: The current state of the metastore service. type: string diff --git a/package/crds/dns.gcp.upbound.io_recordsets.yaml b/package/crds/dns.gcp.upbound.io_recordsets.yaml index 64e3aa467..56dcfbe18 100644 --- a/package/crds/dns.gcp.upbound.io_recordsets.yaml +++ b/package/crds/dns.gcp.upbound.io_recordsets.yaml @@ -2194,18 +2194,18 @@ spec: geo: description: |- The configuration for Geolocation based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -2256,8 +2256,8 @@ spec: type: array primaryBackup: description: |- - The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - Structure is document below. + The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + Structure is documented below. properties: backupGeo: description: |- @@ -2268,12 +2268,12 @@ spec: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -2333,12 +2333,12 @@ spec: primary: description: |- The list of global primary targets to be health checked. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -2690,18 +2690,18 @@ spec: wrr: description: |- The configuration for Weighted Round Robin based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -2877,18 +2877,18 @@ spec: geo: description: |- The configuration for Geolocation based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -2939,8 +2939,8 @@ spec: type: array primaryBackup: description: |- - The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - Structure is document below. + The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + Structure is documented below. properties: backupGeo: description: |- @@ -2951,12 +2951,12 @@ spec: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3016,12 +3016,12 @@ spec: primary: description: |- The list of global primary targets to be health checked. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3373,18 +3373,18 @@ spec: wrr: description: |- The configuration for Weighted Round Robin based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3657,18 +3657,18 @@ spec: geo: description: |- The configuration for Geolocation based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3719,8 +3719,8 @@ spec: type: array primaryBackup: description: |- - The configuration for a primary-backup policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. - Structure is document below. + The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy. + Structure is documented below. properties: backupGeo: description: |- @@ -3731,12 +3731,12 @@ spec: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3796,12 +3796,12 @@ spec: primary: description: |- The list of global primary targets to be health checked. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: @@ -3849,18 +3849,18 @@ spec: wrr: description: |- The configuration for Weighted Round Robin based routing policy. - Structure is document below. + Structure is documented below. items: properties: healthCheckedTargets: description: |- The list of targets to be health checked. Note that if DNSSEC is enabled for this zone, only one of rrdatas or health_checked_targets can be set. - Structure is document below. + Structure is documented below. properties: internalLoadBalancers: description: |- The list of internal load balancers to health check. - Structure is document below. + Structure is documented below. items: properties: ipAddress: diff --git a/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml b/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml index 59b0b7796..5bcfd14df 100644 --- a/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml +++ b/package/crds/gke.gcp.upbound.io_backupbackupplans.yaml @@ -1324,12 +1324,103 @@ spec: description: |- A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. + This is mutually exclusive with the rpoConfig field since at most one + schedule can be defined for a BackupPlan. If this is defined, then backupRetainDays must also be defined. type: string paused: description: This flag denotes whether automatic Backup creation is paused for this BackupPlan. type: boolean + rpoConfig: + description: |- + Defines the RPO schedule configuration for this BackupPlan. This is mutually + exclusive with the cronSchedule field since at most one schedule can be defined + for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + Structure is documented below. + properties: + exclusionWindows: + description: |- + User specified time windows during which backup can NOT happen for this BackupPlan. + Backups should start and finish outside of any given exclusion window. Note: backup + jobs will be scheduled to start and finish outside the duration of the window as + much as possible, but running jobs will not get canceled when it runs into the window. + All the time and date values in exclusionWindows entry in the API are in UTC. We + only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + restriction on number of single occurrence windows. + Structure is documented below. + items: + properties: + daily: + description: |- + The exclusion window occurs every day if set to "True". + Specifying this field to "False" is an error. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + type: boolean + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + items: + type: string + type: array + type: object + duration: + description: |- + Specifies duration of the window in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Restrictions for duration based on the + recurrence type to allow some time for backup to happen: + type: string + singleOccurrenceDate: + description: |- + No recurrence. The exclusion window occurs only once and on this date in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + day: + description: Day of a month. + type: number + month: + description: Month of a year. + type: number + year: + description: Year of the date. + type: number + type: object + startTime: + description: |- + Specifies the start time of the window using time of the day in UTC. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. + type: number + minutes: + description: Minutes of hour of day. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + type: number + seconds: + description: Seconds of minutes of the time. + type: number + type: object + type: object + type: array + targetRpoMinutes: + description: |- + Defines the target RPO for the BackupPlan in minutes, which means the target + maximum data loss in time that is acceptable for this BackupPlan. This must be + at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + type: number + type: object type: object cluster: description: The source cluster from which Backups will be created @@ -1461,7 +1552,9 @@ spec: existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] + If cronSchedule is defined, then this must be <= 360 * the creation interval. + If rpo_config is defined, then this must be + <= 360 * targetRpoMinutes/(1440minutes/day) type: number locked: description: |- @@ -1632,12 +1725,103 @@ spec: description: |- A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. + This is mutually exclusive with the rpoConfig field since at most one + schedule can be defined for a BackupPlan. If this is defined, then backupRetainDays must also be defined. type: string paused: description: This flag denotes whether automatic Backup creation is paused for this BackupPlan. type: boolean + rpoConfig: + description: |- + Defines the RPO schedule configuration for this BackupPlan. This is mutually + exclusive with the cronSchedule field since at most one schedule can be defined + for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + Structure is documented below. + properties: + exclusionWindows: + description: |- + User specified time windows during which backup can NOT happen for this BackupPlan. + Backups should start and finish outside of any given exclusion window. Note: backup + jobs will be scheduled to start and finish outside the duration of the window as + much as possible, but running jobs will not get canceled when it runs into the window. + All the time and date values in exclusionWindows entry in the API are in UTC. We + only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + restriction on number of single occurrence windows. + Structure is documented below. + items: + properties: + daily: + description: |- + The exclusion window occurs every day if set to "True". + Specifying this field to "False" is an error. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + type: boolean + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + items: + type: string + type: array + type: object + duration: + description: |- + Specifies duration of the window in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Restrictions for duration based on the + recurrence type to allow some time for backup to happen: + type: string + singleOccurrenceDate: + description: |- + No recurrence. The exclusion window occurs only once and on this date in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + day: + description: Day of a month. + type: number + month: + description: Month of a year. + type: number + year: + description: Year of the date. + type: number + type: object + startTime: + description: |- + Specifies the start time of the window using time of the day in UTC. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. + type: number + minutes: + description: Minutes of hour of day. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + type: number + seconds: + description: Seconds of minutes of the time. + type: number + type: object + type: object + type: array + targetRpoMinutes: + description: |- + Defines the target RPO for the BackupPlan in minutes, which means the target + maximum data loss in time that is acceptable for this BackupPlan. This must be + at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + type: number + type: object type: object cluster: description: The source cluster from which Backups will be created @@ -1766,7 +1950,9 @@ spec: existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] + If cronSchedule is defined, then this must be <= 360 * the creation interval. + If rpo_config is defined, then this must be + <= 360 * targetRpoMinutes/(1440minutes/day) type: number locked: description: |- @@ -2018,12 +2204,103 @@ spec: description: |- A standard cron string that defines a repeating schedule for creating Backups via this BackupPlan. + This is mutually exclusive with the rpoConfig field since at most one + schedule can be defined for a BackupPlan. If this is defined, then backupRetainDays must also be defined. type: string paused: description: This flag denotes whether automatic Backup creation is paused for this BackupPlan. type: boolean + rpoConfig: + description: |- + Defines the RPO schedule configuration for this BackupPlan. This is mutually + exclusive with the cronSchedule field since at most one schedule can be defined + for a BackupPLan. If this is defined, then backupRetainDays must also be defined. + Structure is documented below. + properties: + exclusionWindows: + description: |- + User specified time windows during which backup can NOT happen for this BackupPlan. + Backups should start and finish outside of any given exclusion window. Note: backup + jobs will be scheduled to start and finish outside the duration of the window as + much as possible, but running jobs will not get canceled when it runs into the window. + All the time and date values in exclusionWindows entry in the API are in UTC. We + only allow <=1 recurrence (daily or weekly) exclusion window for a BackupPlan while no + restriction on number of single occurrence windows. + Structure is documented below. + items: + properties: + daily: + description: |- + The exclusion window occurs every day if set to "True". + Specifying this field to "False" is an error. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + type: boolean + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + daysOfWeek: + description: |- + The exclusion window occurs on these days of each week in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + items: + type: string + type: array + type: object + duration: + description: |- + Specifies duration of the window in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Restrictions for duration based on the + recurrence type to allow some time for backup to happen: + type: string + singleOccurrenceDate: + description: |- + No recurrence. The exclusion window occurs only once and on this date in UTC. + Only one of singleOccurrenceDate, daily and daysOfWeek may be set. + Structure is documented below. + properties: + day: + description: Day of a month. + type: number + month: + description: Month of a year. + type: number + year: + description: Year of the date. + type: number + type: object + startTime: + description: |- + Specifies the start time of the window using time of the day in UTC. + Structure is documented below. + properties: + hours: + description: Hours of day in 24 hour format. + type: number + minutes: + description: Minutes of hour of day. + type: number + nanos: + description: Fractions of seconds in nanoseconds. + type: number + seconds: + description: Seconds of minutes of the time. + type: number + type: object + type: object + type: array + targetRpoMinutes: + description: |- + Defines the target RPO for the BackupPlan in minutes, which means the target + maximum data loss in time that is acceptable for this BackupPlan. This must be + at least 60, i.e., 1 hour, and at most 86400, i.e., 60 days. + type: number + type: object type: object cluster: description: The source cluster from which Backups will be created @@ -2103,7 +2380,9 @@ spec: existing Backups under it. Backups created AFTER a successful update will automatically pick up the new value. NOTE: backupRetainDays must be >= backupDeleteLockDays. - If cronSchedule is defined, then this must be <= 360 * the creation interval.] + If cronSchedule is defined, then this must be <= 360 * the creation interval. + If rpo_config is defined, then this must be + <= 360 * targetRpoMinutes/(1440minutes/day) type: number locked: description: |- diff --git a/package/crds/kms.gcp.upbound.io_cryptokeys.yaml b/package/crds/kms.gcp.upbound.io_cryptokeys.yaml index 012e1af4c..462a134b7 100644 --- a/package/crds/kms.gcp.upbound.io_cryptokeys.yaml +++ b/package/crds/kms.gcp.upbound.io_cryptokeys.yaml @@ -654,6 +654,11 @@ spec: type: string forProvider: properties: + cryptoKeyBackend: + description: |- + The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + type: string destroyScheduledDuration: description: |- The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. @@ -797,6 +802,11 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + cryptoKeyBackend: + description: |- + The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + type: string destroyScheduledDuration: description: |- The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. @@ -1020,6 +1030,11 @@ spec: properties: atProvider: properties: + cryptoKeyBackend: + description: |- + The resource name of the backend environment associated with all CryptoKeyVersions within this CryptoKey. + The resource name is in the format "projects//locations//ekmConnections/*" and only applies to "EXTERNAL_VPC" keys. + type: string destroyScheduledDuration: description: |- The period of time that versions of this key spend in the DESTROY_SCHEDULED state before transitioning to DESTROYED. diff --git a/package/crds/kms.gcp.upbound.io_cryptokeyversions.yaml b/package/crds/kms.gcp.upbound.io_cryptokeyversions.yaml index 5a02e2ef1..d14fa9e53 100644 --- a/package/crds/kms.gcp.upbound.io_cryptokeyversions.yaml +++ b/package/crds/kms.gcp.upbound.io_cryptokeyversions.yaml @@ -708,6 +708,21 @@ spec: type: string type: object type: object + externalProtectionLevelOptions: + description: |- + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + Structure is documented below. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this CryptoKeyVersion + represents. + type: string + type: object state: description: |- The current state of the CryptoKeyVersion. @@ -806,6 +821,21 @@ spec: type: string type: object type: object + externalProtectionLevelOptions: + description: |- + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + Structure is documented below. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this CryptoKeyVersion + represents. + type: string + type: object state: description: |- The current state of the CryptoKeyVersion. @@ -1003,15 +1033,21 @@ spec: caviumCerts: description: Cavium certificate chain corresponding to the attestation. - type: string + items: + type: string + type: array googleCardCerts: description: Google card certificate chain corresponding to the attestation. - type: string + items: + type: string + type: array googlePartitionCerts: description: Google partition certificate chain corresponding to the attestation. - type: string + items: + type: string + type: array type: object content: description: |- @@ -1046,6 +1082,21 @@ spec: The name of the cryptoKey associated with the CryptoKeyVersions. Format: 'projects/{{project}}/locations/{{location}}/keyRings/{{keyring}}/cryptoKeys/{{cryptoKey}}' type: string + externalProtectionLevelOptions: + description: |- + ExternalProtectionLevelOptions stores a group of additional fields for configuring a CryptoKeyVersion that are specific to the EXTERNAL protection level and EXTERNAL_VPC protection levels. + Structure is documented below. + properties: + ekmConnectionKeyPath: + description: The path to the external key material on the + EKM when using EkmConnection e.g., "v0/my/key". Set this + field instead of externalKeyUri when using an EkmConnection. + type: string + externalKeyUri: + description: The URI for an external resource that this CryptoKeyVersion + represents. + type: string + type: object generateTime: description: The time this CryptoKeyVersion key material was generated type: string diff --git a/package/crds/logging.gcp.upbound.io_foldersinks.yaml b/package/crds/logging.gcp.upbound.io_foldersinks.yaml index bfcc8b1aa..42b6cc5c4 100644 --- a/package/crds/logging.gcp.upbound.io_foldersinks.yaml +++ b/package/crds/logging.gcp.upbound.io_foldersinks.yaml @@ -823,6 +823,8 @@ spec: Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included. type: boolean + interceptChildren: + type: boolean type: object initProvider: description: |- @@ -902,6 +904,8 @@ spec: Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included. type: boolean + interceptChildren: + type: boolean type: object managementPolicies: default: @@ -1153,6 +1157,8 @@ spec: Whether or not to include children folders in the sink export. If true, logs associated with child projects are also exported; otherwise only logs relating to the provided folder are included. type: boolean + interceptChildren: + type: boolean writerIdentity: description: |- The identity associated with this sink. This identity must be granted write access to the diff --git a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml index 5b6a5b1d3..979ee8cda 100644 --- a/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml +++ b/package/crds/monitoring.gcp.upbound.io_alertpolicies.yaml @@ -3048,7 +3048,9 @@ spec: Structure is documented below. properties: period: - description: Not more than one notification per period. + description: |- + Not more than one notification per period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". type: string type: object type: object @@ -3898,7 +3900,9 @@ spec: Structure is documented below. properties: period: - description: Not more than one notification per period. + description: |- + Not more than one notification per period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". type: string type: object type: object @@ -4920,7 +4924,9 @@ spec: Structure is documented below. properties: period: - description: Not more than one notification per period. + description: |- + Not more than one notification per period. + A duration in seconds with up to nine fractional digits, terminated by 's'. Example "60.5s". type: string type: object type: object diff --git a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml index 6f8c424ec..30dc66fcb 100644 --- a/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml +++ b/package/crds/monitoring.gcp.upbound.io_uptimecheckconfigs.yaml @@ -1677,7 +1677,7 @@ spec: type: array authInfo: description: |- - The authentication information. Optional when creating an HTTP check; defaults to empty. + The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. Structure is documented below. properties: passwordSecretRef: @@ -1777,6 +1777,17 @@ spec: Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string + serviceAgentAuthentication: + description: |- + The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + Structure is documented below. + properties: + type: + description: |- + The type of authentication to use. + Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + type: string + type: object useSsl: description: If true, use HTTPS instead of HTTP to run the check. @@ -2135,7 +2146,7 @@ spec: type: array authInfo: description: |- - The authentication information. Optional when creating an HTTP check; defaults to empty. + The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. Structure is documented below. properties: passwordSecretRef: @@ -2237,6 +2248,17 @@ spec: Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string + serviceAgentAuthentication: + description: |- + The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + Structure is documented below. + properties: + type: + description: |- + The type of authentication to use. + Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + type: string + type: object useSsl: description: If true, use HTTPS instead of HTTP to run the check. @@ -2763,7 +2785,7 @@ spec: type: array authInfo: description: |- - The authentication information. Optional when creating an HTTP check; defaults to empty. + The authentication information using username and password. Optional when creating an HTTP check; defaults to empty. Do not use with other authentication fields. Structure is documented below. properties: username: @@ -2844,6 +2866,17 @@ spec: Default value is GET. Possible values are: METHOD_UNSPECIFIED, GET, POST. type: string + serviceAgentAuthentication: + description: |- + The authentication information using the Monitoring Service Agent. Optional when creating an HTTPS check; defaults to empty. Do not use with other authentication fields. + Structure is documented below. + properties: + type: + description: |- + The type of authentication to use. + Possible values are: SERVICE_AGENT_AUTHENTICATION_TYPE_UNSPECIFIED, OIDC_TOKEN. + type: string + type: object useSsl: description: If true, use HTTPS instead of HTTP to run the check. diff --git a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml index b02dfa16a..d585fa91e 100644 --- a/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificateauthorities.yaml @@ -2202,6 +2202,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. @@ -2813,6 +2822,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. @@ -3530,6 +3548,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. diff --git a/package/crds/privateca.gcp.upbound.io_certificates.yaml b/package/crds/privateca.gcp.upbound.io_certificates.yaml index 6087a044e..e6e293aba 100644 --- a/package/crds/privateca.gcp.upbound.io_certificates.yaml +++ b/package/crds/privateca.gcp.upbound.io_certificates.yaml @@ -2900,6 +2900,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. @@ -3560,6 +3569,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. @@ -4049,9 +4067,7 @@ spec: items: properties: keyId: - description: |- - (Output) - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + description: The value of the KeyId in lowercase hexidecimal. type: string type: object type: array @@ -4239,9 +4255,7 @@ spec: items: properties: keyId: - description: |- - (Output) - Optional. The value of this KeyId encoded in lowercase hexadecimal. This is most likely the 160 bit SHA-1 hash of the public key. + description: The value of the KeyId in lowercase hexidecimal. type: string type: object type: array @@ -4619,6 +4633,15 @@ spec: type: array type: object type: object + subjectKeyId: + description: |- + When specified this provides a custom SKI to be used in the certificate. This should only be used to maintain a SKI of an existing CA originally created outside CA service, which was not generated using method (1) described in RFC 5280 section 4.2.1.2.. + Structure is documented below. + properties: + keyId: + description: The value of the KeyId in lowercase hexidecimal. + type: string + type: object x509Config: description: |- Describes how some of the technical X.509 fields in a certificate should be populated. diff --git a/package/crds/pubsub.gcp.upbound.io_topics.yaml b/package/crds/pubsub.gcp.upbound.io_topics.yaml index 4412d87fa..50cc2f293 100644 --- a/package/crds/pubsub.gcp.upbound.io_topics.yaml +++ b/package/crds/pubsub.gcp.upbound.io_topics.yaml @@ -761,6 +761,40 @@ spec: type: string forProvider: properties: + ingestionDataSourceSettings: + description: |- + Settings for ingestion from a data source into this topic. + Structure is documented below. + properties: + awsKinesis: + description: |- + Settings for ingestion from Amazon Kinesis Data Streams. + Structure is documented below. + properties: + awsRoleArn: + description: |- + AWS role ARN to be used for Federated Identity authentication with + Kinesis. Check the Pub/Sub docs for how to set up this role and the + required permissions that need to be attached to it. + type: string + consumerArn: + description: |- + The Kinesis consumer ARN to used for ingestion in + Enhanced Fan-Out mode. The consumer must be already + created and ready to be used. + type: string + gcpServiceAccount: + description: |- + The GCP service account to be used for Federated Identity authentication + with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + role). The awsRoleArn must be set up with accounts.google.com:sub + equals to this service account number. + type: string + streamArn: + description: The Kinesis stream ARN to ingest data from. + type: string + type: object + type: object kmsKeyName: description: |- The resource name of the Cloud KMS CryptoKey to be used to protect access @@ -918,6 +952,40 @@ spec: for example because of an external controller is managing them, like an autoscaler. properties: + ingestionDataSourceSettings: + description: |- + Settings for ingestion from a data source into this topic. + Structure is documented below. + properties: + awsKinesis: + description: |- + Settings for ingestion from Amazon Kinesis Data Streams. + Structure is documented below. + properties: + awsRoleArn: + description: |- + AWS role ARN to be used for Federated Identity authentication with + Kinesis. Check the Pub/Sub docs for how to set up this role and the + required permissions that need to be attached to it. + type: string + consumerArn: + description: |- + The Kinesis consumer ARN to used for ingestion in + Enhanced Fan-Out mode. The consumer must be already + created and ready to be used. + type: string + gcpServiceAccount: + description: |- + The GCP service account to be used for Federated Identity authentication + with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + role). The awsRoleArn must be set up with accounts.google.com:sub + equals to this service account number. + type: string + streamArn: + description: The Kinesis stream ARN to ingest data from. + type: string + type: object + type: object kmsKeyName: description: |- The resource name of the Cloud KMS CryptoKey to be used to protect access @@ -1243,6 +1311,40 @@ spec: id: description: an identifier for the resource with format projects/{{project}}/topics/{{name}} type: string + ingestionDataSourceSettings: + description: |- + Settings for ingestion from a data source into this topic. + Structure is documented below. + properties: + awsKinesis: + description: |- + Settings for ingestion from Amazon Kinesis Data Streams. + Structure is documented below. + properties: + awsRoleArn: + description: |- + AWS role ARN to be used for Federated Identity authentication with + Kinesis. Check the Pub/Sub docs for how to set up this role and the + required permissions that need to be attached to it. + type: string + consumerArn: + description: |- + The Kinesis consumer ARN to used for ingestion in + Enhanced Fan-Out mode. The consumer must be already + created and ready to be used. + type: string + gcpServiceAccount: + description: |- + The GCP service account to be used for Federated Identity authentication + with Kinesis (via a AssumeRoleWithWebIdentity call for the provided + role). The awsRoleArn must be set up with accounts.google.com:sub + equals to this service account number. + type: string + streamArn: + description: The Kinesis stream ARN to ingest data from. + type: string + type: object + type: object kmsKeyName: description: |- The resource name of the Cloud KMS CryptoKey to be used to protect access diff --git a/package/crds/secretmanager.gcp.upbound.io_secrets.yaml b/package/crds/secretmanager.gcp.upbound.io_secrets.yaml index 2acb2e06e..f8ccd7383 100644 --- a/package/crds/secretmanager.gcp.upbound.io_secrets.yaml +++ b/package/crds/secretmanager.gcp.upbound.io_secrets.yaml @@ -1014,6 +1014,14 @@ spec: { "name": "wrench", "mass": "1.3kg", "count": "3" }. type: object x-kubernetes-map-type: granular + versionDestroyTtl: + description: |- + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. + type: string type: object initProvider: description: |- @@ -1169,6 +1177,14 @@ spec: { "name": "wrench", "mass": "1.3kg", "count": "3" }. type: object x-kubernetes-map-type: granular + versionDestroyTtl: + description: |- + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. + type: string type: object managementPolicies: default: @@ -1517,6 +1533,14 @@ spec: { "name": "wrench", "mass": "1.3kg", "count": "3" }. type: object x-kubernetes-map-type: granular + versionDestroyTtl: + description: |- + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. + type: string type: object conditions: description: Conditions of the resource. diff --git a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml index a057a3f34..7426323c6 100644 --- a/package/crds/sql.gcp.upbound.io_databaseinstances.yaml +++ b/package/crds/sql.gcp.upbound.io_databaseinstances.yaml @@ -2656,6 +2656,11 @@ spec: description: The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. type: string + enableGoogleMlIntegration: + description: Enables Cloud SQL instances to connect to Vertex + AI and pass requests for real-time predictions and insights. + Defaults to false. + type: boolean insightsConfig: properties: queryInsightsEnabled: @@ -3298,6 +3303,11 @@ spec: description: The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. type: string + enableGoogleMlIntegration: + description: Enables Cloud SQL instances to connect to Vertex + AI and pass requests for real-time predictions and insights. + Defaults to false. + type: boolean insightsConfig: properties: queryInsightsEnabled: @@ -4130,6 +4140,11 @@ spec: description: The edition of the instance, can be ENTERPRISE or ENTERPRISE_PLUS. type: string + enableGoogleMlIntegration: + description: Enables Cloud SQL instances to connect to Vertex + AI and pass requests for real-time predictions and insights. + Defaults to false. + type: boolean insightsConfig: properties: queryInsightsEnabled: diff --git a/package/crds/storage.gcp.upbound.io_buckets.yaml b/package/crds/storage.gcp.upbound.io_buckets.yaml index d7880821f..dc4242cf5 100644 --- a/package/crds/storage.gcp.upbound.io_buckets.yaml +++ b/package/crds/storage.gcp.upbound.io_buckets.yaml @@ -1541,6 +1541,20 @@ spec: buckets. NOTE If used with single-region bucket, It will throw an error. type: string + softDeletePolicy: + description: The bucket's soft delete policy, which defines the + period of time that soft-deleted objects will be retained, and + cannot be permanently deleted. Structure is documented below. + properties: + retentionDurationSeconds: + description: 'The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently + deleted. Default value is 604800. The value must be in between + 604800(7 days) and 7776000(90 days). Note: To disable the + soft delete policy on a bucket, This field must be set to + 0.' + type: number + type: object storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, @@ -1832,6 +1846,20 @@ spec: buckets. NOTE If used with single-region bucket, It will throw an error. type: string + softDeletePolicy: + description: The bucket's soft delete policy, which defines the + period of time that soft-deleted objects will be retained, and + cannot be permanently deleted. Structure is documented below. + properties: + retentionDurationSeconds: + description: 'The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently + deleted. Default value is 604800. The value must be in between + 604800(7 days) and 7776000(90 days). Note: To disable the + soft delete policy on a bucket, This field must be set to + 0.' + type: number + type: object storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, @@ -2259,6 +2287,8 @@ spec: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. type: string + projectNumber: + type: number publicAccessPrevention: description: Prevents public access to a bucket. Acceptable values are "inherited" or "enforced". If "inherited", the bucket uses @@ -2298,6 +2328,25 @@ spec: selfLink: description: The URI of the created resource. type: string + softDeletePolicy: + description: The bucket's soft delete policy, which defines the + period of time that soft-deleted objects will be retained, and + cannot be permanently deleted. Structure is documented below. + properties: + effectiveTime: + description: (Computed) Server-determined value that indicates + the time from which the policy, or one with a greater retention, + was effective. This value is in RFC 3339 format. + type: string + retentionDurationSeconds: + description: 'The duration in seconds that soft-deleted objects + in the bucket will be retained and cannot be permanently + deleted. Default value is 604800. The value must be in between + 604800(7 days) and 7776000(90 days). Note: To disable the + soft delete policy on a bucket, This field must be set to + 0.' + type: number + type: object storageClass: description: 'The Storage Class of the new bucket. Supported values include: STANDARD, MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, diff --git a/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml b/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml index 248c15c87..79909ec9c 100644 --- a/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml +++ b/package/crds/vpcaccess.gcp.upbound.io_connectors.yaml @@ -863,20 +863,27 @@ spec: Default is e2-micro type: string maxInstances: - description: Maximum value of instances in autoscaling group underlying - the connector. + description: |- + Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + higher than the value specified by min_instances. type: number maxThroughput: - description: Maximum throughput of the connector in Mbps, must - be greater than min_throughput. Default is 300. + description: |- + Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + max_throughput is discouraged in favor of max_instances. type: number minInstances: - description: Minimum value of instances in autoscaling group underlying - the connector. + description: |- + Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + lower than the value specified by max_instances. type: number minThroughput: - description: Minimum throughput of the connector in Mbps. Default - and min is 200. + description: |- + Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if @@ -1082,20 +1089,27 @@ spec: Default is e2-micro type: string maxInstances: - description: Maximum value of instances in autoscaling group underlying - the connector. + description: |- + Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + higher than the value specified by min_instances. type: number maxThroughput: - description: Maximum throughput of the connector in Mbps, must - be greater than min_throughput. Default is 300. + description: |- + Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + max_throughput is discouraged in favor of max_instances. type: number minInstances: - description: Minimum value of instances in autoscaling group underlying - the connector. + description: |- + Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + lower than the value specified by max_instances. type: number minThroughput: - description: Minimum throughput of the connector in Mbps. Default - and min is 200. + description: |- + Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if @@ -1462,20 +1476,27 @@ spec: Default is e2-micro type: string maxInstances: - description: Maximum value of instances in autoscaling group underlying - the connector. + description: |- + Maximum value of instances in autoscaling group underlying the connector. Value must be between 3 and 10, inclusive. Must be + higher than the value specified by min_instances. type: number maxThroughput: - description: Maximum throughput of the connector in Mbps, must - be greater than min_throughput. Default is 300. + description: |- + Maximum throughput of the connector in Mbps, must be greater than min_throughput. Default is 300. Refers to the expected throughput + when using an e2-micro machine type. Value must be a multiple of 100 from 300 through 1000. Must be higher than the value specified by + min_throughput. If both max_throughput and max_instances are provided, max_instances takes precedence over max_throughput. The use of + max_throughput is discouraged in favor of max_instances. type: number minInstances: - description: Minimum value of instances in autoscaling group underlying - the connector. + description: |- + Minimum value of instances in autoscaling group underlying the connector. Value must be between 2 and 9, inclusive. Must be + lower than the value specified by max_instances. type: number minThroughput: - description: Minimum throughput of the connector in Mbps. Default - and min is 200. + description: |- + Minimum throughput of the connector in Mbps. Default and min is 200. Refers to the expected throughput when using an e2-micro machine type. + Value must be a multiple of 100 from 200 through 900. Must be lower than the value specified by max_throughput. If both min_throughput and + min_instances are provided, min_instances takes precedence over min_throughput. The use of min_throughput is discouraged in favor of min_instances. type: number network: description: Name or self_link of the VPC network. Required if